Jack Dorsey’s newest venture, a chat app called Bitchat, launched with big talk about privacy and security. Built to run without internet access, the app uses Bluetooth to pass messages between phones directly. That setup, on paper, seems ideal for people in places where online communication can be risky or even blocked outright.
Bitchat was pitched as something different, decentralized, encrypted, and outside the reach of traditional servers. Its white paper made it clear: this app was supposed to put security first. But it didn’t take long for cracks to show.
Within days, a warning appeared on Bitchat’s GitHub page. It stated plainly that the app hadn’t gone through outside security review, and users were urged not to depend on it yet. That notice wasn’t there when the app first dropped, which raised a few eyebrows. By midweek, the listing also carried a quiet note: “Work in progress.”
Then things took another turn. A security researcher, Alex Radocea, dug into the code and found a major issue. According to him, someone could pose as a trusted contact inside the app, tricking people into believing they were talking to someone familiar. He documented how the app’s verification feature, meant to confirm identities between users, could be manipulated. He posted his concerns publicly.
More developers chimed in. One said the app’s claim of supporting “forward secrecy” might not hold up. That’s a cryptographic technique meant to keep old messages safe even if someone manages to steal a key later. Another person pointed out a potential buffer overflow problem, a type of bug that could allow someone to push past memory boundaries and access data they shouldn’t.
Radocea didn’t mince words. He warned that apps like this shouldn’t be treated as secure just because the branding says so. In situations where privacy can mean the difference between safety and danger, a false sense of security might do more harm than good.
For now, Bitchat is still available as an open-source project. It’s live, editable, and clearly unfinished. No official response has come from Dorsey himself, and the app continues to carry its caution label.
The idea behind Bitchat might be promising. But as things stand, the execution needs more work, and a lot more eyes on the code, before anyone should bet their safety on it.
Note: This post was edited/created using GenAI tools.
Read next: Brands Face Generational Shift as Consumers Demand Personalized Content, Prefer Short-Form Videos and Emojis
Bitchat was pitched as something different, decentralized, encrypted, and outside the reach of traditional servers. Its white paper made it clear: this app was supposed to put security first. But it didn’t take long for cracks to show.
Within days, a warning appeared on Bitchat’s GitHub page. It stated plainly that the app hadn’t gone through outside security review, and users were urged not to depend on it yet. That notice wasn’t there when the app first dropped, which raised a few eyebrows. By midweek, the listing also carried a quiet note: “Work in progress.”
Then things took another turn. A security researcher, Alex Radocea, dug into the code and found a major issue. According to him, someone could pose as a trusted contact inside the app, tricking people into believing they were talking to someone familiar. He documented how the app’s verification feature, meant to confirm identities between users, could be manipulated. He posted his concerns publicly.
- Also read: Researchers Warn: This Android Animation Glitch Lets Apps Spy, Snap, and Steal... Undetected
More developers chimed in. One said the app’s claim of supporting “forward secrecy” might not hold up. That’s a cryptographic technique meant to keep old messages safe even if someone manages to steal a key later. Another person pointed out a potential buffer overflow problem, a type of bug that could allow someone to push past memory boundaries and access data they shouldn’t.
Radocea didn’t mince words. He warned that apps like this shouldn’t be treated as secure just because the branding says so. In situations where privacy can mean the difference between safety and danger, a false sense of security might do more harm than good.
For now, Bitchat is still available as an open-source project. It’s live, editable, and clearly unfinished. No official response has come from Dorsey himself, and the app continues to carry its caution label.
The idea behind Bitchat might be promising. But as things stand, the execution needs more work, and a lot more eyes on the code, before anyone should bet their safety on it.
Note: This post was edited/created using GenAI tools.
Read next: Brands Face Generational Shift as Consumers Demand Personalized Content, Prefer Short-Form Videos and Emojis
