this post was submitted on 19 Nov 2023

513 points (97.1% liked)

Technology

58070 readers

3251 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

513

Nothing pulls its iMessage app from the Play Store following privacy disaster (www.androidpolice.com)

submitted 10 months ago by AnActOfCreation@programming.dev to c/technology@lemmy.world

67 comments fedilink hide all child comments

Nothing Chats, a rival to apps like Beeper and AirMessage, advertised itself as a secure platform for sending messages to iMessage users.

However, less than 24 hours after its launch, investigations into the app revealed that Nothing Chats logged every message in plain text and stored unencrypted data, including text messages, images, videos, and more, making it a significant privacy and security risk.

The company removed the app from the Play Store following these complaints, citing "several bugs" that need fixing.

top 50 comments

sorted by: hot top controversial new old

[–] HonorIsDead@lemmy.world 101 points 10 months ago (2 children)

This imploded so quickly I'm impressed

[–] Ghostalmedia@lemmy.world 44 points 10 months ago (1 children)

I think they actually got more press for fucking it up than launching it.

[–] bus_factor@lemmy.world 15 points 10 months ago

Can confirm, I never heard of them before this post.

[–] Quexotic@infosec.pub 14 points 10 months ago* (last edited 10 months ago) (2 children)

"That nothing, hold my beer!"

-Elon Musk, probably

[–] Beetschnapps@lemmy.world 3 points 10 months ago* (last edited 10 months ago)

Clearly the issue is that piss poor security practices hate free speech.

[–] clgoh@lemmy.ca 2 points 10 months ago

We hear enough about Musk. There's no need to bring him up where it's not relevant.

[–] SeaJ@lemm.ee 74 points 10 months ago (3 children)

What crackhead thought it would be a good idea to store all of that unencrypted?

[–] Ghostalmedia@lemmy.world 54 points 10 months ago (1 children)

The same crackhead that thought it was a smart idea to build a business around giving iCloud credentials to a middle man.

[–] whereisk@lemmy.world 3 points 10 months ago

Insert Bilbo "after all, why shouldn't I" meme.

[–] kautau@lemmy.world 21 points 10 months ago (1 children)

The company behind the chat software, so these guys

https://www.sunbirdapp.com/

[–] corsicanguppy@lemmy.ca 9 points 10 months ago (1 children)

Are there plans for a desktop client?

Anybody with a browser is going to be able to use Sunbird. The messages will synchronize. A big challenge has been synchronizing without them storing the data but we got it right. The web app will synchronize with the Sunbird app. Bottom line... Got a browser? You will be able to use Sunbird.

They already can go to hell.

The frantic fumbling to find whichever bloody tab on which bloody window is making the chime is really something I can do without. And when I DO ignore it, I'm somehow at fault.

[–] kautau@lemmy.world 6 points 10 months ago

I mean they can mostly go to hell by stating

The Sunbird servers do not store user data promoting a safe, secure, and private messaging environment. With end-to-end encrypted, conﬁdential messaging, Sunbird is fully secure and completely private.

And then literally storing unencrypted user data on their servers, doing the exact opposite of their claims.

This whole company/product comes off as a shitty cash grab from idiot techbros with little knowledge of software. Apple is going to eat them alive once the litigation starts.

[–] anon_8675309@lemmy.world 11 points 10 months ago (2 children)

I mean it’s Carl Pei, right? He’s always done stuff to get attention his products one way or another.

[–] Ghostalmedia@lemmy.world 13 points 10 months ago (1 children)

All Pei did was put a Nothing skin on Sunbird. It was Sunbird that didn’t encrypt the comms.

That said, Pei was so damn thirsty for marketing attention that Nothing obviously didn’t fully vet the security around Sunbird’s product.

[–] spiderman@ani.social 1 points 10 months ago

He should have choose a better product. Is Beeper better than Sunbird?

load more comments (1 replies)

[–] danielfgom@lemmy.world 57 points 10 months ago (6 children)

This is one of the many reasons I don't like Nothing. They are willing to put users at risk just so they can sell a few more phones.

Let me tell you Nothings strategy:

Make an extract clone of the iPhone and put some gimmick lights on it to get attention.
Make some airpod clones but make them see through to again attract attention
Try to get iMessage working on Nothing 2 (screw you if you're on Nothing 1, Apple style) to reinforce the impression you're using an iPhone.
If successful, price the Nothing 3 even higher to make it seem premium even though it's nothing special at all.
Bring features to the Nothing 3, that the Nothing 2 and Nothing 1 will never get, even though there is no reason not to give it to them too.
Repeat for Nothing 5 and every other Nothing ever. And eventually reach iPhone pricing.

