If you want to fund an audit, we'll find out.


There have been a number of concerns over scalability and security which have only been partially addressed. I can't speak too much about them because I've been rather distant from the project for a while, but AFAIK the scaling is still an unsolved issue, practically in the brainstorming stage. There are also a number of unfortunate misconceptions which have been propagated around the interwebs. Whenever Aetheros pops up with a well-reasoned response, he gets crickets. These include:

- But proof of work isn't a viable spam solution!
Email has no spam solution either, and yet it's done well for two decades. Spam in email is handled clientside, and this does not change with Bitmessage. Thunderbird (and other client) integration makes this simple. Proof-of-work is merely used to prevent flooding of the network.

- But wasn't it de-anonymized?!
No, some guy harvested addresses (which are public, because the existence of a particular address leaks no information), then sent out some spam. Users then copied and pasted an unclickable (by GUI design) link to an unknown website from an unknown sender into an unsecured web-browser, and were surprised when their IP address was then correlated with their intentionally disposable Bitmessage address which had no associated metadata. This still baffles me.

- But what about that one post on the Bitmessage forums with criticism?
Yes, we read the post. And then we discussed it. If you believe it contained an as-yet-unaddressed critical flaw, please let me know.