Jack Dorsey floats specs for decentralized messaging app that uses Bluetooth
(2025/07/08)
- Reference: 1752005920
- News link: https://www.theregister.co.uk/2025/07/08/jack_dorsey_debuts_bitchat/
- Source link:
Serial entrepreneur Jack Dorsey, who co-founded Twitter and currently acts as CEO of payments company Block, has released the source code for a peer-to-peer messaging app called bitchat that relies on Bluetooth for network connectivity.
In the project's [1]GitHub repo , Dorsey describes the project thus: "A secure, decentralized, peer-to-peer messaging app that works over Bluetooth mesh networks. No internet required, no servers, no phone numbers – just pure encrypted communication."
The "secure" aspect of things appears to be more a TODO than an audit-backed commitment, at least to judge by reported issues about [2]cryptographic [3]gaps , [4]user impersonation concerns , and Dorsey's closure without comment of [5]a request for a security reporting process.
[6]
To underscore the app's insecurity, Jordan Mecom, an embedded software engineer at Dorsey's company Block, has submitted a pull request asking Dorsey to [7]add a warning message to the project.
[8]
[9]
"As is, bitchat may not meet the stated security goals," wrote Mecom. "For example, to achieve true PFS, it should use Signal-style X3DH + double ratchet, or MLS. Broadly, it would be good to switch to one of these standard, vetted approaches to secure messaging. However, for now, I propose adding a disclaimer to help ensure people don't use this app in serious settings before it's ready."
But that's to be expected from an app that Dorsey [10]described as "my weekend project to learn about bluetooth mesh networks, relays and store and forward models, message encryption models, and a few other things." The tech billionaire has floated a lot of experimental product ideas in the past, including a [11]decentralized social media protocol that became the alternative social network [12]Bluesky .
[13]
Bitchat is very much an early stage work-in-progress, and one that would-be users presently must build and install on iOS themselves, as the app has not yet been approved by Apple for App Store distribution. An Android port has been requested.
While the secure bits get worked out, the decentralized, peer-to-peer networking appears to be up and running. The app, as described in Dorsey's [14]technical writeup , creates a custom mesh network over Bluetooth Low Energy (BLE), where each device communicates directly with nearby devices as both a client and a server.
[15]Feds brag about hefty Oracle discount – licensing experts smell a lock-in
[16]Suspected Scattered Spider domains target everyone from manufacturers to Chipotle
[17]Stalkerware firm gets scooped by SQL-slinging security snoop
[18]AI models just don't understand what they're talking about
BLE has an expected outdoor range of [19]about 55 to 78 meters , based on specific assumptions about receiver sensitivity and signal transmission power. Dorsey's technical paper cites a range of about 30 meters for local network clusters. So users have to be fairly close to other users to connect to anyone. And given the technical barriers to building and installing the app, you may want to bring a friend to try it out before reverting to WhatsApp or Signal.
Wi-Fi Direct, a way to establish device-to-device connections over Wi-Fi, is mentioned as a possible alternative transport layer. It also comes with [20]security concerns [PDF].
Peer-to-peer messaging of this sort has been tried before. For example, a company called OpenGarden in 2014 released a peer-to-peer Bluetooth-based messaging app called [21]FireChat . FireChat was used in protests [22]in Hong Kong and [23]Iraq as a way to route around censorship, but the app [24]was not secure . It appears to have [25]stopped functioning in 2020 , and the OpenGarden website shut down in 2022.
[26]
Without a viable business model, app and network maintenance can't be assured. And if local authorities dislike the idea of people organizing and communicating in ways that can't be monitored, they won't necessarily bother trying to break message cryptography. They may just pursue company executives, [27]as Telegram's Pavel Durov discovered .
One of the founders of OpenGarden, Micha Benoliel, co-founded a company called [28]Nodle that runs a decentralized wireless network that incentivizes participation by connecting smartphones via various protocols, including Bluetooth, and offering NODL cryptocurrency tokens in exchange for network bandwidth.
Benoliel [29]noted in a social media post that Dorsey's project "sounds like the good old FireChat days," and later [30]suggested that the Nodle Network could add support for bitchat to help relay messages.
