Bitmail, encrypted friend to friend email without central server

Bitmail is a decentralized open source email gateway that stores email messages encrypted offline and includes a secure IRC gateway for real time online chat. You can connect to the developer’s IRC channel from within the client.

Email communications are secured with libgcrypt, a GPG cryptographic library, and AES over SSL. There is no need to install the client, it can be run as portable. As soon as you launch it you will be asked to enter a password with a minimum of 16 characters, this will be used to create your private encryption keys. Make sure not to forget it like me, because you will be locked out of Bitmail the next time you launch it, with all tabs greyed out.

The same email client allows you to operate an IMAP capable BitMail server to relay messages to other people, running a server requires lots of configuration and it is not easy. Bitmail interface is well structured and tabbed but you will have to be familiar with encryption terms, there are lots of things that can be customized, like encryption algorithm, itiretation count, RSA key size and even salt length. This is not an email client for beginners.

Secure P2P email client Bitmail

Secure P2P email client Bitmail

You will need to manually add the encryption keys from the people you would like to communicate with in the address book, encryption keys will have to be exchanged via different channel, like messenger. Once you have the participants encryption keys and your IP has been added to the list of allowed senders in the Bitmail server, anyone in the group is able to securely exchange messages.

Bitmail darknet approach where there is no central authority that can be compromised and only those who know someone in the group are allowed to join in is the right approach against NSA state surveillance but I did not like that there was no anonymity in the network.

Your computer IP could be traced if anybody in the darknet is eavesdropped with something as simple as a trojan horse. P2P email services should have built in mechanisms to stop the compromise of a single user from spreading to the other people in the network and Bitmail does not accomplish this.

I liked that Bitmail is open source but due to the complicated set up and lack of anonymity I don’t think it is something I will be using. If you only need privacy, it might fulfil your needs, specially for intranet communications.

Visit Bitmail homepage

Leave a Reply