Email or username:

Password:

Forgot your password?
10 comments
Normal :jo_2: :v_enby:

@AgathaSorceress

> Forward secrecy? This doesn't exist.

Smh cancel culture strikes again, forward secrecy is cancelled 😔

Normal :jo_2: :v_enby:

@AgathaSorceress why they fuck are they asking 5 dollars a month for an app that supposedly doesn't use servers

Normal :jo_2: :v_enby:

@AgathaSorceress

> Looks like I accidentally breached Converso's user database. The users collection, which is open to the internet and publicly accessible, contains the registration details for every Converso user.

oh my FUCKING GOD

how can you fail this hard

just how

holy-

Normal :jo_2: :v_enby:

@AgathaSorceress

> Phone numbers, registration timestamps, and the identifiers of groups they're in (i.e. who is talking to who).

*chokes*

Normal :jo_2: :v_enby:

@AgathaSorceress

> selfDestruct: <time-to-live>, // optional

this HAS to be a joke

Normal :jo_2: :v_enby:

@AgathaSorceress

> So private keys are being backed up to Seald's servers, encrypted with user passwords.

(Passwords are user IDs)

@julialuna I swear to god I was just joking, holy fuck, what the fuck

Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna

> "How were you able to decompile the source code of the app and what do you think should be done to protect against that in the future?"

*tired sigh*

Normal :jo_2: :v_enby: replied to Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna

> "May we know what you do and where you are located? Thank you."

mmmyes, mob boss tactics, or simply classist corporate "are you worth our time with your status" brainworm

Normal :jo_2: :v_enby: replied to Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna

> "The vulnerability with Firebase rules have been patched and you are welcome to test it out. The other vulnerability of preset decryption keys has been implemented on our side, we are only waiting to get new credentials so that existing users will be reauthenticated. However, all existing messages sent with the old decryption keys are protected by firebase rules so they still cannot be read by outside parties."

...I, what?

"We have closed the door"

...okay, have you fixed the vulnerabilities? Have you nuked your app and started over? Is this just a "oh shit this must go away" manoeuvre?

Honestly this doesn't astonish me, this gets me super angry, because these fuckers are getting away with it by patching their largest hole while saying that fixed the thousands of leaks in their Swiss cheese ship

I'm just tired, what the fuck

@AgathaSorceress @julialuna

> "The vulnerability with Firebase rules have been patched and you are welcome to test it out. The other vulnerability of preset decryption keys has been implemented on our side, we are only waiting to get new credentials so that existing users will be reauthenticated. However, all existing messages sent with the old decryption keys are protected by firebase rules so they still cannot be read by outside parties."

Normal :jo_2: :v_enby: replied to Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna honestly after reading this I'm just so fucking tired

This app gets away with 0 scrutiny while it fails every security practice while doing a backflip, and matrix gets condemned to hell when E2EE is a little weaker than assumed

(And even then, people are working hard to fix that weakness right now, while this app just hides their mistakes)

Jesus fucking Christ, it doesn't even compare, even matrix's security is a thousand times better than this glorified piece of shit, while it gets dumped because it's not perfect enough. Meanwhile this goes through and is recommended to a lot of people through misleading advertisement tactics

I love Capitalism and FOSS culture (not)

@AgathaSorceress @julialuna honestly after reading this I'm just so fucking tired

This app gets away with 0 scrutiny while it fails every security practice while doing a backflip, and matrix gets condemned to hell when E2EE is a little weaker than assumed

(And even then, people are working hard to fix that weakness right now, while this app just hides their mistakes)

Go Up