Bitmessage/PyBitmessage-2025-02-22
Archived
2
0
Fork 0
Code Issues 167 Pull Requests 54 Actions Packages Projects Releases 5 Wiki Activity

Plausible deniability with Bitmessage #690

New Issue
Open
opened 2014-07-20 16:54:31 +02:00 by F1k · 1 comment
F1k commented 2014-07-20 16:54:31 +02:00 (Migrated from github.com)
Copy Link

My first post here, I'm sorry if I do something not according to the rules here.

I have a problem with plausible deniability regarding Bitmessage.

I see all keys etc are stored in the same way as Bitcoin does. This is good and bad for plausible deniability.
Both BItcoin and Bitmessage use broadcasting messages over the network to 'spread the word'. I think I have figured out a way to positively identify what IP-address belongs to what transaction in Bitcoin, and suppose I could apply the same techniques to identify what IP belongs to what sender in Bitmessage. If I can do this, anyone can. (currently testing the application in a lab, will report later)

The issue I have is that it is possible for people to learn that the IP of my home computer is connected to my public key. If I understand Bitmessage correctly, everyone can see to what public key a message is addressed, but only the holder(s) of the corresponding private key can read the message.

scenario:
One could therefore find out that I, Robbie, am messaging with a known evil person using Bitmessage, let's name him Jim. Even though I message Jim a lot, I also message my contacts Paul and Emma a lot.

Something happens, Jim is involved, and they go through his contacts. Assuming Issue #267 is implemented, they would not be able to see what messages Jim received. They would be able to see that I messaged Jim a lot.

Next stop, they knock on my door.

As I only have one pool of keys, when I want to show that "I have never been involved with Jim" unlocking my client is not going to be an option

What I would like is the option to load specific keys using the (G)UI of the application.

(I'm not going to change my keys.dat file in /user/library/application support/PyBitmessage/ every time I want to message another contact. The UI can do this for me tho.)

I would like a simple option to open a keypair on any storage device connected to my computer. I can use one key per contact or contactset and simply load in the keypair from my encrypted storage whenever I want to check for messages.

This way, when I get raided over something one of my contacts did, I can claim someone must have broken into my wifi and abused it, as I do not have access to the keys they are looking for.

My first post here, I'm sorry if I do something not according to the rules here. I have a problem with plausible deniability regarding Bitmessage. I see all keys etc are stored in the same way as Bitcoin does. This is good and bad for plausible deniability. Both BItcoin and Bitmessage use broadcasting messages over the network to 'spread the word'. I think I have figured out a way to positively identify what IP-address belongs to what transaction in Bitcoin, and suppose I could apply the same techniques to identify what IP belongs to what sender in Bitmessage. If I can do this, anyone can. (currently testing the application in a lab, will report later) The issue I have is that it is possible for people to learn that the IP of my home computer is connected to my public key. If I understand Bitmessage correctly, everyone can see to what public key a message is addressed, but only the holder(s) of the corresponding private key can read the message. # scenario: One could therefore find out that I, Robbie, am messaging with a known evil person using Bitmessage, let's name him Jim. Even though I message Jim a lot, I also message my contacts Paul and Emma a lot. Something happens, Jim is involved, and they go through his contacts. Assuming Issue #267 is implemented, they would not be able to see what messages Jim received. They would be able to see that I messaged Jim a lot. Next stop, they knock on my door. As I only have one pool of keys, when I want to show that "I have never been involved with Jim" unlocking my client is not going to be an option # What I would like is the option to load specific keys using the (G)UI of the application. (I'm not going to change my keys.dat file in /user/library/application support/PyBitmessage/ every time I want to message another contact. The UI can do this for me tho.) I would like a simple option to open a keypair on any storage device connected to my computer. I can use one key per contact or contactset and simply load in the keypair from my encrypted storage whenever I want to check for messages. This way, when I get raided over something one of my contacts did, I can claim someone must have broken into my wifi and abused it, as I do not have access to the keys they are looking for.
PeterSurda commented 2015-11-12 00:13:48 +01:00 (Migrated from github.com)
Copy Link

The issue is, at the moment if you don't have a key loaded when you receive a message, it will be ignored forever even if you load the key afterwards. So it would need a bit more work. But in general I think having more key sources is desirable.

The issue is, at the moment if you don't have a key loaded when you receive a message, it will be ignored forever even if you load the key afterwards. So it would need a bit more work. But in general I think having more key sources is desirable.
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working as it's supposed to
build
Related to building or build system
dependencies
Pull requests that update a dependency file
developers
The issue is relevant mainly for developers rather than users
documentation
duplicate
enhancement
New feature
formatting
Code or UI text formatting
invalid
legal
mobile
Frontend for mobile devices (kivy)
obsolete
packaging
performance
protocol
Protocol change
question
refactoring
regression
Some issue, fixed in the past, appears again
security
test
translation
usability
wontfix
No Label
enhancement
Milestone
No items
No Milestone v0.8.0
Projects
Clear projects
No project
Assignees
Clear assignees
PeterSurda
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2025-02-22#690
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?