this post was submitted on 19 Nov 2023
177 points (97.3% liked)

Android

17663 readers
179 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

πŸ”—Universal Link: !android@lemdro.id

πŸ’‘Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

πŸ’¬Matrix Chat

πŸ’¬Telegram channels / chats

πŸ“°Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 1 year ago
MODERATORS
ijeff@lemdro.id
ladfrombrad@lemdro.id
Paradox@lemdro.id
multimoon@lemdro.id
mikestevens@lemdro.id
Devgard@lemmy.world
limerod@reddthat.com
Netrunner@lemdro.id
177
Nothing Chats, an iMessage app for Android, is a privacy nightmare (9to5google.com)
submitted 11 months ago by ijeff@lemdro.id to c/android@lemdro.id
21 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] sbv@sh.itjust.works 46 points 11 months ago (2 children)

It's bizarre that Sunbird touted their solution as end-to-end encrypted, when it can't be - iMessage drops to plaintext on the Mac farm.

[–] helenslunch@feddit.nl 15 points 11 months ago (6 children)

Well not sure about Sunbird. Beeper advertises this also but it's not entirely untrue. It's E2EE from the sender to your Beeper server, where it's decrypted, then re-encypted as a Matrix message. But it's all open source so you can see what's going on.

You can get around this vulnerability by hosting your own Beeper server.

[–] entropicdrift@lemmy.sdf.org 38 points 11 months ago (2 children)

While it's a good solution, it is entirely untrue. A message is either End to End Encrypted or it is not. If the message is decrypted at any point between the sender and the intended recipient, it is definitively not End to End Encrypted.

[–] helenslunch@feddit.nl -2 points 11 months ago (2 children)

While it's a good solution, it is entirely untrue.

It's not though. It's still encrypted from beginning to end. It just changes encryption in the middle.

[–] entropicdrift@lemmy.sdf.org 6 points 11 months ago

You can't change encryption in the middle without decrypting, however briefly.

[–] Railcar8095@lemm.ee 2 points 11 months ago

It’s encrypted at the beginning and at the end, but NOT from beginning to end.

[–] habanhero@lemmy.ca 20 points 11 months ago

E2EE means it's End-to-End Encrypted. If it's decrypted at any point during transit then it's by definition not E2EE and Beeper shouldn't be making that claim.

[–] skullgiver@popplesburger.hilciferous.nl 17 points 11 months ago* (last edited 11 months ago)

[This comment has been deleted by an automated system]

[–] helenslunch@feddit.nl 3 points 11 months ago (1 children)

Now you're back to "all of my messages can be stolen if a server gets hacked" again

Except you're not because your decrypted messages aren't stored anywhere.

[–] skullgiver@popplesburger.hilciferous.nl 1 points 11 months ago* (last edited 11 months ago)

[This comment has been deleted by an automated system]

load more comments (-1 replies)
[–] SuddenlyBlowGreen@lemmy.world 7 points 11 months ago* (last edited 11 months ago) (1 children)

It's E2EE from the sender to your Beeper server, where it's decrypted, then re-encypted as a Matrix message.

Then it's not E2E encrypted.

One end is your device, the other end is the other device. It's only E2E encrypted if it is not decrypted until it reaches the other device.

[–] helenslunch@feddit.nl -4 points 11 months ago

Yes. It is.

[–] Sjy@lemm.ee 2 points 11 months ago* (last edited 11 months ago) (1 children)

How does one host their own beeper server?

Edit: found it

[–] dandroid@dandroid.app 8 points 11 months ago

As someone who works in the tech industry, this is not surprising to me at all. Typically the people who communicate with the media and customers don't know a single thing about tech. They don't know what end to end encryption means. They know just know encryption is involved and they have heard the buzzword, so they repeat it.