![]() ![]() Given the state of things, I am of the opinion that full device encryption should be standard in order to safeguard our civil liberties, but since we're not there yet with most consumer products/companies, it is up to the applications to provide that security, and do it seamlessly, in order for an idea like Bitmessage to catch on. The Bitmessage protocol's main function is to be safe from man-in-the-middle snooping (whereas with Pidgin everything is sent in the clear unless you use OTR/PGP), so it would seem only natural for an encrypted messaging client to encrypt its local database files. I get where Purple is coming from regarding Pidgin, but PyBitmessage is not an insecure instant-messaging client, and their reasoning is not applicable here. I was toying with the idea of contributing in some way to the project (or at least playing with the source code), if it is indeed the most viable solution, but I only have a rudimentary python knowledge. I've been looking for an acceptable secure messaging client/solution for quite some time, and this is still the closest I've seen (as far as it working easily out of the box and getting others to use it). I have to wonder why there's no change in the tray icon to indicate new messages, or some form of reminder, or even a sound. I have no problem editing a config file, but this seems like extremely lazy dev work (something that would have literally taken 30 seconds since they did bother to make a GUI checkbox for minimizetotray) and it makes me wonder about the actual security of the protocol/application if something so trivial was omitted. ![]() Setting "minimizeonclose = true" and then starting the application does in fact have the desired effect. I find it strange that these lines are in the keys.dat, but don't appear to have any corresponding relation to any settings in the Windows GUI (given that there would logically need to be some passcode created through the GUI to actually crypt the files): keysencrypted = falseĪs well as, since I'm looking through it, I noticed the GUI has an option to Minimize To Tray, but not Close To Tray, however there is a line in keys.dat for both: minimizetotray = True If someone (an attacker or law enforcement) wanted to, they could just yank the hard drive (BIOS and DriveLock passwords be damned) and copy the appdata folder and read all sent/received messages with the BitMessage client, or grab their private keys out of keys.dat. Although I have full disk encryption, I'm thinking about recipients who don't. I am hesitant to add the file to the exclusions list, as it would appear that my sent/received messages are also in there somewhere (I don't see a separate place for them, which would be ideal).Īnother concern I have is that there's no local encryption for the keys.dat or messages.dat. This is unacceptable to me (since it appears that the file is constantly changing as the client processes messages on the network) because it's an extra 1GB on top of every one of my nightly incremental system backups. My "AppData\Roaming\PyBitmessage\messages.dat" is sitting at an unwieldy 1.03GB (and I only personally have 1 message in my inbox and 2 sent messages). u/blue_cube, reported one month ago that his appdata was only taking up 150MB.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |