Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

What security leaders need to know about AI governance in SaaS

New Zur Malware Variant Variant Targeting Developers via Trojanized Termius MacOS App

Supports the supply of important minerals to meet demand

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Jack Dorsey says his “safe” new bitchat app hasn’t been tested for security
Startups

Jack Dorsey says his “safe” new bitchat app hasn’t been tested for security

userBy userJuly 9, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

On Sunday, Block CEO and Twitter co-founder Jack Dorsey launched an open source chat app called Bitchat, pledged to provide “safe” and “private” messaging without a centralized infrastructure.

Unlike traditional messaging apps that rely on the internet, this app relies on Bluetooth and end-to-end encryption. By being decentralized, Bitchat could become a secure app in a high-risk environment where the Internet is incapable of being monitored or accessed. According to Dorsey’s white paper detailing app protocols and privacy mechanisms, Bitchat’s system design “prioritizes” security.

However, given that the app and its code have not been reviewed or tested for security issues, the claim that the app is safe has already faced scrutiny by security researchers, given that it has not been reviewed or tested for security issues at all by Dorsey’s own admission.

Since its launch, Dorsey has added warnings to Bitchat’s GitHub page. “This software has not received external security reviews, may contain vulnerabilities and does not necessarily meet the stated security goals. It should not be used for production use.

This warning is currently also visible on Bitchat’s main Github project page, but it was not at the time the app debuted.

As of Wednesday, Dorsey added:

This latest disclaimer comes after the researchers discovered that security researcher Alex Rodosia can be impersonated as someone else and make them think he is talking to a legitimate contact, as the researchers explained in a blog post.

Rodocea writes that Bitchat has an “Identity Authentication/Verification” system that allows attackers to intercept someone’s “ID key” and “peer ID pair.” This is a digital handshake that is essentially supposed to use an app to establish a trustworthy connection between the two of you. Bitchat calls these “favorite” contacts and marks them with a star icon. The goal of this feature is to allow two Bitchat users to interact.

Dorsey did not respond to TechCrunch requests for comments sent to the block email address.

A screenshot showing an example of a chat where the attacker pretends to be “Bob” in a chat with “Alice.” (Image: Alex Rodosia)

On Monday, Radocea submitted a ticket to the GitHub project and asked how to report a security flaw it discovered on Bitter’s favorite system. Shortly afterwards, Dorsey marked it “completed” without comment. (Dorsey reopened tickets on Wednesday, saying security issues can be reported by posting directly to GitHub.)

Another reported concern over Dorsey’s claim that Bitchat has “Forward Screcy,” a encryption technology that ensures that even if an attacker steals or compromises the encryption key, it cannot decrypt messages that the attacker centres previously.

Someone pointed out a potential buffer overflow bug. This is a common type of security vulnerability that allows hackers to sweep the device’s memory elsewhere and open the door to compromise data.

Radocea warned that Bitchat users shouldn’t trust the app yet.

“Security is a great feature to get viral. But just like identity keys actually do encryption, basic sanity checks are very obvious to test when building something like this,” Radsea told TechCrunch. “There are people out there who can literally embrace security and rely on it for their safety, so that current state projects could put them at risk.”

Referring to his and others’ findings, Radosia criticized Dorsey’s warning that Vichat has not been tested for security.

“I would argue that I had an external security review, but it doesn’t look good,” he said.


Source link

#Aceleradoras #CapitalRiesgo #EcosistemaStartup #Emprendimiento #InnovaciónEmpresarial #Startups
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleYouTube prepares crackdowns on “mass production” and “repeated” videos as concerns about AI slops grow
Next Article X’s advertising business has improved under the late CEO Linda Yaccarino, but it remains a difficult time to come
user
  • Website

Related Posts

Why isn’t Cluely’s Roy Lee sweating cheating?

July 10, 2025

Microsoft has internally shared $500 million in AI savings since cutting 9,000 jobs

July 9, 2025

California legislators behind SB 1047 raise mandatory AI safety reports

July 9, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

What security leaders need to know about AI governance in SaaS

New Zur Malware Variant Variant Targeting Developers via Trojanized Termius MacOS App

Supports the supply of important minerals to meet demand

European Innovation Methods to Turn Research into Market Success

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.