How anonymous is Firechat?

Someone recently was asking how anonymous is Firechat, an iOS app that allows chatting using ad-hoc wifi connections, and that is marketed as a hyperlocal anonymous chat network.

Firechat uses Apple’s Multipeer Connectivity Framework, which in turn relies on a custom proprietary ad-hoc protocol developed by Apple. Our friends at Open Garden implement forwarding at the application layer in an attempt to overcome the limitations in the ad-hoc protocol.

A simple traffic capture of a chat session quickly revealed that messages are encrypted, but anonymity requires more than that. The metadata about the chat session is not encrypted and observable in the traffic capture. And, as our NSA friends know, metadata contains valuable information, and some claim it is even more intrusive than content itself… In this case our traffic capture reveals the real names of the session participants, the application they used to communicate as well as the duration and number of messages exchanged during the session.

As an example, see the conversation that took place between a mysterious Mr. Secret and someone else in my office.


Just scanning for Action frames from Apple (identified by their public identifier 00:17:f2) reveals that Mr. Spy is actually yours truly. I will not disclose who my chat partner was to avoid embarrassing him, but that information is also available.


Having said that, the application is really fun to use. Just be mindful about what you say to whom.

Update: By popular demand I’ve uploaded the traffic capture file here.

  • Jason Mobarak

    Maybe they’re using a different definition of “anonymous”.

  • Joe

    Where does Apple get your real name from? Is this what is associated with your Apple ID. I just shared this info on the Firechat Everyone channel and people sound surprised. There is a lot of filthy talk on the Everyone channel.

  • cozyjmob

    I believe this from the name of the phone, when you first setup an Apple device it usually asks for your name, and names the device “John Doe’s iPhone/Macbook/etc” by default.

    • Joe

      If that is the case, then the phone name is already shown above the speech bubble by default. It is possible to modify the name shown above the speech bubble in settings.

      • cozyjmob

        There are two pieces of information, one is the name of the device, the other is the name specified in the application. In this case the name specified in the application is “Mr. Spy”– the name of the device is “Javier Cardona’s iPhone”. So it’s possible to correlate the name specified in the app with the name of the device.

      • cozyjmob

        Also to note is that this only applies to the “nearby” channel in FireChat that can be captured with a proximate wireless sniffer (most off-the-shelf WiFi cards can do this).