🆕 Software Suggestion | BCM #1641
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1641
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Basic Information
Name: BCM - Blockchain Messenger
Category: Real Time Communication
URL: https://github.com/bcmapp, https://bcm.social/index.html
Description
A supposedly secure and private messenger. Uses 256 AES encryption and apparently blockchain. Does not require an account to use
I am aware this has been suggested before before the source code was available and when their privacy policy was hard to access. It is now open source (linked above). Privacy Policy: https://bcm.social/license/policy.html (Available from app and website)
They collect info from 3rd parties, couldn't that be a bad thing?
I do not really like there privacy policy that much, for me something I wont use!
Could be. The only data they seem to collect is "information about how many users are active in the products and what feature they use more", which doesn't seem too bad.
I am not looking into this further at the moment, but my previous comment from #1059:
git commit
asgit tag
so I don't think anyone can reasonably audit their code, especially if they are going to keep up doing changes of over a thousand line in one commit.I am not going to read their privacy policy right now, but I recommend avoiding BCM and not listing them on PrivacyTools. Based on all the times I have looked into it, I advice waiting for them to get an indepedent security audit before considering listing them again.
The messages are not stored in the blockchain at all. The underlying server infrastructure runs on blockchain, and blockchain tokens are used as "payment" for the BCM app to interact with the servers. These payments are strictly transactional, they allow the BCM app to send and receive messages. The actual messages themselves never interact with the blockchain.
For details you can read chapter 7 of their whitepaper, and specifically sections 7.3.3 and 7.4.1.
https://arxiv.org/abs/1812.08017
BCM is dead.
https://postimg.cc/3dWTwGmp
reupload on GitHub in case the link goes down. I am a bit surprised about this development, but I guess this is good news so I don't have to post the same critique every time someone mentions it although it would probably have been preferable if they had fixed the complaints instead.