In short, they are using their users just to get popular, become like Apple and get rich. Only to screw you over and make future phones super expensive.

Much like One Plus did. First you position yourself as flagship killer, and once you get a loyal following and deals with mobile carriers then you push the price sky high and give your supporters the middle finger.

Anyone who buys Nothing is a fool.

[–] narc0tic_bird@lemm.ee 11 points 10 months ago (1 children)

Do some YouTube content as the CEO that makes you look like the nice underdog.

load more comments (1 replies)

[–] dingleberry@discuss.tchncs.de 9 points 10 months ago (3 children)

Nothing is a clone of OnePlus... repeating the same strategy of OnePlus.. destined to the same fate as OnePlus.

load more comments (3 replies)

[–] Fisch@lemmy.ml 4 points 10 months ago (4 children)

Despite that, I have a Nothing Phone 1 with LineageOS and I think it's great. The iPhone like design is actually one of the reasons I bought it. Price is also very good for the hardware. What else they're doing is nothing I care about.

load more comments (4 replies)

[–] OldQWERTYbastard@lemmy.world 3 points 10 months ago

Good old fashioned enshitification.

load more comments (2 replies)

[–] starman2112@sh.itjust.works 35 points 10 months ago (1 children)

I don't even exist in the same world as the word "infosec" and even I shudder at the phrase "plain text"

[–] mayonaise_met@feddit.nl 3 points 10 months ago

And yet you post this in plain text. Interesting.

[–] pineapplelover@lemm.ee 25 points 10 months ago

Lesson learned. Cover up your tracks like Apple before you steal sensitive information.

[–] JimVanDeventer@lemmy.world 22 points 10 months ago (1 children)

This sounded like a disaster when it was first revealed they were basically relaying messages through some Macs they had lying around the office.

[–] anon_8675309@lemmy.world 18 points 10 months ago (1 children)

This is just fodder for the “android is insecure” crowd.

[–] BreakDecks@lemmy.ml 1 points 10 months ago

Yeah, the apps on iPhones never steal or mishandle your data. /s

[–] CatTrickery@lemmy.world 14 points 10 months ago (1 children)

I love how the marketing for this was absolutely everywhere. It wasn't anything new. It just tried and failed to reinvent the wheel that was matrix bridges.

[–] miss_brainfart@lemmy.ml 1 points 10 months ago

And even Matrix Bridges aren't perfect either

[–] donut4ever@sh.itjust.works 12 points 10 months ago* (last edited 10 months ago) (1 children)

LMAO, who would have thunk it? That was a very desperate attempt to make some sales. I noped it the second I learnt that they were using a mac mini somewhere to log people's iclouds. That was the most pathetic thing I have seen in a while.

[–] Inktvip@lemm.ee 2 points 10 months ago

Nog defending this practice at all, but a fun little fact is that if you get a Mac instance on AWS (and other cloud providers) It's literally a normal mac mini in a rack enclosure.

[–] Kidplayer_666@lemm.ee 10 points 10 months ago

Só, sketchy idea, took around 2 days to be completely dismantled?

[–] 9thSun@midwest.social 10 points 10 months ago

Just watched a SomeOrdinaryGamers video about this a couple days ago. Muta gave Nothing too much credit saying the texts etc would probably be encrypted. But lol "plain text". They crazy for that.

[–] Overlock@sopuli.xyz 10 points 10 months ago

There's Nothing to see here.

[–] woshang@lemmy.world 8 points 10 months ago* (last edited 10 months ago) (3 children)

[–] smileyhead@discuss.tchncs.de 3 points 10 months ago* (last edited 10 months ago) (1 children)

Ah yes, what we need is another chat app, but this time with bundled badly done social media and cloud storage.

load more comments (1 replies)

load more comments (2 replies)

[–] mo_lave@reddthat.com 7 points 10 months ago

Nothing pulls its iMessage app from the Play Store following privacy disaster

i.e. something pulled its iMessage app from the Play Store following privacy disaster

[–] SmoothIsFast@citizensgaming.com 5 points 10 months ago (2 children)

Any open source way to relay imessage from your own Mac to an android if one was so inclined?

[–] havokdj@lemmy.world 6 points 10 months ago (1 children)

Airmessage

[–] fne8w2ah@lemmy.world 2 points 10 months ago

Or BlueBubbles

[–] smileyhead@discuss.tchncs.de 2 points 10 months ago

There is a iMessage<>Matrix bridge available. https://github.com/mautrix/imessage

load more comments