They appear to be working on allowing phone number registration. We are watching that at
I have previously looked at them a few hours ago and I really don’t believe their claims and I would advice avoiding them until they get an indepedent security audit to prove me wrong.
In case you don’t want to click, I will paste my previous comments below:
I am not looking into this further at the moment, but my previous comment from #1059:
I am worried about it being a “blockchain based messenger” which by definition means that all messages are stored forever and are also publicly available just waiting for the day, its encryption can be broken.
Q: Will BCM open source?
BCM is planning to open source, and we will gradually disclose source code of BCM to the public.
Please request reopening after at least these two issues are fixed, Telegram has also been promising open sourcing their server for years.
BCM appears to be unavailable through F-Droid. bcmapp/bcm-android#2
Their git repository is as poor quality as Telegram Android. https://github.com/bcmapp/bcm-android/commits/master , they appear to use
git tagso I don’t think anyone can reasonably audit their code, especially if they are going to keep up doing changes of over a thousand line in one commit.
They have a link to iOS app, where is its source code?
Their download page has MD5 checksum (broken ages ago) https://bcm.social/download.html while SHA1 (which is a step up) has been broken recently too. They also haven’t signed the hashsum that I can see.
Personally I am actively using Signal + desktop and XMPP (Dino, Conversations) on the secure side for people especially close to me, I might not use Signal if there were better XMPP clients on iOS which one of my contacts is using and while Wire has broken my trust, I am yet to migrate my family out of it.