It's bizarre that Sunbird touted their solution as end-to-end encrypted, when it can't be - iMessage drops to plaintext on the Mac farm.
this post was submitted on 19 Nov 2023
195 points (97.1% liked)
Android
17235 readers
96 users here now
The new home of /r/Android on Lemmy and the Fediverse!
Android news, reviews, tips, and discussions about rooting, tutorials, and apps.
🔗Universal Link: [email protected]
💡Content Philosophy:
Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.
Support, technical, or app related questions belong in: [email protected]
For fresh communities, lemmy apps, and instance updates: [email protected]
📰Our communities below
Rules
-
Stay on topic: All posts should be related to the Android OS or ecosystem.
-
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to [email protected].
-
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to [email protected].
-
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
-
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
-
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
-
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
-
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
-
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
-
No affiliate links: Posting affiliate links is not allowed.
Quick Links
Our Communities
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
Lemmy App List
Chat and More
founded 1 year ago
MODERATORS
Well not sure about Sunbird. Beeper advertises this also but it's not entirely untrue. It's E2EE from the sender to your Beeper server, where it's decrypted, then re-encypted as a Matrix message. But it's all open source so you can see what's going on.
You can get around this vulnerability by hosting your own Beeper server.
While it's a good solution, it is entirely untrue. A message is either End to End Encrypted or it is not. If the message is decrypted at any point between the sender and the intended recipient, it is definitively not End to End Encrypted.
E2EE means it's End-to-End Encrypted. If it's decrypted at any point during transit then it's by definition not E2EE and Beeper shouldn't be making that claim.
[This comment has been deleted by an automated system]
Now you're back to "all of my messages can be stolen if a server gets hacked" again
Except you're not because your decrypted messages aren't stored anywhere.
[This comment has been deleted by an automated system]
Good points all around
It's E2EE from the sender to your Beeper server, where it's decrypted, then re-encypted as a Matrix message.
Then it's not E2E encrypted.
One end is your device, the other end is the other device. It's only E2E encrypted if it is not decrypted until it reaches the other device.
Yes. It is.
Sticking two E2EE tunnels together with a plaintext middleman doesn't result in a single E2EE tunnel.
The reason the distinction is important is because the security profile is vastly different—a compromised server leads to a compromised message—which isn't true for actual E2EE services like a pure Matrix link.
Side note: the first thing you should ask of a "end-to-end encrypted" product to you is "which 'ends' do you mean?" I've seen TLS advertised as E2EE before.
Adding: TLS is actually a pretty apt analogy here.
You could make a chat server that just accepts plain text messages over a TLS link, and that's basically the same security topology as with this Beeper bridge.
But no one would call that a E2EE chat.
As someone who works in the tech industry, this is not surprising to me at all. Typically the people who communicate with the media and customers don't know a single thing about tech. They don't know what end to end encryption means. They know just know encryption is involved and they have heard the buzzword, so they repeat it.
Shady service turns out to be insecure and shady. I’m shocked. The real take away from this is if Nothing thought this was a good idea, what other horrible things have they done to their ROM we haven’t found out about yet.
E2ee, except when we have to switch protocols. Trust us bro.
Just don't use apple services? Force everyone to use signal or fuck off... Thats what i did.
You fucked off?
Hmm, tracks. I will continue using nothing from them
I was sure that something like this would happen, but I'm really impressed by how quickly it happened.