Do you want to hide your email from NSA eavesdropping but don’t want the hassle of using PGP with an anonymous email service?

Consider Bitmessage, it may be what you are looking for. Bitmessage is a new way to send encrypted messages to another person or a list of subscribers. Johannes Ullrich, the chief research officer of the Sans Institute called Bitmessage "the most secure messaging system that I’ve ever seen" in a review of Bitmessage in Businessweek.

Bitmessage is highly secure like TorChat and just as anonymous, with more features. Bitmessage is as easy to use as privnote but is more secure than PGP.

It is fast becoming the standard in anonymous encrypted messaging.

What is Bitmessage?

Bitmessage is a decentralized peer to peer email protocol that provides strong and transparent end to end message encryption. It is similar to Bitcoin in that all messages are broadcast to a blockchain (the messages.dat file in your Bitmessage folder.) Everyone who is running the PyBitmessage client receives all messages but only the intended recipient can decrypt that message. To keep the blockchain to a reasonable size all messages older than two days are deleted.

A Bitmessage address looks like a bitcoin address (example: BM-oowmchsIvK2FBkTxwXErcY7acitN4tWGQ) and there is no metadata associated with messages for NSA to collect. Unlike PGP, Bitmessage doesn’t require that users manage public or private keys to use the system.

Bitmessage also uses strong authentication so that the sender of a message cannot be spoofed. Like Bitcoin, ‘proof of work’ is required to send a message to prevent spam: when you send a bitmessage your computer spends some time doing computations before your message is broadcast to the Bitmessage blockchain. 

The Bitmessage User Interface

The user interface is clean and looks like the inbox of an email client. From the user interface you can create your Bitmessage addresses, keep an address book of your Bitmessage contacts and send and receive messages:

Getting Started With Bitmessage

First, create a folder named ‘Bitmessage’ on your desktop, then visit the Bitmessage Wiki and download the official Bitmessage client for Windows or OS X for Apple Mac to the Bitmessage folder. Bitmessage is portable and you can keep the folder on your desktop or move it to a flash drive.

When you start the Bitmessage client it will ask you if you want to connect or set your network settings first. To connect Bitmessage through Tor (recommended) use these settings:

Change the port to 9150 if you are using Tor Browser Bundle instead of an installed version of Tor. If you are not using Tor set the proxy server type to ‘none’. You should also go to settings and run Bitmessage in ‘Portable Mode’ so data is only saved to your Bitmessage folder:

Once connected to the network (the status light will stay on yellow all the time when you are using Tor) you can go to the ‘Identities’ tab and create your first Bitmessage address:

Rather than using a random number generator to make your bitcoin address you also have the option of using a passphrase to generate your Bitmessage addresses, and you can select an option to make your addresses shorter:

This option to use a passphrase to create your bitmessage identities is similar to the way the Electrum bitcoin wallet uses a twelve word phrase to create a one time bitcoin wallet backup. When you use the passphrase option in Bitmessage you will then be able to easily use these identities on another machine or another installation of Bitmessage. Your identities can always be recreated as long as you don’t forget your passphrase.

Once your first address is created you can send a test message to this echo server: BM-omXeTjutKWmYgQJjmoZjAG3u3NmaLEdZK and you’ll get a message back verifying Bitmessage is working.

How Secure is Bitmessage?

Only a recipient of a Bitmessage can read it, and different keys are used to encrypt or decrypt messages. Bitmessage uses 512 bit ECC encryption which is more secure than the current gold standard of PGP using 4096 bit RSA keys. Take a look at the following table which shows that PGP would need an RSA key size of 15,360 bits to equal the security provided by the 512 bit ECC key size used by Bitmessage:

Remember that anyone who has access to your Bitmessage folder can read your saved messages, so fully encrypting your computer or storing your Bitmessage folder in a Truecrypt container is highly recommended. See our guide on how to encrypt your laptop for a tutorial.

How Anonymous is Bitmessage?

Bitmessage, like Bitcoin, is semi-anonymous: another Bitmessage client you connect to doesn’t know if the message it just received from your IP address was sent by you or just relayed. Your public IP is not embedded in your sent messages but other bitcoin clients have to know your external IP to connect to you.

If maximum anonymity is desired always connect your Bitmessage client through Tor or a good VPN that accepts bitcoin like Private Internet Access. By changing your public IP through Tor or a VPN Bitmessage becomes very anonymous. 

Conclusions and Resources

Because it is easy to setup and use, and provides excellent privacy and anonymity, Bitmessage is fast becoming the standard for anonymous encrypted messaging. By using the Bitmessage E-Mail Gateway Bitmessage and email users can communicate by secure email.

For more information on Bitmessage visit the Bitmessage Help page at the wiki or the Bitmessage Forum.