Replies (83)

Rod's avatar
Rod 4 months ago
Bitchat might not work as intended though, and here is why. Bluetooth communication can be captured using specialized hardware and software tools designed for packet sniffing and man-in-the-middle (MITM) attacks. nRF Sniffer for Bluetooth LE, Ubertooth, or Gattacker can be used to monitor and capture traffic between devices. It's definitely more secure and depends on the Bluetooth version and encryption, but it's not immune. So as the app and its code have not undergone external security review, and the project's own developers explicitly warn against using it for production or high-risk communications, its security is still under review. A major flaw allows attackers to impersonate trusted contacts by exploiting the "Favorites" function, and a potential buffer overflow bug has been reported. For here and there, it’s awesome to use. But for the world that needs it (I.e Iran’s authoritarianist regime shutting off internet), these vulnerabilities make a huge impact. PS- would appreciate a reply back in the DMs lol
set:// 𓁣 🏴 probably's avatar
set:// 𓁣 🏴 probably setto@basspistol.org 4 months ago
Looking for the android version, i see the playstore version is distributed by "Verse Communication PBC". While on the app store it says "Jack Dorsey" On the web there are about 3k pages that offer APK downloads for it. All looking more or less scammy. Are any of the android versions legit?
1 replies ↓
Juls's avatar
Juls 4 months ago
Yeap. Come join the very many that speak to the void until someone else appears! Not giving up 😂
Garth Algar's avatar
Garth Algar 4 months ago
Wooow … look at the spam here too… nostr is getting more mainstream i guess :)
ᴄʏʙᴇʀɢᴜʏ 👽's avatar
ᴄʏʙᴇʀɢᴜʏ 👽 cyberguy@nostrpurple.com 4 months ago
I slapped my collegue with a large trout 🐟 using "/slap" command. This is like curing the "Lubbermatosis" at the movie short titled "So you want to be a Pirate!" At least one dev surely have seen this movie. 😁
kate's avatar
kate 4 months ago
When you initially released bitchat on the App Store and I downloaded it, I was immediately able to find the <slap with a large trout> command. Now I can’t find it anymore. I guess I’ve lost my bitchat intuition. Is it because I’m alone (slapping myself silly)? Pls help. Also, could we possibly slap others with other types of fishes such as snapper or tuna? Maybe salmon. Thanks.
Russo's avatar
Russo 4 months ago
When will you stop pushing unsafe tech? New Vulnerabilities: In 2025, several new vulnerabilities have been reported, including: CVE-2025-32875: Insufficient authentication during Bluetooth binding, allowing unauthorized devices to connect during initial setup. CVE-2025-32876: Weakness in the encryption process during Bluetooth handshakes, particularly in certain Android environments. CVE-2025-44559: A Denial of Service (DoS) vulnerability in the Bluetooth Low Energy (BLE) stack, allowing attackers to disrupt services by sending crafted packets.
DZC's avatar
DZC 4 months ago
I think .android was the original one, but @calle had to change the App ID to .droid due to some 'ptoblems' publishing the app on the Play Store. 🫂
1 replies ↓
Default avatar
nobody 4 months ago
It would be super cool if you had the balls to say something about what is going on with girls and cameras and bcis and how I can never have anything in my life for Arielle to have fun with my body and life at my own expense around the country and above the law in constant isolation because she’s psychotic psychotically obsessed with women and trying to start a mass shooting and ditch town @npub1sg6p...f63m
Sophia 's avatar
Sophia sophiaw1926@nostrpurple.com 4 months ago
I asked 5 Thinking (rarely use) bout spam optimal solution, it’s funny cause it goes through your GitHub stuff when reasoning that is way over my head. Cute that it does that. This is what it said: Today(no code) -use password channels for real conversations (interesting but like I’m sure spam will keep getting access to unless changed daily, maybe tire it out :) -Use built-in/block @name for obvious spam and keep local blocklists. Building tomorrow -layer 1: simple flood & duplicate control with token-bucket rate limits and as mesh already uses TTL routing, in busy venues, reduce hop TTL to shrink the attack surface. Layer 2: -Require tiny POW per public message. Layer3: -Per-key trust scores, new keys start in probation(slow rate) and include relay policy where nodes deprioritise or refuse to forward from low-reputation keys (oof hope that’s not my key) Layer 4 -First-time posters must complete in-room handshake 🤝 like your QR idea or get a trust reaction from non-newbie before normal rates apply. -Invite links for channels with password + short-lived QR code for events. Layer 5 -ship a tiny Core ML text model to score spammy patterns which works for offline damping of bots (be interesting if you can get this embedded into iOS bitchat app) How to geohash without doxxing: -Channel geofence where rooms require senders to be inside target geohash cell (e.g., precision 6 ≈ ~1km, 7 ≈ ~150-200 m) -witness attestations from nearby devices with truncated geohash, not raw coordinates. -pop-up room with rotating QR or 6 digit code as proximity ticket, first time posters scan or enter, afterward post for grace period 24hr. Ok, well that’s it from me, hope it helps. P.S. I swear I am not spam. Cc @calle
1 replies ↓
moonsettler's avatar
moonsettler moonsettler@iris.to 4 months ago
the only decentralized anti-spam measure that is long term workable: 1 make identity costly (no the per message cost is retarded) 2 get blocked before full propagation if you spam this is very hard to implement well, especially point 2