Email or username:

Password:

Forgot your password?
All posts Agatha (gpnvq: VISION3 500T)'s posts Post Back to profile
Top-level
Normal :jo_2: :v_enby:

@AgathaSorceress

> Phone numbers, registration timestamps, and the identifiers of groups they're in (i.e. who is talking to who).

*chokes*

11 May 2023 at 9:56 | Wall-to-wall | Open on tech.lgbt
6 comments
Normal :jo_2: :v_enby:

@AgathaSorceress

> selfDestruct: <time-to-live>, // optional

this HAS to be a joke

11 May 2023 at 9:58 | Open on tech.lgbt
Normal :jo_2: :v_enby:

@AgathaSorceress

> So private keys are being backed up to Seald's servers, encrypted with user passwords.

(Passwords are user IDs)

@julialuna I swear to god I was just joking, holy fuck, what the fuck

11 May 2023 at 10:00 | Open on tech.lgbt
Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna

> "How were you able to decompile the source code of the app and what do you think should be done to protect against that in the future?"

*tired sigh*

11 May 2023 at 10:03 | Open on tech.lgbt
Normal :jo_2: :v_enby: replied to Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna

> "May we know what you do and where you are located? Thank you."

mmmyes, mob boss tactics, or simply classist corporate "are you worth our time with your status" brainworm

11 May 2023 at 10:04 | Open on tech.lgbt
Normal :jo_2: :v_enby: replied to Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna

> "The vulnerability with Firebase rules have been patched and you are welcome to test it out. The other vulnerability of preset decryption keys has been implemented on our side, we are only waiting to get new credentials so that existing users will be reauthenticated. However, all existing messages sent with the old decryption keys are protected by firebase rules so they still cannot be read by outside parties."

...I, what?

"We have closed the door"

...okay, have you fixed the vulnerabilities? Have you nuked your app and started over? Is this just a "oh shit this must go away" manoeuvre?

Honestly this doesn't astonish me, this gets me super angry, because these fuckers are getting away with it by patching their largest hole while saying that fixed the thousands of leaks in their Swiss cheese ship

I'm just tired, what the fuck

@AgathaSorceress @julialuna

> "The vulnerability with Firebase rules have been patched and you are welcome to test it out. The other vulnerability of preset decryption keys has been implemented on our side, we are only waiting to get new credentials so that existing users will be reauthenticated. However, all existing messages sent with the old decryption keys are protected by firebase rules so they still cannot be read by outside parties."

11 May 2023 at 10:07 | Open on tech.lgbt
Normal :jo_2: :v_enby: replied to Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna honestly after reading this I'm just so fucking tired

This app gets away with 0 scrutiny while it fails every security practice while doing a backflip, and matrix gets condemned to hell when E2EE is a little weaker than assumed

(And even then, people are working hard to fix that weakness right now, while this app just hides their mistakes)

Jesus fucking Christ, it doesn't even compare, even matrix's security is a thousand times better than this glorified piece of shit, while it gets dumped because it's not perfect enough. Meanwhile this goes through and is recommended to a lot of people through misleading advertisement tactics

I love Capitalism and FOSS culture (not)

@AgathaSorceress @julialuna honestly after reading this I'm just so fucking tired

This app gets away with 0 scrutiny while it fails every security practice while doing a backflip, and matrix gets condemned to hell when E2EE is a little weaker than assumed

(And even then, people are working hard to fix that weakness right now, while this app just hides their mistakes)

11 May 2023 at 10:13 | Open on tech.lgbt
Go Up