[hershel]

In theory , bitmessage looks cool. But according to a review:

" Although it is very nice that people are working on creating secure and anonymous messaging systems, I am afraid that BitMessage is weak to a variety of attacks. I fear that the people working on it do not have sufficient expertise, in the fields of security and anonymity, to design and implement a proper cryptographic communications system + anonymity network. After reading the two design .pdf documents, I have identified a variety of weaknesses and overall poor design choices in the BitMessage protocol. "

And he continues to show those weaknesses.

https://bitmessage.org/forum/index.php?topic=1666.0

[c0ur7n3y]

That's a pretty old thread. They've made a lot of progress since then.

[hershel]

What i don't see (maybe haven't looked hard enough) are another security review/s.

Until bitmessage is thoroughly reviewed by serious people ,and results are displayed in a prominent place, it would be hard to trust.

[sirsar]

The dev team would love if you know someone with expertise and a bit of time to spare. We make no claims of perfection or even safety at this point.

From the homepage: Bitmessage is in need of an independent audit to verify its security.

[hershel]

I believe that they need to link to the security review i linked , not hide it in forums.

There was also someone who deanonimized bitmessage. They should link this too in a prominent place.

If they solved any of those problems , they should link to solutions and a possible review.

[sirsar]

There was also someone who deanonymized some bitmessage users' disposable identities: those who copy-pasted a link (that the client prevented them from clicking on) to a website they'd never visited before from a random user with whom they'd never communicated into a web browser that did not use any anonymizing method.

FTFY

[foobarqux]

Is it forward secure now?