Tech visionary Jack Dorsey, co-founder of Twitter and financial tech firm Block, has quietly launched his latest experimental project: Bitchat, a Bluetooth-based messaging app now available for iOS users via the App Store. Built over a single weekend in early July, the app has gained attention not only due to its creator but also for its minimalist design and offline messaging capability, yet it already faces serious questions about its security.
No Wi-Fi, No SIM, No Problem: How Bitchat Works
At its core, Bitchat is a mesh networking app that uses Bluetooth to send messages across short distances typically up to 100 meters, without requiring cellular networks or Wi-Fi connections.
This makes the app particularly useful in environments where traditional communication infrastructure is unavailable or unreliable. Examples include:
- Music festivals and large events
- Emergency or disaster zones
- Areas of restricted internet access
Bluetooth mesh messaging isn’t a new concept, but Dorsey’s high-profile involvement has pushed Bitchat into the spotlight.
A Bare-Bones, Login-Free UX
In keeping with Dorsey’s long-standing minimalism in product design, Bitchat is a bare-bones app with no login process, no account creation, and no cloud sync. When you open the app:
- You’re taken directly to a messaging interface
- You can set or change your display name at any time
- Messages from nearby users will appear in a shared stream only if they’re within Bluetooth range
This raw interface has sparked comparisons to IRC-style chatting mixed with walkie-talkie dynamics.
Security and Privacy: A Key Promise Under Scrutiny
Dorsey initially positioned Bitchat as a private and secure communication tool, suggesting its offline functionality could resist surveillance and censorship. However, security researchers quickly poked holes in that narrative.
Alex Radocea, a well-known cryptographic expert, wrote a detailed blog post criticizing the app’s lack of authentication protocols.
“In cryptography, details matter,” Radocea wrote. “A protocol that has the right vibes can have fundamental substance flaws that compromise everything it claims to protect.”
The biggest flaw? Anyone can impersonate anyone within the app by simply adopting the same display name, there’s no verification layer to ensure sender authenticity. This raises red flags for any use case involving sensitive or secure communications.
Dorsey Acknowledges the Flaws
To his credit, Dorsey admitted the app has not undergone any formal security audit. In a follow-up post on X (formerly Twitter), he acknowledged that Bitchat is still experimental, stating it may contain vulnerabilities and limitations, especially when used for privacy-sensitive tasks.
The project is still open-source, allowing contributors to inspect the code or suggest improvements. But for now, Bitchat is more proof-of-concept than polished product.
While Bitchat is in its infancy, similar tools have already made history. The Bridgefy app, for example, was used extensively during Hong Kong’s pro-democracy protests, thanks to its ability to work offline and avoid network-based surveillance.
Such use cases explain the inherent appeal of decentralized, peer-to-peer communication, especially in regions facing digital censorship. Whether Bitchat becomes the next Bridgefy or fades into obscurity depends on its technical maturity and user trust.
While the official Bitchat iOS app is live, the Android version is still only available via GitHub sideloading. This has opened the floodgates to fake versions on the Google Play Store, many of which claim to be Dorsey’s app and have already amassed thousands of downloads.
Dorsey has not issued a formal takedown notice or warning, but he did repost a message on X that warned Android users about the impostor apps, reiterating that Bitchat has not been officially published on Play Store yet.
This lack of an official Android presence combined with rampant impersonation creates both trust issues and security risks for curious users.
Dorsey’s decision to personally build and release Bitchat over a weekend signals his continued interest in communication technology and decentralization. After stepping down as Twitter CEO, he has increasingly invested in projects that challenge centralized control, such as:
- Bluesky, a decentralized social media protocol
- Nostr, a censorship-resistant messaging protocol
- Bitcoin and crypto-based financial tools via Block
Bitchat fits squarely within this ideological framework, even if its practical utility is still being ironed out.
Bitchat is intriguing not because it’s the first of its kind, but because Jack Dorsey’s involvement could elevate mesh messaging into the mainstream. With use cases in disaster zones, censorship-heavy regions, and crowded venues, offline messaging apps like Bitchat can offer valuable alternatives to traditional communication networks.
However, serious security flaws, lack of authentication, and limited platform availability mean that the app is far from ready for prime time. For now, it remains an experimental toy for tech enthusiasts, but with the right improvements and a formal security audit, Bitchat might just redefine how we think about offline, decentralized messaging.