Given that Dorsey's current company is focused on blockchains and payments, it would not be unexpected to find bitchat mingling messaging with cryptocurrency applications. But those with serious security needs – dissidents operating in oppressive regimes – probably shouldn't bet their freedom or lives on bitchat any time soon. ®
Get our [31]Tech Resources
[1] https://github.com/jackjackbits/bitchat
[2] https://github.com/jackjackbits/bitchat/issues/28
[3] https://github.com/jackjackbits/bitchat/issues/64
[4] https://github.com/jackjackbits/bitchat/issues/42
[5] https://github.com/jackjackbits/bitchat/issues/19
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/edgeiot&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aG2U9efv4Vt4M14MboOnxgAAAFg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[7] https://github.com/jackjackbits/bitchat/pull/20
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/edgeiot&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aG2U9efv4Vt4M14MboOnxgAAAFg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/edgeiot&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aG2U9efv4Vt4M14MboOnxgAAAFg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://x.com/jack/status/1941989435962212728
[11] https://x.com/jack/status/1204766078468911106
[12] https://www.theregister.com/2024/02/06/bluesky_social_media_opens/
[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/edgeiot&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aG2U9efv4Vt4M14MboOnxgAAAFg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[14] https://github.com/jackjackbits/bitchat/blob/main/WHITEPAPER.md
[15] https://www.theregister.com/2025/07/08/gsa_oracle_deal/
[16] https://www.theregister.com/2025/07/08/suspected_scattered_spider_domains_target/
[17] https://www.theregister.com/2025/07/06/infosec_roundup/
[18] https://www.theregister.com/2025/07/03/ai_models_potemkin_understanding/
[19] https://www.bluetooth.com/learn-about-bluetooth/key-attributes/range/
[20] https://www.blackhat.com/docs/eu-17/materials/eu-17-Blanco-WI-FI-Direct-To-Hell-Attacking-WI-FI-Direct-Protocol-Implementations-wp.pdf
[21] https://en.wikipedia.org/wiki/FireChat
[22] https://www.theguardian.com/world/2014/sep/29/firechat-messaging-app-powering-hong-kong-protests
[23] https://www.theguardian.com/technology/2014/jun/24/firechat-updates-as-40000-iraqis-download-mesh-chat-app-to-get-online-in-censored-baghdad
[24] https://slate.com/technology/2014/10/firechat-app-won-t-keep-hong-kong-protesters-safe-from-spyware-surveillance.html
[25] https://www.reddit.com/r/firechat/comments/f6vn7j/rip_firechat/
[26] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/edgeiot&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aG2U9efv4Vt4M14MboOnxgAAAFg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[27] https://www.theregister.com/2024/08/30/french_telegram_ceo/
[28] https://www.nodle.com/
[29] https://x.com/anthenor/status/1942030165519085687
[30] https://x.com/anthenor/status/1942407723255005326
[31] https://whitepapers.theregister.com/
In the project's [1]GitHub repo , Dorsey describes the project thus: "A secure, decentralized, peer-to-peer messaging app that works over Bluetooth mesh networks. No internet required, no servers, no phone numbers – just pure encrypted communication."
The "secure" aspect of things appears to be more a TODO than an audit-backed commitment, at least to judge by reported issues about [2]cryptographic [3]gaps , [4]user impersonation concerns , and Dorsey's closure without comment of [5]a request for a security reporting process.
[6]
To underscore the app's insecurity, Jordan Mecom, an embedded software engineer at Dorsey's company Block, has submitted a pull request asking Dorsey to [7]add a warning message to the project.
[8]
[9]
"As is, bitchat may not meet the stated security goals," wrote Mecom. "For example, to achieve true PFS, it should use Signal-style X3DH + double ratchet, or MLS. Broadly, it would be good to switch to one of these standard, vetted approaches to secure messaging. However, for now, I propose adding a disclaimer to help ensure people don't use this app in serious settings before it's ready."
But that's to be expected from an app that Dorsey [10]described as "my weekend project to learn about bluetooth mesh networks, relays and store and forward models, message encryption models, and a few other things." The tech billionaire has floated a lot of experimental product ideas in the past, including a [11]decentralized social media protocol that became the alternative social network [12]Bluesky .
[13]
Bitchat is very much an early stage work-in-progress, and one that would-be users presently must build and install on iOS themselves, as the app has not yet been approved by Apple for App Store distribution. An Android port has been requested.
While the secure bits get worked out, the decentralized, peer-to-peer networking appears to be up and running. The app, as described in Dorsey's [14]technical writeup , creates a custom mesh network over Bluetooth Low Energy (BLE), where each device communicates directly with nearby devices as both a client and a server.
[15]Feds brag about hefty Oracle discount – licensing experts smell a lock-in
[16]Suspected Scattered Spider domains target everyone from manufacturers to Chipotle
[17]Stalkerware firm gets scooped by SQL-slinging security snoop
[18]AI models just don't understand what they're talking about
BLE has an expected outdoor range of [19]about 55 to 78 meters , based on specific assumptions about receiver sensitivity and signal transmission power. Dorsey's technical paper cites a range of about 30 meters for local network clusters. So users have to be fairly close to other users to connect to anyone. And given the technical barriers to building and installing the app, you may want to bring a friend to try it out before reverting to WhatsApp or Signal.
