• Ghostalmedia@lemmy.world
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    4
    ·
    1 year ago

    Given Nothing and Sunbird’s small marketshare, I assumed Apple was probably going to let Sunbird slide. Now I hope they bring the hammer down.

    E2EE is one of the main points of iMessage. Security minded iMessage users are not going to feel comfortable if a Sunbird user is on the other end.

    Sunbird / Nothing needed to play this very carefully. Users are giving them their iCloud credentials and are technically giving them the ability to view encrypted comms, documents, photos, password wallets, health records, etc.

    Shit like this is unacceptable.

    • KrummsHairyBalls@lemmy.ca
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      11
      ·
      1 year ago

      E2EE is one of the main points of iMessage. Security minded iMessage users are not going to feel comfortable if a Sunbird user is on the other end.

      You could say the same about RCS. Apple’s implementation of RCS next year will not have e2ee, at least not at first.

      Can’t wait to lose my RCS e2ee thanks to Apple.

      • LifeInOregon@lemmy.world
        link
        fedilink
        English
        arrow-up
        20
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Google only allows E2EE between its own app, though, because there is no E2EE in RCS yet.

        You can’t send a message from Google’s RCS supporting app to another RCS app or platform and utilize E2EE.

        What Apple’s asking for is to have a standard encryption for RCS rather than a 3rd party implementation.

      • Ghostalmedia@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Yeah, to be fair, the current state of encryption has been one of the major grievances with RCS.

        The fact that Apple is pushing for a more universal E2E standard, and having Google onboard for it, is a good thing for everyone.

        Also, those unencrypted messages will be called on their clients. Messages on Android gets the no lock icon, and Messages in Apple’s ecosystem gets green bubbles.

        This Sunbird thing is some bullshit because people think it’s encrypted, and it isn’t. Unencrypted comms are getting blue bubbled.

    • Ghostalmedia@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      1 year ago

      E2E encryption is one of the main points of iMessage.

      Giving your iCloud credentials to someone that isn’t Apple is already kind of shady. They needed the security around this product to be bullet proof. I don’t know why anyone would be quick to trust Sunbird after this.

    • CameronDev@programming.dev
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      2
      ·
      1 year ago

      Probably a privacy policy issue? Its okay to do stuff in plaintext, but the privacy policy must make that clear.

      • breadsmasher@lemmy.world
        link
        fedilink
        English
        arrow-up
        16
        ·
        1 year ago

        Literally from their FAQ

        Are my messages secure? Yes, Nothing Chats is built on Sunbird’s platform and all Chats messages are end-to-end encrypted, meaning neither we nor Sunbird can access the messages you’re sending and receiving.

        And regardless, if they removed this line and added privacy policy like “we do not encrypt messages and can read them whenever we like” should kill their entire platform.

      • sanpo@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        No, read the article. App claimed to be end-to-end encrypted, it was anything but.

      • Ghostalmedia@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        Yeah, but what about the other user who’s texting a sunbird client and thinks everything is E2E encrypted?

        • Apollo2323@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          5
          ·
          edit-2
          1 year ago

          Security and privacy minded people dont use iMessage and not even an iPhone. The ecosystem is so close that you don’t know what’s going on behind just Apple.

          • Ghostalmedia@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            1 year ago

            Do you have anything substantive to say around E2EE encryption on iMessage?

            The whole point of E2EE is so that a middle man, including the Apple, cannot read it. Apple has been very publicly opposed to providing encryption backdoors that could be accessed by Apple, law enforcement, etc. Backdoors usually get sniffed out and become widespread security vulnerabilities.

              • Ghostalmedia@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                2
                ·
                1 year ago

                That’s not how E2EE works. If they did have a back door, that would eventually get exploited and we’d all learn about it.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    This is the best summary I could come up with:


    Nothing has pulled the Nothing Chats beta from the Google Play store, saying it is “delaying the launch until further notice” while it fixes “several bugs.” The app promised to let Nothing Phone 2 users text with iMessage, but it required allowing Sunbird, who provides the platform, log into users’ iCloud accounts on its own Mac Mini servers, which… isn’t great?

    The removal came after users widely shared a blog from Texts.com showing that messages sent with Sunbird’s system aren’t actually end-to-end encrypted — and that it’s not hard to compromise it.

    The app launched in beta yesterday after being announced earlier this week.

    9to5Google pointed to a thread from site author Dylan Roussel, who found that part of Sunbird’s solution involves decrypting and transmitting messages using HTTP to a Firebase cloud-syncing server and storing them there in unencrypted plain text.

    Roussel posted that the company itself has access to messages because it logs them as errors using Sentry, a debugging service.

    Sunbird claimed yesterday that HTTP is “only used as part of the one-off initial request from the app notifying back-end of the upcoming iMessage connection.”


    The original article contains 282 words, the summary contains 187 words. Saved 34%. I’m a bot and I’m open source!