Bridgefy included both sender and receiver long-term identifiers on every message; Albrecht et al. found this unsafe and the deployed security upgrades proved insufficient, leaving Bridgefy unable to provide anonymity. Firechat similarly transmits long-term public user IDs with every message, uniquely identifying accounts to every recipient in the mesh.
From 2025-kamali-anix — Anix: Anonymous Blackout-Resistant Microblogging with Message Endorsing
· §2.2
· 2025
· Symposium on Security \& Privacy
Implications
Long-lived static identifiers embedded in broadcast message headers are a categorical anonymity failure in mesh settings; any production-grade mesh circumvention app must generate per-message ephemeral sender tokens rather than reusing account-level keys.
Security patches that preserve long-term identifier structures are unlikely to achieve anonymity; identity management must be redesigned from the data model up, not bolted on after deployment.