SMS is also plain text, what’s the big deal?
Nothing Chats has already been pulled from Google Play over privacy issues
Submitted 11 months ago by AnActOfCreation@programming.dev to technology@lemmy.world
https://www.theverge.com/2023/11/18/23966781/nothing-chats-imessage-unencrypted-sunbird-plaintext
Comments
JackGreenEarth@lemm.ee 11 months ago
ChaoticEntropy@feddit.uk 11 months ago
The premise of the app is not sending plain text messages.
Ghostalmedia@lemmy.world 11 months ago
E2E encryption is one of the main points of iMessage.
Giving your iCloud credentials to someone that isn’t Apple is already kind of shady. They needed the security around this product to be bullet proof. I don’t know why anyone would be quick to trust Sunbird after this.
CameronDev@programming.dev 11 months ago
Probably a privacy policy issue? Its okay to do stuff in plaintext, but the privacy policy must make that clear.
breadsmasher@lemmy.world 11 months ago
Literally from their FAQ
Are my messages secure? Yes, Nothing Chats is built on Sunbird’s platform and all Chats messages are end-to-end encrypted, meaning neither we nor Sunbird can access the messages you’re sending and receiving.
And regardless, if they removed this line and added privacy policy like “we do not encrypt messages and can read them whenever we like” should kill their entire platform.
sanpo@sopuli.xyz 11 months ago
No, read the article. App claimed to be end-to-end encrypted, it was anything but.
autotldr@lemmings.world [bot] 11 months ago
This is the best summary I could come up with:
Nothing has pulled the Nothing Chats beta from the Google Play store, saying it is “delaying the launch until further notice” while it fixes “several bugs.” The app promised to let Nothing Phone 2 users text with iMessage, but it required allowing Sunbird, who provides the platform, log into users’ iCloud accounts on its own Mac Mini servers, which… isn’t great?
The removal came after users widely shared a blog from Texts.com showing that messages sent with Sunbird’s system aren’t actually end-to-end encrypted — and that it’s not hard to compromise it.
The app launched in beta yesterday after being announced earlier this week.
9to5Google pointed to a thread from site author Dylan Roussel, who found that part of Sunbird’s solution involves decrypting and transmitting messages using HTTP to a Firebase cloud-syncing server and storing them there in unencrypted plain text.
Roussel posted that the company itself has access to messages because it logs them as errors using Sentry, a debugging service.
Sunbird claimed yesterday that HTTP is “only used as part of the one-off initial request from the app notifying back-end of the upcoming iMessage connection.”
The original article contains 282 words, the summary contains 187 words. Saved 34%. I’m a bot and I’m open source!
Ghostalmedia@lemmy.world 11 months ago
Given Nothing and Sunbird’s small marketshare, I assumed Apple was probably going to let Sunbird slide. Now I hope they bring the hammer down.
E2EE is one of the main points of iMessage. Security minded iMessage users are not going to feel comfortable if a Sunbird user is on the other end.
Sunbird / Nothing needed to play this very carefully. Users are giving them their iCloud credentials and are technically giving them the ability to view encrypted comms, documents, photos, password wallets, health records, etc.
Shit like this is unacceptable.
KrummsHairyBalls@lemmy.ca 11 months ago
You could say the same about RCS. Apple’s implementation of RCS next year will not have e2ee, at least not at first.
Can’t wait to lose my RCS e2ee thanks to Apple.
LifeInOregon@lemmy.world 11 months ago
Google only allows E2EE between its own app, though, because there is no E2EE in RCS yet.
You can’t send a message from Googles RCS supporting app to another RCS app or platform and utilize E2EE.
What Apple’s asking for is to have a standard encryption for RCS rather than a 3rd party implementation.
Ghostalmedia@lemmy.world 11 months ago
Yeah, to be fair, the current state of encryption has been one of the major grievances with RCS.
The fact that Apple is pushing for a more universal E2E standard, and having Google onboard for it, is a good thing for everyone.
Also, those unencrypted messages will be called on their clients. Messages on Android gets the lock icon, and Messages in Apple’s ecosystem gets green bubbles.
This Sunbird thing is some bullshit because people think it’s encrypted, and it isn’t. Unencrypted comms are getting blue bubbled.