PyBitmessage version 0.3.5
|Original author(s)||Jonathan Warren|
|Initial release||November 2012|
|Stable release||0.4.2 / January 24, 2014|
|Operating system||Windows, OS X, Linux|
Bitmessage is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers. Bitmessage encrypts each users' message inbox using strong encryption and replicates it inside its P2P network mixing it with inboxes of other users in order to conceal user's identity, prevent eavesdropping and protect the network from any control. The Bitmessage communication protocol avoids sender-spoofing through strong authentication, and hides metadata from wiretapping systems.
In June 2013, the software experienced a surge of new adoptions after news broke of National Security Agency email surveillance activities.
Currently, the network processes several thousand private messages per day.
Bitmessage works by encrypting all the incoming and outgoing messages using public key cryptography so that only the receiver of the message is capable of decrypting it. In order to achieve anonymity:
- Bitmessage replicates all the messages inside its own anonymous P2P network, therefore mixing all the encrypted messages of a given user with all the encrypted messages of all other users of the network, thus making it difficult to track which particular computer is the actual originator of the message and which computer is the recipient of the message.
- Bitmessage uses addresses containing seemingly random numbers and letters (for example, BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash). Bitmessage requires these kinds of addresses in order to ensure strong encryption as well as to make sure that the real name of a user cannot be recovered from the user's Bitmessage address. Bitmessage addresses resemble Bitcoin addresses, and its keys are compatible with Bitcoin keys.
- Bitmessage uses public key cryptography, therefore only a recipient of a message is capable of decrypting it. This encryption algorithm works in such a way that even the original sender is not capable of decrypting back his own message due to the fact that very different keys are used for encryption and decryption. More specifically, Bitmessage uses 512-bit ECC encryption keys and OpenSSL for cryptographic functions.
- Outgoing messages contain no explicit address of the recipient of the message. Therefore, every network participant tries to decrypt every message passing through the network even if the message was not originally intended for that network participant. Since only the actual recipient can successfully decrypt the messages intended for him, all network participants know that if they fail to decrypt the message then the message was not intended for them.
- The original sender knows whether the recipient received the message or not (through acknowledgement system), but the sender cannot discover which network participant is the actual recipient since all the network participants will have this encrypted message stored on their computer irrespective of whether the message was intended for them or not.
- Bitmessage nodes store the encrypted messages only for two days before erasing them, therefore, messages are not archived in the network. New nodes joining the network can only download and broadcast the pool messages from the last two days. Any messages which have not received an acknowledgement of being received, can be re-sent by the originator of the message after the two-day period.
- Bitmessage uses proof-of-work system to protect the network from flooding.
- a chan cannot be shutdown by taking down any server or a group of servers due to decentralized nature of chans.
- a chan cannot be effectively censored since any Bitmessage user who knows the chan passphrase can read the chan or post any message into the chan.
- within a chan, user messages are anonymous to such a degree that messages contain neither the sender's nor the receiver's Bitmessage address.
The concept for Bitmessage was conceived by software developer Jonathan Warren, who based its design on the decentralized digital currency, Bitcoin. The software was released in November 2012 under the MIT license.
Bitmessage has gained a reputation for being out of reach of warrantless wiretapping conducted by the National Security Agency (NSA) due to the decentralized nature of the protocol, and its encryption is difficult to crack. As a result, downloads of the Bitmessage program increased fivefold during June 2013 after news broke of classified email surveillance activities conducted by the NSA.
The official Bitmessage website states:  "Bitmessage is in need of an independent audit to verify its security. If you are a researcher capable of reviewing the source code, please email the lead developer... ."
On his webcast Security Now!, Steve Gibson stated that Bitmessage has "so many problems that it probably isn't going to survive, at least in its current form. It could mutate. But many of the people that have successfully attacked it for its shortcomings have also mentioned they're working on something of their own." 
- Anonymous P2P
- I2P-Bote plugin of the I2P network, similar principle as Bitmessage
- Instant messaging
- Off-the-Record Messaging
- Bitmessage Statistics, 2014-02-02
- "Bitmessage Timeservice Broadcast". July 15, 2013. Retrieved 2013-07-15.
- "Bitmessage Address Directory". Retrieved 2013-08-14.
- Max Raskin (2013-06-27). "Bitmessage's NSA-Proof E-Mail". Business Week.
- Dan Nosowitz (2013-08-09). "What Are Your Options Now For Secure Email?". Popular Science.
- Molly Wood (2013-08-13). "Gmail: You weren't really expecting privacy, were you?". CNet.
- Bitmessage Wiki, 2013-08-21
- "Security Now #420 Transcript". GRC.com. GRC. Retrieved 9 December 2013.
- Bitmessage Wiki
- White paper about Bitmessage
- Bitmessage official forum
- Bitmessage source code
- Daniel Cawrey (2013-06-03). "Bitmessage is the Bitcoin of online communication". CoinDesk.