Aug 21, 2016
A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2 here. If you run PyBitmessage via code, we highly recommend that you upgrade to 0.6.3.2. Alternatively you may downgrade to 0.6.1 which is unaffected. .
Bitmessage developer Peter Šurda's Bitmessage addresses are to be considered compromised.
Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. If Bitmessage is completely new to you, you may wish to start by reading the whitepaper.
An open source client is available for free under the very liberal MIT license. For screenshots and a description of the client, see this CryptoJunky article: "Setting Up And Using Bitmessage".
Download for Windows (32bit) (64bit)
You may view the Python source code on Github. Bitmessage requires PyQt and OpenSSL. Step-by-step instructions on how to run the source code on Linux, Windows, or OSX is available here.
Please follow the contribution guidelines when contributing code or translations.
Security audit needed
Bitmessage is in need of an independent audit to verify its security. If you are a researcher capable of reviewing the source code, please email the lead developer. You will be helping to create a great privacy option for people everywhere!
- Visit or subscribe to the Bitmessage subreddit.
- A community-based forum for questions, feedback, and discussion is also available at Bitmessage.org/forum.