Delivery-Date: Sat, 30 Jan 2016 05:47:57 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E020F1E04FA;
	Sat, 30 Jan 2016 05:47:55 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 88FB7392E8;
	Sat, 30 Jan 2016 10:47:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0FB693925C
 for <tor-talk@lists.torproject.org>; Sat, 30 Jan 2016 10:47:46 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id U07Rn7axZiXh for <tor-talk@lists.torproject.org>;
 Sat, 30 Jan 2016 10:47:45 +0000 (UTC)
Received: from mail-pa0-x22f.google.com (mail-pa0-x22f.google.com
 [IPv6:2607:f8b0:400e:c03::22f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D90D639249
 for <tor-talk@lists.torproject.org>; Sat, 30 Jan 2016 10:47:45 +0000 (UTC)
Received: by mail-pa0-x22f.google.com with SMTP id yy13so54986496pab.3
 for <tor-talk@lists.torproject.org>; Sat, 30 Jan 2016 02:47:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to:content-type:content-transfer-encoding;
 bh=fImJLp01AP58N2ezMPRnZHlFfFyu3TNh2WjqziTk7BU=;
 b=Jp5lqfRWh4Jg3gQRrol79/j+9Fq0totdGkOdQHGuQjAkYbjypjKdV4W7mAcfVWMIwj
 4/gAibYCF3r304l7QDYFb9XUfGRROg2RhJMtAR89iAPKToVLrNjVCjZQfeljCN5nnrrZ
 dcSBgOd7SyRWR88SOTBcmncDHHhtHRPf8F+wNIcm1dwIAC1CajlrwIt+8/nRh02jHs1+
 ub0rfE7kwVtv0ZIrx//MnSlIGYOaDx/wpnqAS6fP2vx5ztE93bVL7yRpxNmLgPy1GATE
 VWC18WArU3vMuTRJ+3iceLKo7hEXwnobGzSi9GJ6pfkFLKbMvO69kgnSrl9TxKjAhZOa
 7Kiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:subject:to:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-type
 :content-transfer-encoding;
 bh=fImJLp01AP58N2ezMPRnZHlFfFyu3TNh2WjqziTk7BU=;
 b=PUxuWjBF4USaq1va+1zS41RBK21P+zrpLFEogZXmXt7YeQvOoSW56tC2WhWH4h9emc
 uT4B7KKodz2qy3DUs0AgceY8BOMBwBM2X4hhI96Hw1Vs2cFhmYn1Lp/YWvtOdyzUDbIN
 EZabzqNwpYeoAf77VGyNPaZZ06bKDi7oY8uqH92qwuuuoc5IRWtNvJ+tDi11/LRipToq
 zB29m/tm2FAk7W1wsKOqz9UqD+lDRm1UjlcNMDceDi/nV7psQQYtEuqSdUUd3l/Iod6s
 OJjIzb5h2bseKIrX7ADk2HI7BLEdjztr8EGsXoUeQaLpdL81PnGY8ZnJMNQSO0L71XjO
 xThA==
X-Gm-Message-State: AG10YOQPmKMZCb7PlQGMlFw9DADvc5HVsjhVgIGTTmQLHSv+V5a2gL2yE/dlfKTjhkX4HA==
X-Received: by 10.66.197.131 with SMTP id iu3mr21221868pac.57.1454150863383;
 Sat, 30 Jan 2016 02:47:43 -0800 (PST)
Received: from [10.137.2.55] (ip68-97-38-24.ok.ok.cox.net. [68.97.38.24])
 by smtp.googlemail.com with ESMTPSA id q14sm29539333pfq.81.2016.01.30.02.47.40
 for <tor-talk@lists.torproject.org>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Sat, 30 Jan 2016 02:47:41 -0800 (PST)
To: tor-talk@lists.torproject.org
References: <56AB637C.8070001@anonymous.coward.posteo.de>
 <56AC1AC2.6090706@cajuntechie.org>
 <CAPHRpdVyR6u8U42BBCiV75_YvfvQ_jHTNe07i254-CDqyTqXow@mail.gmail.com>
 <B010BF1C-A31E-4B3E-A2ED-C8F878C06E15@cajuntechie.org>
From: Jeremy Rand <biolizard89@gmail.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <56AC94C3.3030501@gmail.com>
Date: Sat, 30 Jan 2016 04:47:31 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <B010BF1C-A31E-4B3E-A2ED-C8F878C06E15@cajuntechie.org>
Subject: Re: [tor-talk] OT: Bitmessage
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 01/30/2016 04:30 AM, Anthony Papillion wrote:
> Thanks Tom but I want even aware that Bitmail existed lol.  I think
> these are problems I've seen talked about around Bitmessage.  For
> example, someone can observe you connect to peers and know you're
> transmitting data through them.  But maybe not to whom or what your
> saying.  Am I wrong?  If I am, this is going to make my day.  I
> love Bitmessage but this has always bugged me.  Also, what about a
> security audit?
> 
> Anthony

AFAIK you are correct; your peers and anyone watching you talk to them
can easily see when you send a message in Bitmessage.  In theory this
is obscured by relaying messages from other people, but I suspect that
in practice it would be trivial to Sybil the network and see which
node sent you a message first.  (This attack is regularly performed on
Bitcoin, whose network structure is somewhat similar to, though shares
no code with, Bitmessage.)

Also, since Tom spammed a link to BitMail, it's worth noting that
BitMail appears to be developed by the same people who made GoldBug.
For those of you keeping score at home, GoldBug falsely claimed to be
a project of EFF and CCC.  It would be wise to assume that BitMail is
malware or backdoored unless proven otherwise.  As with all other
software hosted by SourceForge these days.

- -Jeremy Rand
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWrJSbAAoJEAHN/EbZ1y06AhAQALDx8+Hgcsn+xzYR1xzwADo7
aCZTjowri0skbZ0gfEXZu2IikTQAMRSeGMykCeCpy8bv2wESFZEI7lCbBB16Iktk
jYVMaG6XComcL2sTwiecz++1wCYnp5hA5KDjQxZ70T9K2+ro0duXidFW674lKaB0
qW2y13p1amWi3yKNosUait1+IhI2z6VUMAxL3O1jBICxQVBIMVuvgzRxZ9SpzWSR
vDD7Yg3mrTjcyVHB0p/Qt1IQNCDqO0MN/5GRQONOf4wOJe4GFFaGq67ycPde352/
/Bfye8keSQR1SjImrF0ncKNC3pSjJEA4YZb8TLVWdYSxzreA5D62GtKFWfRl8N7o
diSkt3jW+Pnj/YncjZcI807CrRgesXGcvck1czJ+f0YpQ4ieRr5OMYPPamPeiekI
BXSN3wyH3Z+tTlYfmEn3lvfzS2QkS+/klDtdFOVBmhX2Fkqb4Wrs33VNC4n1kuOt
R5elW2U1xsomFFJWAvORbozvJ5ntrKdBW17mUSQ4r2/KaVrs/meeq+S2c2lp5bUl
8+YLaHWDHYgiWdR4l09UNA+j4PN3ip22RTC2S+1fwvkURzo3ftn+VYd4YXr+71oj
ZW2Fojtn+p6N+b5kAcv4u8aiKIk3xCDseaHO6EczSRCs9ismcAlbPY2WscL7URHL
TiDKZdWwZ6xxDEx6x50c
=sHWr
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

