Nice. One feedback for the maintainer of the OS X instructions: in the compile from source section, instead of giving the command line for installing homebrew (which by the way renders incorrectly with an emoticon on that wiki page) the best practice is to provide a link to the homebrew project page, because the command line may change, and because they don't want things like typos or emoticons getting in the way of people getting brew installed.
This is an excellent point. I know I've been guilty of the pattern: "provide detailed directions for a poorly documented build, then spend years maintaining them in blog post/comments".
Better would be to actually contribute to central project documentation, I suppose.
They have some vague ideas for scalability that they do not know how to implement.
Also they have some major security issues that I pointed out to them, but they simply ignored. I am sure bitmessage will never be a success because it is fundamentally broken.
From what I can tell, it would appear that this system is still vulnerable to some level of traffic analysis. Last I checked the messages are identical as they are sent around the network, so it should be possible to observe the origin of a message by observing the first node to transmit that binary string. A similar approach could be used to identify receivers if the acknowledge messages are enabled. While this doesn't get you the content of the messages it does leak some information about the sender and receiver which bitmessage should be hiding. This level of traffic analysis might seem unrealistic, but there doesn't seem to be a good way to detect 'evil' clients which could watch a large portion of the total network without too much resources (in theory).
There are some recommendations on the other forums about using tor to make this information less useful, but that is not what the system uses by default.
All users receive all messages. The only sort of traffic analysis you can do with this is to harvest all of the peers. You have no idea who is sending messages to whom.
Have a messaging system that implements per-MB fees in order to support the network. The transaction has to be signed by the sender, receiver, and burdened nodes. BOOM no spam.
No one is willing to pay money to send messages. I even proposed Satoshi Nakamoto's idea (possibly other earlier peoples' idea) to require paying to send a message but receiving money to receive a message and no one would accept even that idea.
Now, if this is scalable as the authors claim, wouldn't this be a nice vehicle for a decentralized facebook? I can see at least an issue, which is that large files (i.e pictures, videos) can be transferred but they would have to be stored on the hard drive of anyone who wants to keep having access to it. What do you think?
I just installed it. How do you give an address to people without disclosing it to the whole world if they don't have PGP?
This is one of my addresses, I feel lonely HN :-)
BM-2cUHuH7sJdt3GchrqSikvzWP4w7Vm2cjhK
(so much for not disclosing to the whole world, but this is just for fun)
Bitmessage addresses aren't secret. They are even being broadcasted to the P2P network when you create them. Of course, one can keep in secret (by not announcing it) that he/she owns a particular Bitmessage address but the addresses themselves are not secret.
This relied on being able to send lots of messages, and having the user visit a link contained in them. The first issue can be fixed by upping the proof of work required to send a message, although this will not stop a determined attacker who has lots of cycles to throw at the problem. As for the second issue, users should not be visiting links from addresses they do not trust. As with most anonymity systems, it is only as good as you treat it.
[+] [-] natch|12 years ago|reply
[+] [-] SectioAurea|12 years ago|reply
Better would be to actually contribute to central project documentation, I suppose.
[+] [-] ma_mazmaz|12 years ago|reply
[+] [-] benregenspan|12 years ago|reply
[+] [-] Ihmahr|12 years ago|reply
Also they have some major security issues that I pointed out to them, but they simply ignored. I am sure bitmessage will never be a success because it is fundamentally broken.
[+] [-] fundamental|12 years ago|reply
There are some recommendations on the other forums about using tor to make this information less useful, but that is not what the system uses by default.
[+] [-] chongli|12 years ago|reply
[+] [-] Paperweight|12 years ago|reply
[+] [-] Atheros|12 years ago|reply
[+] [-] al2o3cr|12 years ago|reply
[+] [-] infruset|12 years ago|reply
[+] [-] mahyarm|12 years ago|reply
[+] [-] infruset|12 years ago|reply
[+] [-] infruset|12 years ago|reply
This is one of my addresses, I feel lonely HN :-) BM-2cUHuH7sJdt3GchrqSikvzWP4w7Vm2cjhK (so much for not disclosing to the whole world, but this is just for fun)
[+] [-] slashdotaccount|12 years ago|reply
[+] [-] p4bl0|12 years ago|reply
[+] [-] dmunoz|12 years ago|reply
[+] [-] 3pt14159|12 years ago|reply