Bitmessage’s Problem, or “How Network Effects Distort Competition in Email Privacy”

by Ross Schulman on July 30, 2013

An open source project now gaining steam aims to fix some of the privacy and security problems with our modern email system. Bitmessage is a peer-to-peer messaging system loosely based on the cryptographic theories behind Bitcoin. It supposedly provides for entirely encrypted communications and even goes so far as to mask the sender and addressee of a message from third-parties. (I say supposedly because there has not yet been a thorough audit of the security of the system). Full scale peer-to-peer messaging with encryption and masking of metadata are obviously intriguing to lots of users in the wake of the NSA revelations in the US, but Bitmessage has one major problem: Your friends (probably) aren’t using it yet.

We talk a lot about allowing disruptive innovation here on DisCo and look a lot at the regulatory structures that can hold back that kind of innovation. One thing we haven’t touched on much, however, is the issue of competing against the network effects that entrench an older service by themselves. In this case email is the entrenched competitor.

Let’s face it: while it was no doubt the killer app for the Internet before the World Wide Web took over (and is still used by nearly every Internet user today), email is a relatively inadequate protocol. The Simple Mail Transfer Protocol (SMTP) dates back to 1981, and other one-to-one messaging protocols go back around a decade further. At the time, there was almost no business being done on the Internet, and it was still an academic and government network. There were relatively few emails being exchanged, between people who knew and trusted each other in real life, and the content was probably not worth protecting against an attacker that nobody could fathom would want to snoop on the network. The SMTP protocol betrays these facts. It has no protections against flooding the network with undesired messages (i.e., spam), no authentication that the person claiming to send the message actually did so, and (at the time) absolutely no built-in encryption. All messages in the default SMTP protocol travel the wire in the clear.

Since those days, there have been efforts to solve all of these problems, but they have run up against the barrier of the network effect of email. Once everybody is using the same protocol to exchange information, getting them to change over to a different one is impossible if all the people they want to communicate with aren’t available on that other platform. For example, Pretty Good Privacy (PGP), an encryption program developed by Phil Zimmerman, solves the trust and encryption problems with email, but it requires everyone to use it, and so it is only used in very particular situations where protection of communication is of greater importance.

What does this all mean for Bitmessage? To overcome these network effects, it will have to be incredibly easy to set up and use. It would also be useful if it resembles email as much as possible, to keep users feeling familiar. Finally, it will have to demonstrate conclusively that it solves problems with the original that people care about. Are the stars aligned in just that right way for Bitmessage? You can try it and find out. There is also a good guide to getting started. Once you get it up and running feel free to send me a test message at BM-GtoTpdZzQ55WTACpmGYjy61XHcgt8fTQ and I’ll try to reply. At the end of the day, though, while revelations about NSA spying may help Bitmessage’s case, only time will really tell if it can overcome email’s inertia.

  • disqus_user_wi

    You can download Bitmessage for Mac OS X at http://sourceforge.net/projects/bitmessagemac/files/

  • 1

    no problem, really. people are waking up and turn away from centralized snoopboxes. let’s hope bitmessage-like systems ain’t just another deception and hidden trap, though. opensource is awesome, but source audit is still crucial.

Previous post:

Next post: