How to communicate securely and privately using a messaging app? What about BCM Messenger?

They appear to be working on allowing phone number registration. We are watching that at

I have previously looked at them a few hours ago and I really don’t believe their claims and I would advice avoiding them until they get an indepedent security audit to prove me wrong.

In case you don’t want to click, I will paste my previous comments below:


I am not looking into this further at the moment, but my previous comment from #1059:

I am worried about it being a “blockchain based messenger” which by definition means that all messages are stored forever and are also publicly available just waiting for the day, its encryption can be broken.
The privacy policy also doesn’t reassure me, I am not going to register an account without seeing it.

Q: Does BCM have a privacy policy?
You can view our detailed Privacy Policy when registering for a BCM account.

Q: Will BCM open source?
BCM is planning to open source, and we will gradually disclose source code of BCM to the public.

* https://bcm-im.com/keys_faq/index.html

Please request reopening after at least these two issues are fixed, Telegram has also been promising open sourcing their server for years.


  • BCM appears to be unavailable through F-Droid. bcmapp/bcm-android#2

  • Their git repository is as poor quality as Telegram Android. https://github.com/bcmapp/bcm-android/commits/master , they appear to use git commit as git tag so I don’t think anyone can reasonably audit their code, especially if they are going to keep up doing changes of over a thousand line in one commit.

  • They have a link to iOS app, where is its source code?

  • Their download page has MD5 checksum (broken ages ago) https://bcm.social/download.html while SHA1 (which is a step up) has been broken recently too. They also haven’t signed the hashsum that I can see.

I am not going to read their privacy policy right now, but I recommend avoiding BCM and not listing them on PrivacyTools. Based on all the times I have looked into it, I advice waiting for them to get an indepedent security audit before considering listing them again.


Personally I am actively using Signal + desktop and XMPP (Dino, Conversations) on the secure side for people especially close to me, I might not use Signal if there were better XMPP clients on iOS which one of my contacts is using and while Wire has broken my trust, I am yet to migrate my family out of it.

I forgot to add to my previous comment that I have no coding skills or ability to personally audit the software we list or that I approve (so I have a self-esteem issue about that), but I would be worried about problems that even I can spot such as the use of MD5 to verify the authenticity of the packages.

Welcome @1337n0m4d!

I agree with you on the phone number requirement, but it may be okay if you are speaking with someone with whom you would share your home address.

Reportedly, Signal is working on a way to use an email address for registration. That would be wonderful.

My bigger concern with Signal is its terms of service and how that could affect its privacy policy. (If I recall, the TOS is referenced as governing the privacy policy, but that might have changed.)

1 Like

Regarding the use of blockchain to store data, this is on their FAQ, although I don’t know if what they are saying means something good since I lack the knowledge:

• Is BCM message stored in blockchain?

No. Actually BCM IM service is not based on blockchain platform, the reason is simple: As each message is strictly encrypted, we do not see a difference between storing a message to a BCM Server and storing it to a blockchain, not to mention the efficiency of blockchain. Furthermore, it is difficult to upgrade the software in each public blockchain node whenever necessary.

However, BCM does have cryptocurrency wallet, and adopt similar technology as Blockchain:

  1. Each BCM account has a locally generated (private key, public key) pairs, and it needs to prove its validity by doing some POW job when registering itself to the platform.

  2. The unique User Id is simply the hash of account public key.

  3. One can communicate to his/her contact in a “talk to public key hash” way, very similar to “pay to public key hash” in Blockchain. – Only the owner of the public key can decrypt the content.

And regarding the opening of the source, this is on their news section, but it is kinda vague and does not clarify if all of their code has been opened or not, since the previous QA that I mentioned is still on their website:

Big News – BCM Open Source at Christmas Day!

BCM team keeps the promise and now open source BCM at https://github.com/bcmapp, the corresponding BCM release is 2.6.0, which is already available in Google Play.
Open source expresses the BCM’s communication concept, BCM will provide the most reliable and safest messenger channel and firmly maintain the communication of freedom.

2019-12-25

1 Like

Now that I re-read this part:

As each message is strictly encrypted, we do not see a difference between storing a message to a BCM Server and storing it to a blockchain, not to mention the efficiency of blockchain.

I feel like it also really ambiguous and does not explain a lot. What I understood, I think, it is that the blockchain part is a waller that it’s built-in the application -to my this is really stupid since you need to focus on two really different things at the same time and there are already options for wallets-.

I think I’m going to send them an e-mail and see if they can answer some questions, to my at least seems like an interesting project but it is kinda fishy at the same time. Does anyone would like me to ask them something in particular?

Approving Questions to Ask All Privacy Companies would be nice, but I guess that is already on your list :slight_smile:

Oh and my previous questions mainly, why are they not using git commit for one thing per commit, why they are trusting MD5 to verify package integrity and do they have plans for PGP/similar (minisign?) signing releases and where the iOS app source is.

Even if phone number (and access to address book) is not required, it is the most user friendly approach and main reason why Whatsapp and Viber succeed where others (e.g. Skype) failed. It’s the same in privacy oriented community. It is much more easier to make Signal account and chat with your contacts than using XMPP or Matrix or whatever else. E.g. even though I used email for Wire account registration (and login), I put my phone number and allowed it access to my contacts in order to find friends who also use it. And it works well. So even if it is not required, IMO phone number login/registration should be default option also in privacy messengers

The main problem I see with BCM and many others - they are phone only. And there are already many other possibilities with larger user base and less bugs. Plus, I find Android the worse OS when it comes to privacy. If we want better (mobile) OS, that respects our privacy, such as PureOS or PostmarketOS, then all those messengers are useless.

Also, adding features like crypto wallet, git, cloud storage or something to IM/VoIP program will only confuse users, be resource-hungry and most likely run as slow as … At least Keybase is like that, even though it looks great when you look at all those features

IMHO - Matrix (Riot) might be THE ONE :smiley: But I think there’s no chance it’ll ever be as popular as Signal. Not to mention WA, Viber, Telegram…

1 Like

The blockchain component of BCM as far as I understand is that it incorporates a blockchain wallet, in the same way that Keybase has a wallet for Stellar Lumens, BCM has a wallet for the crytocurrency, Ethereum I think.

According to Github the android version is opensource, but not the iOS version.

I understand the data is encrypted however, do you really believe that the NSA is not able to crack Curve25519, AES-256 or HMAC-SHA256? The NSA most likely already has at least one quantum computer as they were already working on this since 2014 according to Snowden https://www.scmp.com/news/world/article/1396962/nsa-trying-build-superfast-quantum-computer-says-snowden

It may feel like an ad post but it is a genuine attempt to get the community to explore this messenger and to verify its claims.

It’s good that someone from here has already looked at BCM, however one person is not enough.

They did a presentation, albeit an extremely poor presentation by the worst public speaker i have listened to…ever at the Hack in the Box (HitB) Cyberconference https://www.youtube.com/watch?v=vJ8ihbQydJk

I’m pretty sure that since that conference, a lot of those hackers would have had a look at BCM.

I think that adding a wallet just brings more possible security breaches to the whole thing, and it is kinda useless, it conflicts with compartmentalization, also.
I guess it’s good that the Android version, and I assume that the iOS version is in progress, are open source, but I think that the servers are closed source. I’m not saying they are not going to release it but I will wait some time until someone with more experience can say it’s safe to use.

This is going in a certain conspiracy way, I know there’s a chance that this may be true, but we don’t have proofs about it, and at the same time I think that if it could be cracked then some white or black hat hackers would have find out too, things like WannaCry make you understand that group of hackers wit not so many resources have a lot of power too.
Still, until we can verify such claims we must treat this encryption protocols as secure.

Thanks for the welcome Liz.
Personally I also see nothing wrong with a phone number, but, it should not be the only way to signup. Wire had the option of email registration and phone. Privacy messengers need to be privacy orientated and take a hard stance on the issue of discoverable information.

Signal is not working on an email registration option, but it has been proposed for several years, opened in 2014 according to github and closed with no resolution in April 2018

Another issue I just found while searching the for the developer of Signal, Moxie, is that the NSA most likely has a backdoor implanted

They use the same encryption as Signal

Ease of use or privacy focus. The dilema. If you market yourself as a privacy messenger then I would hope that this is the priority when designing the app and that ease of use is a secondary priority.

Phone only is one way to reduce complexity as there is no need to sync between different devices, which also reduces attack vectors.

i not know Curve25519 but at least i know AES256 and also i know the power of it depends on your password so maybe they cracked it but maybe because owner of it added silly password ? i mean try to add strong random password and try crack it ?


NOTE: im not fighting with you im just thinking out loud with you.

Integrating an opensource wallet that has already been tested and vetter should not be an issue. I am not a coder so I haven’t looked into their Git, but, if everything is encrypted on the phone, I don’t see a problem. Just as a side note, the crypto wallet i think is just an extra feature. A person who seriously wants to use a crypto wallet for ERC20 etc, will use a proper wallet like Atomic or Exodus etc.

I don’t think it is a conspiracy theory to presume that the NSA has the capabilities to crack various encryption schemes using a quantum computer that they may or may not have, but even without, they have massive amounts of computer power at their disposal.

To assume that the NSA does not, is foolish in my opinion. Also, you would have to doubt that Snowden is telling the truth as he is the one who made the statement. However it is just easier for the NSA to force 9 and 14 eyes nations to install backdoors into their programs rather than trying to intercept and crack encryption.

https://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_print.html

On conspiracies, people who said in the pre-Snowden leaks that the NSA was spying on their comms and intercepting telecom data were also called conspiracy theorists.

1 Like

I thought there was a new push to create an email registration option. Maybe I was wrong. Thanks for the info.

Also check out the TOS here. There is one section that really bugs me – especially since the privacy policy says “Please also read our Terms which also governs the terms of this Privacy Policy.” Here’s an excerpt from the TOS:

SIGNAL DOES NOT WARRANT THAT ANY INFORMATION PROVIDED BY US IS ACCURATE, COMPLETE, OR USEFUL…

Basically, the company could be outright lying about everything and not be culpable. I’m not saying that’s the case, but it’s concerning. Maybe they have to have cover in case the U.S. government requires them to work on its behalf?

Here is another interesting article about Signal and the shutdown LibreSignal that was killed by Moxie

This issue is written in broken English, the person who wrote it says again and again that someone saw Moxie accepting a bride and that’s their proof, then references some articles about Signal (where it is praised) and they say the contrary. This is straightforward conspiracy theory or schizophrenia.

Ease of use or privacy focus. The dilema. If you market yourself as a privacy messenger then I would hope that this is the priority when designing the app and that ease of use is a secondary priority.

Then again, use Briar, which requires zero trust on anyone but you and your receiver and masks your traffic through Tor, but it lacks a lot of features so good luck with convincing people on using it.

Integrating an opensource wallet that has already been tested and vetter should not be an issue. I am not a coder so I haven’t looked into their Git, but, if everything is encrypted on the phone, I don’t see a problem. Just as a side note, the crypto wallet i think is just an extra feature. A person who seriously wants to use a crypto wallet for ERC20 etc, will use a proper wallet like Atomic or Exodus etc.

AFAIK combining two kinds of different software into one makes it difficult to stay up to date and it could add a security flaw, since something that could affect one may affect the other.

I don’t think it is a conspiracy theory to presume that the NSA has the capabilities to crack various encryption schemes using a quantum computer that they may or may not have, but even without, they have massive amounts of computer power at their disposal.

If I’m not wrong quantum computers aren’t still a thing so I don’t think we should worry about it, and when the time comes quantum computers will also be able to create stronger encryption.

To assume that the NSA does not, is foolish in my opinion. Also, you would have to doubt that Snowden is telling the truth as he is the one who made the statement. However it is just easier for the NSA to force 9 and 14 eyes nations to install backdoors into their programs rather than trying to intercept and crack encryption.

I’m not saying it is not possible, but we don’t have proves, stating as if we were 100% certain is nothing but FUD, which could lead to conspiracy theories, which could lead to backfire against privacy advocates. Also, could you support you statement about Snowden? I’m interested on that.

https://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_print.html

On conspiracies, people who said in the pre-Snowden leaks that the NSA was spying on their comms and intercepting telecom data were also called conspiracy theorists.

I know that, I have read about the topic and watched documentaries and such, but still we need to work on what we do know, we can’t go over there theorizing about what the NSA can do, about which encryption methods still work or not as if they were the only attacker and group of people who dedicate their time on such things.

Yes, I agree with you, that post is an opinionated rant with no validity.

I did, I love it. The only problem is that it is not available for my friends who use an iPhone…yet.

Sorry, but IBM released a commercially viable Quantum supercomputer back in 2018. Seeing that IBM have made so much progress, one can assume more progress for the NSA. Of course we don’t know but, the NSA would never make such an achievement or capability public knowledge as it would compromise their security.

Quantum resistant encryption algorithms already exist, but when will they be incorporated into the likes of private messengers? Perhaps when it is already too late.

There is a big difference between a conspiracy theory that is based on conjecture, prejudice and no evidence, and a viable possibility based on evidence. Before Snowden leaks, there was no evidence to support the people that believed that the NSA was spying on everyone and collecting their data. Hence it was a conspiracy theory. Once Snowden provided evidence to support these peoples claims, it was not. The NSA and their encryption capabilities may appear like a conspiracy theory, but we have certain pieces of evidence, namely public record albeit it old, data about their vast supercomputer facilities as well as evidence from the likes of Snowden that they were interested in Quantum computers back in 2014. We do not know their full capabilities due to the secret act, however we can extrapolate their capabilities, knowing what we know as well as the fact that Quantum computers that are operational are real, thanks to Google and IBM.

I suppose we will need to wait and see.