Nothing Chats, an iMessage app for Android, is a privacy nightmare - eviltoast
  • sbv@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    29
    ·
    1 year ago

    It’s bizarre that Sunbird touted their solution as end-to-end encrypted, when it can’t be - iMessage drops to plaintext on the Mac farm.

      • entropicdrift@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        23
        ·
        1 year ago

        While it’s a good solution, it is entirely untrue. A message is either End to End Encrypted or it is not. If the message is decrypted at any point between the sender and the intended recipient, it is definitively not End to End Encrypted.

      • SuddenlyBlowGreen@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        1
        ·
        edit-2
        1 year ago

        It’s E2EE from the sender to your Beeper server, where it’s decrypted, then re-encypted as a Matrix message.

        Then it’s not E2E encrypted.

        One end is your device, the other end is the other device. It’s only E2E encrypted if it is not decrypted until it reaches the other device.

          • Spedwell@lemmy.world
            link
            fedilink
            English
            arrow-up
            7
            ·
            1 year ago

            Sticking two E2EE tunnels together with a plaintext middleman doesn’t result in a single E2EE tunnel.

            The reason the distinction is important is because the security profile is vastly different—a compromised server leads to a compromised message—which isn’t true for actual E2EE services like a pure Matrix link.

            Side note: the first thing you should ask of a “end-to-end encrypted” product to you is “which ‘ends’ do you mean?” I’ve seen TLS advertised as E2EE before.

            • Spedwell@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              Adding: TLS is actually a pretty apt analogy here.

              You could make a chat server that just accepts plain text messages over a TLS link, and that’s basically the same security topology as with this Beeper bridge.

              But no one would call that a E2EE chat.

      • habanhero@lemmy.ca
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        E2EE means it’s End-to-End Encrypted. If it’s decrypted at any point during transit then it’s by definition not E2EE and Beeper shouldn’t be making that claim.

      • kinttach@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        It sounds like Beeper on your own server is as close as practical to E2EE as you can get given the circumstances, but the point of the term end-to-end is that there is no, nor is it possible for there to be, any way for it to be unencrypted “except for this one part”. That is the very definition of something that is not end-to-end encrypted.

    • Dandroid@dandroid.app
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      As someone who works in the tech industry, this is not surprising to me at all. Typically the people who communicate with the media and customers don’t know a single thing about tech. They don’t know what end to end encryption means. They know just know encryption is involved and they have heard the buzzword, so they repeat it.

  • CJOtheReal@ani.social
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    3
    ·
    1 year ago

    Just don’t use apple services? Force everyone to use signal or fuck off… Thats what i did.