Wi-Fi Direct, a way to establish device-to-device connections over Wi-Fi, is mentioned as a possible alternative transport layer. It also comes with [20]security concerns [PDF].
Peer-to-peer messaging of this sort has been tried before. For example, a company called OpenGarden in 2014 released a peer-to-peer Bluetooth-based messaging app called [21]FireChat . FireChat was used in protests [22]in Hong Kong and [23]Iraq as a way to route around censorship, but the app [24]was not secure . It appears to have [25]stopped functioning in 2020 , and the OpenGarden website shut down in 2022.
[26]
Without a viable business model, app and network maintenance can't be assured. And if local authorities dislike the idea of people organizing and communicating in ways that can't be monitored, they won't necessarily bother trying to break message cryptography. They may just pursue company executives, [27]as Telegram's Pavel Durov discovered .
One of the founders of OpenGarden, Micha Benoliel, co-founded a company called [28]Nodle that runs a decentralized wireless network that incentivizes participation by connecting smartphones via various protocols, including Bluetooth, and offering NODL cryptocurrency tokens in exchange for network bandwidth.
Benoliel [29]noted in a social media post that Dorsey's project "sounds like the good old FireChat days," and later [30]suggested that the Nodle Network could add support for bitchat to help relay messages.
Given that Dorsey's current company is focused on blockchains and payments, it would not be unexpected to find bitchat mingling messaging with cryptocurrency applications. But those with serious security needs – dissidents operating in oppressive regimes – probably shouldn't bet their freedom or lives on bitchat any time soon. ®
Get our [31]Tech Resources
[1] https://github.com/jackjackbits/bitchat
[2] https://github.com/jackjackbits/bitchat/issues/28
[3] https://github.com/jackjackbits/bitchat/issues/64
[4] https://github.com/jackjackbits/bitchat/issues/42
[5] https://github.com/jackjackbits/bitchat/issues/19
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/edgeiot&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aG2U9efv4Vt4M14MboOnxgAAAFg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[7] https://github.com/jackjackbits/bitchat/pull/20
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/edgeiot&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aG2U9efv4Vt4M14MboOnxgAAAFg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/edgeiot&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aG2U9efv4Vt4M14MboOnxgAAAFg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://x.com/jack/status/1941989435962212728
[11] https://x.com/jack/status/1204766078468911106
[12] https://www.theregister.com/2024/02/06/bluesky_social_media_opens/
[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/edgeiot&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aG2U9efv4Vt4M14MboOnxgAAAFg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[14] https://github.com/jackjackbits/bitchat/blob/main/WHITEPAPER.md
[15] https://www.theregister.com/2025/07/08/gsa_oracle_deal/
[16] https://www.theregister.com/2025/07/08/suspected_scattered_spider_domains_target/
[17] https://www.theregister.com/2025/07/06/infosec_roundup/
[18] https://www.theregister.com/2025/07/03/ai_models_potemkin_understanding/
[19] https://www.bluetooth.com/learn-about-bluetooth/key-attributes/range/
[20] https://www.blackhat.com/docs/eu-17/materials/eu-17-Blanco-WI-FI-Direct-To-Hell-Attacking-WI-FI-Direct-Protocol-Implementations-wp.pdf
[21] https://en.wikipedia.org/wiki/FireChat
[22] https://www.theguardian.com/world/2014/sep/29/firechat-messaging-app-powering-hong-kong-protests
[23] https://www.theguardian.com/technology/2014/jun/24/firechat-updates-as-40000-iraqis-download-mesh-chat-app-to-get-online-in-censored-baghdad
[24] https://slate.com/technology/2014/10/firechat-app-won-t-keep-hong-kong-protesters-safe-from-spyware-surveillance.html
[25] https://www.reddit.com/r/firechat/comments/f6vn7j/rip_firechat/
[26] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/edgeiot&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aG2U9efv4Vt4M14MboOnxgAAAFg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[27] https://www.theregister.com/2024/08/30/french_telegram_ceo/
[28] https://www.nodle.com/
[29] https://x.com/anthenor/status/1942030165519085687
[30] https://x.com/anthenor/status/1942407723255005326
[31] https://whitepapers.theregister.com/
DS999
You mean your totalitarian boss Vlad will.
The totalitarian EU will ban this asap.