hngopher.com

       [HN Gopher] Nothing Chats, an iMessage app for Android, is a pri...
       ___________________________________________________________________
        
       Nothing Chats, an iMessage app for Android, is a privacy nightmare
        
       Author : raybb
       Score  : 14 points
       Date   : 2023-11-19 21:08 UTC (1 hours ago)
        
 (HTM) web link (9to5google.com)
 (TXT) w3m dump (9to5google.com)
        
       | terramex wrote:
       | > Will the app be open source?
       | 
       | > Some of the messaging community believes that software that is
       | open source is more secure. It is our view that it is not. The
       | more visibility there is into the infrastructure and code, the
       | easier it is to penetrate it. By design, open source software is
       | distributed in nature. There is no central authority to ensure
       | quality and maintenance and by putting that responsibility on
       | Sunbird, development would not be feasible. Open source
       | vulnerabilities typically stem from poorly written code that
       | leave gaps, which attackers can use to carryout malicious
       | activities.
       | 
       | > https://www.sunbirdapp.com
       | 
       | Wow. I can understand not making app open source due to business
       | model but that explanation is something else, mother of all red
       | flags.
        
       | type_Ben_struct wrote:
       | Good write up: https://texts.blog/2023/11/18/sunbird-security/
        
       | nemothekid wrote:
       | How could this app possibly be E2EE? They would need to decrypt
       | the message in order to forward it to Apple.
        
         | duskwuff wrote:
         | > How could this app possibly be E2EE?
         | 
         | The promise was, implicitly, that Nothing (terrible name) had
         | reimplemented enough of the iMessage encryption architecture to
         | replicate it on an Android phone. If that had been the case,
         | there's no reason they couldn't have made it end-to-end
         | encryption, just like Apple's implementation of iMessage is.
         | 
         | The reality is that they lied. It's not clear that there was
         | any encryption involved beyond standard TLS and (possibly?) at-
         | rest encryption in Firebase. None of this adds up to E2EE.
        
       | dancemethis wrote:
       | That's so bad it's almost as bad as discord.
        
       ___________________________________________________________________
       (page generated 2023-11-19 23:01 UTC)