Bitmessage is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers. Bitmessage encrypts each user's message inbox using public-key cryptography and replicates it inside its P2P network, mixing it with inboxes of other users in order to conceal user's identity, prevent eavesdropping and allow the network to operate in a decentralized manner. The Bitmessage communications protocol avoids sender-spoofing through authentication, and hides metadata from wiretapping systems.
PyBitmessage is the official instant messaging client designed for Bitmessage.
Bitpost is an alternate client for OSX users.
|Initial release||August 2014|
0.9.1 / August 24, 2014
|Type||Anonymous P2P client|
Type of site
|Webmail, E-Mail service|
|Website||bitmessage.ch, bitmailendavkbec.onion, bitmessage.i2p|
|Passwords cannot be retrieved and inactive accounts do not expire.|
A number of services provide email endpoints to the BitMessage network. Bitmessage.ch is a service that supports sending and receiving Bitmessages over the email protocol.
Type of site
|Created by||Ben Kietzman|
A number of applications provide bridges between the PyBitmessage client and email applications via the IMAP/POP and SMTP protocols. BitMail is an application that bridges the IMAP, POP, and SMTP protocols.
Bitmessage works by encrypting all the incoming and outgoing messages using public-key cryptography so that only the receiver of the message is capable of decrypting it. In order to achieve anonymity:
The concept for Bitmessage was conceived by software developer Jonathan Warren, who based its design on the decentralized digital currency, bitcoin. The software was released in November 2012 under the MIT license.
Bitmessage has gained a reputation for being out of reach of warrantless wiretapping conducted by the National Security Agency (NSA) due to the decentralized nature of the protocol, and its encryption being difficult to crack. As a result, downloads of the Bitmessage program increased fivefold during June 2013 after news broke of classified email surveillance activities conducted by the NSA.
BitMessage's security has not been independently audited. The official Bitmessage website states: "Bitmessage is in need of an independent audit to verify its security. If you are a researcher capable of reviewing the source code, please email the lead developer..."
A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2 here. If you run PyBitmessage via code, we highly recommend that you upgrade to 0.6.3.2. Alternatively you may downgrade to 0.6.1 which is unaffected.
Bitmessage developer Peter Šurda's Bitmessage addresses are to be considered compromised.