In the wake of news that the NSA may be spying on citizen communications, many are asking how to secure email and other messaging protocols to keep prying eyes away. While some have traditionally turned to Pretty Good Privacy (PGP) encryption or other encryption programs to secure their communications, none of these keep the NSA or others from keeping tabs on essential metadata like the identity of your email recipients. Bitmessage, a peer-to-peer communications protocol, may offer a better way.
Not that you have anything to hide.
In Search Of Privacy
There are many reasons for wanting to maintain one's privacy. Despite Google chairman Eric Schmidt's suggestion that "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place," even ordinary people with ordinary confidences don't necessarily want the government looking over their shoulders as they type their emails. According to a recent Pew Research survey, 56% of Americans surveyed believe it's okay for the government to track phone records to prevent terrorist attacks, but 52% say that snooping on emails is out of bounds.
While this represents the slimmest of majorities, there are reasons to believe technology like Bitmessage could find a home with consumers in the future. For one thing, interest in the open-source protocol is rocketing, according to Google Trends.
This interest is not the same as arguing that most people have figured it out. As Karthik Iyer notes, while Bitmessage is "not suitable for n00b's yet ... it is becoming popular as more people from the tech world experiment." Bitmessage downloads jumped 500% in June 2013 after Edward Snowden went public with the NSA's monitoring of private email correspondence.
Bitmessage: The Choice Of A Suspicious Generation?
So what is Bitmessage? As noted, it's an open-source communications protocol for keeping your email private. Unlike PGP and similar programs that hide just the content of messages, Bitmessage also hides metadata like the sender and receiver of messages. And unlike PGP, Bitmessage doesn't require that users manage public or private keys to use the system; Bitmessage uses strong authentication so that the sender of a message cannot be spoofed.
Bitmessage is also decentralized and trustless, which means that you don't need to trust root certificate authorities or any third parties who, under legal duress from a government, might give up your data. Read the fine print on commercial encryption programs like Hushmail and you'll notice that they, like Facebook and others, protect your privacy until a legal authority asks them not to.
Developed by Jonathan Warren starting in November 2012 in response to suspicions that the U.S. government was tapping citizen emails, the system is modeled on Bitcoin. While its security measures are not foolproof, the system was designed for iteration and Warren is actively working on improvements to Bitmessage's security.
As it stands today, Bitmessage isn't an overlay for your existing email system. It's actually a secure replacement for whatever email tool you currently use, and also includes instant messaging. While I suspect most will stick with their preferred communications applications, if Bitmessage can be integrated into existing application GUIs, adoption might actually go mainstream.
Mainstream Adoption Of Hacker Technologies
Of course, this might be impossible. Bitmessage is a unified communications system by design. While this means that the only way for a government agency to intercept Bitmessages is by gaining access to your physical machine, it also means that it may not work as a bolt-on security addition to Gmail or Apple Mail.
Still, for the paranoid or simply those who want to be able to talk to their grandmother without NSA involvement, Bitmessage may be a sign of secure times to come. It's still a bit raw, but gaining interest, developers and traction. This is an open-source project worth watching.
Image courtesy of Shutterstock.