You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi BitChat Team and Community,
I'm a huge fan of BitChat’s mission to deliver decentralized, privacy-first communication through Bluetooth Mesh and Nostr integration. Having explored the app (v1.3.1 on iOS, v1.1.0 on Android) and analyzed its network behavior, I’d like to share a few feature suggestions to bolster security, improve GeoHash channel usability, and tackle potential bot issues in chats. These ideas aim to make BitChat even more robust and user-friendly, especially for GeoHash-based communication.
1. User-Level Traffic Obfuscation for Nostr Connections
Problem: The traffic to Nostr relays (used for GeoHash chats when internet is available, introduced in v1.2.0 for iOS and extended in Android v1.1.0) lacks obfuscation, which could expose metadata like IP addresses or message patterns. This is critical for users in high-risk scenarios relying on BitChat’s privacy promises.
Proposal:
Add random packet padding or dummy messages to obscure traffic patterns, preventing analysis attacks.
This would strengthen BitChat’s privacy model, especially for out-of-mesh communication, and align with its permissionless design.
2. Enhanced GeoHash Channel Management with Encrypted Local Storage
Problem: GeoHash-based location channels (introduced in v1.3.0 for iOS, supported in Android v1.1.0) are a powerful feature, but navigating and saving them is cumbersome without a dedicated UI.
Proposal:
Add a user interface to bookmark favorite GeoHash channels (e.g., u4pru for a 5x5 km area) in a dedicated "Channels" tab.
Store this list locally in an encrypted SQLite database or JSON file, using Noise Protocol keys (as adopted in v1.1 for iOS) for security.
This would streamline access to frequently used channels and enhance UX for users moving across locations.
3. Encrypted Export/Import of Mutual Favorites List
Problem: The "mutual favorites" feature (bridged to Nostr in v1.2.0 for iOS, supported in Android v1.1.0) lacks a way to securely back up or transfer contacts across devices.
Proposal:
Enable export/import of the favorites list as an AES-256-GCM encrypted JSON file, using a user-provided passphrase or derived from the Noise Protocol keypair.
Ensure cross-platform compatibility (iOS ↔ Android) by standardizing the export format.
This would simplify device migration while keeping contact data private and secure.
**4. Decentralized Voting for User Mutes to Combat Bots: **
Open mesh networks and GeoHash channels are susceptible to bot spam, which could disrupt communication (e.g., flooding channels with irrelevant messages).
Proposal:
Implement a decentralized voting system to temporarily mute users in a channel (e.g., requiring 50%+1 of active participants’ votes).
Use Ed25519 signatures (as in Nostr’s EVENT messages) for anonymous, verifiable votes to prevent manipulation.
Example workflow: Users send a /mute @username command, signed with their pubkey, and the app aggregates votes locally to enforce the mute.
This aligns with BitChat’s P2P philosophy, empowering communities to self-moderate without centralized control.
Additional Notes
These suggestions are based on my analysis of BitChat’s current state, including its Bluetooth Mesh core, Nostr integration (NIP-17), and recent updates (iOS v1.3.1, Android v1.1.0). I’m aware of the July 2025 security concerns around the Favorites system and believe these proposals could help address similar risks while improving usability. I’d love feedback from the team and community! If these ideas fit your roadmap, I’m happy to dive into technical details (e.g., Nostr EVENT tag formats for voting) or contribute via PRs.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
permissionlesstech
Uh oh!
There was an error while loading. Please reload this page.
-
Hi BitChat Team and Community,
I'm a huge fan of BitChat’s mission to deliver decentralized, privacy-first communication through Bluetooth Mesh and Nostr integration. Having explored the app (v1.3.1 on iOS, v1.1.0 on Android) and analyzed its network behavior, I’d like to share a few feature suggestions to bolster security, improve GeoHash channel usability, and tackle potential bot issues in chats. These ideas aim to make BitChat even more robust and user-friendly, especially for GeoHash-based communication.
1. User-Level Traffic Obfuscation for Nostr Connections
Problem: The traffic to Nostr relays (used for GeoHash chats when internet is available, introduced in v1.2.0 for iOS and extended in Android v1.1.0) lacks obfuscation, which could expose metadata like IP addresses or message patterns. This is critical for users in high-risk scenarios relying on BitChat’s privacy promises.
Proposal:
Add random packet padding or dummy messages to obscure traffic patterns, preventing analysis attacks.
This would strengthen BitChat’s privacy model, especially for out-of-mesh communication, and align with its permissionless design.
2. Enhanced GeoHash Channel Management with Encrypted Local Storage
Problem: GeoHash-based location channels (introduced in v1.3.0 for iOS, supported in Android v1.1.0) are a powerful feature, but navigating and saving them is cumbersome without a dedicated UI.
Proposal:
Add a user interface to bookmark favorite GeoHash channels (e.g., u4pru for a 5x5 km area) in a dedicated "Channels" tab.
Store this list locally in an encrypted SQLite database or JSON file, using Noise Protocol keys (as adopted in v1.1 for iOS) for security.
This would streamline access to frequently used channels and enhance UX for users moving across locations.
3. Encrypted Export/Import of Mutual Favorites List
Problem: The "mutual favorites" feature (bridged to Nostr in v1.2.0 for iOS, supported in Android v1.1.0) lacks a way to securely back up or transfer contacts across devices.
Proposal:
Enable export/import of the favorites list as an AES-256-GCM encrypted JSON file, using a user-provided passphrase or derived from the Noise Protocol keypair.
Ensure cross-platform compatibility (iOS ↔ Android) by standardizing the export format.
This would simplify device migration while keeping contact data private and secure.
**4. Decentralized Voting for User Mutes to Combat Bots: **
Open mesh networks and GeoHash channels are susceptible to bot spam, which could disrupt communication (e.g., flooding channels with irrelevant messages).
Proposal:
Implement a decentralized voting system to temporarily mute users in a channel (e.g., requiring 50%+1 of active participants’ votes).
Use Ed25519 signatures (as in Nostr’s EVENT messages) for anonymous, verifiable votes to prevent manipulation.
Example workflow: Users send a /mute @username command, signed with their pubkey, and the app aggregates votes locally to enforce the mute.
This aligns with BitChat’s P2P philosophy, empowering communities to self-moderate without centralized control.
Additional Notes
These suggestions are based on my analysis of BitChat’s current state, including its Bluetooth Mesh core, Nostr integration (NIP-17), and recent updates (iOS v1.3.1, Android v1.1.0). I’m aware of the July 2025 security concerns around the Favorites system and believe these proposals could help address similar risks while improving usability. I’d love feedback from the team and community! If these ideas fit your roadmap, I’m happy to dive into technical details (e.g., Nostr EVENT tag formats for voting) or contribute via PRs.
Beta Was this translation helpful? Give feedback.
All reactions