Sunday, July 27, 2025
LBNN
  • Business
  • Markets
  • Politics
  • Crypto
  • Finance
  • Energy
  • Technology
  • Taxes
  • Creator Economy
  • Wealth Management
  • Documentaries
No Result
View All Result
LBNN

Jack Dorsey says his ‘secure’ new Bitchat app has not been tested for security

Simon Osuji by Simon Osuji
July 9, 2025
in Creator Economy
0
Jack Dorsey says his ‘secure’ new Bitchat app has not been tested for security
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

On Sunday, Block CEO and Twitter co-founder Jack Dorsey launched an open source chat app called Bitchat, promising to deliver “secure” and “private” messaging without a centralized infrastructure.

The app relies on Bluetooth and end-to-end encryption, unlike traditional messaging apps that rely on the internet. By being decentralized, Bitchat has potential for being a secure app in high-risk environments where the internet is monitored or inaccessible. According to Dorsey’s white paper detailing the app’s protocols and privacy mechanisms, Bitchat’s system design “prioritizes” security. 

But the claims that the app is secure, however, are already facing scrutiny by security researchers, given that the app and its code have not been reviewed or tested for security issues at all — by Dorsey’s own admission.

Since launching, Dorsey has added a warning to Bitchat’s GitHub page: “This software has not received external security review and may contain vulnerabilities and does not necessarily meet its stated security goals. Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed.” 

This warning now also appears on Bitchat’s main GitHub project page but was not there at the time the app debuted.

As of Wednesday, Dorsey added: “Work in progress,” next to the warning on GitHub. 

This latest disclaimer came after security researcher Alex Radocea found that it’s possible to impersonate someone else and trick a person’s contacts into thinking they are talking to the legitimate contact, as the researcher explained in a blog post. 

Radocea wrote that Bitchat has a “broken identity authentication/verification” system that allows an attacker to intercept someone’s “identity key” and “peer id pair” — essentially a digital handshake that is supposed to establish a trusted connection between two people using the app. Bitchat calls these “Favorite” contacts and marks them with a star icon. The goal of this feature is to allow two Bitchat users to interact, knowing that they are talking to the same person they talked to before. 

Dorsey did not respond to TechCrunch’s request for comment sent to his Block email address. 

A screenshot showing an example of a chat where an attacker has impersonated “Bob” in a chat with “Alice,” which Bitchat made it seem like it was really coming from Bob.Image Credits:Alex Radocea

On Monday, Radocea filed a ticket on the GitHub project to ask how to report the security flaw he discovered in the Bitchat Favorites system. Soon after, Dorsey marked it as “completed,” without comment. (Dorsey reopened the ticket on Wednesday, saying security issues can be reported by posting on GitHub directly.)

Another person reported concerns with Dorsey’s claims that Bitchat has “forward secrecy,” a cryptographic technique that ensures that even if an attacker steals or compromises an encryption key, that attacker still cannot decrypt previously sent messages.

Someone also pointed out a potential buffer overflow bug, which is a common type of security vulnerability where a hacker can force a device’s memory to spill out to other locations, opening the door for a data compromise.

Radocea warned that Bitchat users should not trust the app yet. 

“Security is a great feature to have for going viral. But a basic sanity check, like, do the identity keys actually do any cryptography, would be a very obvious thing to test when building something like this,” Radocea told TechCrunch. “There are people out there that would take the messaging around security literally and could rely on it for their safety, so the project in its current state could endanger them.”

Referring to his and other people’s findings, Radocea criticized Dorsey’s warning that Bitchat has not been tested for security. 

“I’d argue it has received external security review, and it’s not looking good,” he said.

Source link

Related posts

Intel Laying Off Tens of Thousands of Employees: CEO Memo

Intel Laying Off Tens of Thousands of Employees: CEO Memo

July 26, 2025
AI referrals to top websites were up 357% year-over-year in June, reaching 1.13B

AI referrals to top websites were up 357% year-over-year in June, reaching 1.13B

July 25, 2025
Previous Post

The deadly Texas flash flood is a preview of the chaos to come

Next Post

Sony’s Brand New Flagship Headphones Are on Sale for Prime Day

Next Post
Sony’s Brand New Flagship Headphones Are on Sale for Prime Day

Sony’s Brand New Flagship Headphones Are on Sale for Prime Day

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RECOMMENDED NEWS

ExxonMobil says it is optimistic about Mozambique’s Rovuma basin LNG project

ExxonMobil says it is optimistic about Mozambique’s Rovuma basin LNG project

2 months ago
Nobles Properties enhances AlShahd 3’s residential security infrastructure

Nobles Properties enhances AlShahd 3’s residential security infrastructure

2 months ago
ThinkMarkets launches a new loyalty programme for its clients

ThinkMarkets launches a new loyalty programme for its clients

2 months ago
Panda: China shaping national treasure’s future – EnviroNews

Panda: China shaping national treasure’s future – EnviroNews

4 months ago

POPULAR NEWS

  • Ghana to build three oil refineries, five petrochemical plants in energy sector overhaul

    Ghana to build three oil refineries, five petrochemical plants in energy sector overhaul

    0 shares
    Share 0 Tweet 0
  • The world’s top 10 most valuable car brands in 2025

    0 shares
    Share 0 Tweet 0
  • When Will SHIB Reach $1? Here’s What ChatGPT Says

    0 shares
    Share 0 Tweet 0
  • Top 10 African countries with the highest GDP per capita in 2025

    0 shares
    Share 0 Tweet 0
  • Global ranking of Top 5 smartphone brands in Q3, 2024

    0 shares
    Share 0 Tweet 0
  • Privacy Policy
  • Contact

© 2023 LBNN - All rights reserved.

No Result
View All Result
  • Home
  • Business
  • Politics
  • Markets
  • Crypto
  • Economics
    • Manufacturing
    • Real Estate
    • Infrastructure
  • Finance
  • Energy
  • Creator Economy
  • Wealth Management
  • Taxes
  • Telecoms
  • Military & Defense
  • Careers
  • Technology
  • Artificial Intelligence
  • Investigative journalism
  • Art & Culture
  • Documentaries
  • Quizzes
    • Enneagram quiz
  • Newsletters
    • LBNN Newsletter
    • Divergent Capitalist

© 2023 LBNN - All rights reserved.