Technology

34382 readers

526 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago

MODERATORS

MinutePhrase@lemmy.ml

Nothing Chats has already been pulled from Google Play after reports that Sunbird sends messages in plain text (www.theverge.com)

submitted 9 months ago by MazonnaCara89@lemmy.ml to c/technology@lemmy.ml

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[–] floofloof@lemmy.ca 8 points 9 months ago* (last edited 9 months ago)

Well that took even less time than we all expected.

[–] autotldr@lemmings.world 7 points 9 months ago

This is the best summary I could come up with:

Nothing has pulled the Nothing Chats beta from the Google Play store, saying it is “delaying the launch until further notice” while it fixes “several bugs.” The app promised to let Nothing Phone 2 users text with iMessage, but it required allowing Sunbird, who provides the platform, log into users’ iCloud accounts on its own Mac Mini servers, which... isn’t great?

The removal came after users widely shared a blog from Texts.com showing that messages sent with Sunbird’s system aren’t actually end-to-end encrypted — and that it’s not hard to compromise it.

The app launched in beta yesterday after being announced earlier this week.

9to5Google pointed to a thread from site author Dylan Roussel, who found that part of Sunbird’s solution involves decrypting and transmitting messages using HTTP to a Firebase cloud-syncing server and storing them there in unencrypted plain text.

Roussel posted that the company itself has access to messages because it logs them as errors using Sentry, a debugging service.

Sunbird claimed yesterday that HTTP is “only used as part of the one-off initial request from the app notifying back-end of the upcoming iMessage connection.”

The original article contains 282 words, the summary contains 187 words. Saved 34%. I'm a bot and I'm open source!

[–] Bitrot@lemmy.sdf.org 6 points 9 months ago* (last edited 9 months ago)

The removal came after users widely shared a blog from Texts.com showing that messages sent with Sunbird’s system aren’t actually end-to-end encrypted — and that it’s not hard to compromise it.

End to end encryption means my device encrypts it and yours decrypts it. Their bridge will never be able to support this, it has to decrypt it in the middle to transfer to and from the other service. At the very best, when their implementation isn’t slipshod, you have to trust them when they say they ignore all the (hopefully temporary) plain text data that is passing through their bridge.