AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to Slashdot  <--  <--- Return to Home Page
   Local Database  Slashdot   [103 / 118] RSS
 From   To   Subject   Date/Time 
Message   VRSS    All   Jack Dorsey Says His 'Secure' New Bitchat App Has Not Been Teste   July 10, 2025
 8:20 AM  

Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Jack Dorsey Says His 'Secure' New Bitchat App Has Not Been Tested For
Security

Link: https://it.slashdot.org/story/25/07/10/011720...

An anonymous reader quotes a report from TechCrunch: On Sunday, Block CEO and
Twitter co-founder Jack Dorsey launched an open source chat app called
Bitchat, promising to deliver "secure" and "private" messaging without a
centralized infrastructure. The app relies on Bluetooth and end-to-end
encryption, unlike traditional messaging apps that rely on the internet. By
being decentralized, Bitchat has potential for being a secure app in high-
risk environments where the internet is monitored or inaccessible. According
to Dorsey's white paper detailing the app's protocols and privacy mechanisms,
Bitchat's system design "prioritizes" security. But the claims that the app
is secure, however, are already facing scrutiny by security researchers,
given that the app and its code have not been reviewed or tested for security
issues at all -- by Dorsey's own admission. Since launching, Dorsey has added
a warning to Bitchat's GitHub page: "This software has not received external
security review and may contain vulnerabilities and does not necessarily meet
its stated security goals. Do not use it for production use, and do not rely
on its security whatsoever until it has been reviewed." This warning now also
appears on Bitchat's main GitHub project page but was not there at the time
the app debuted. As of Wednesday, Dorsey added: "Work in progress," next to
the warning on GitHub. This latest disclaimer came after security researcher
Alex Radocea found that it's possible to impersonate someone else and trick a
person's contacts into thinking they are talking to the legitimate contact,
as the researcher explained in a blog post. Radocea wrote that Bitchat has a
"broken identity authentication/verification" system that allows an attacker
to intercept someone's "identity key" and "peer id pair" -- essentially a
digital handshake that is supposed to establish a trusted connection between
two people using the app. Bitchat calls these "Favorite" contacts and marks
them with a star icon. The goal of this feature is to allow two Bitchat users
to interact, knowing that they are talking to the same person they talked to
before.

Read more of this story at Slashdot.

---
VRSS v2.1.180528
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Hide Routing
Previous Message | Next Message | Back to Slashdot  <--  <--- Return to Home Page

VADV-PHP
Execution Time: 0.0128 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2025 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
v2.1.250224