Email or username:

Password:

Forgot your password?
Top-level
Normal :jo_2: :v_enby:

@AgathaSorceress

> selfDestruct: <time-to-live>, // optional

this HAS to be a joke

5 comments
Normal :jo_2: :v_enby:

@AgathaSorceress

> So private keys are being backed up to Seald's servers, encrypted with user passwords.

(Passwords are user IDs)

@julialuna I swear to god I was just joking, holy fuck, what the fuck

Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna

> "How were you able to decompile the source code of the app and what do you think should be done to protect against that in the future?"

*tired sigh*

Normal :jo_2: :v_enby: replied to Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna

> "May we know what you do and where you are located? Thank you."

mmmyes, mob boss tactics, or simply classist corporate "are you worth our time with your status" brainworm

Normal :jo_2: :v_enby: replied to Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna

> "The vulnerability with Firebase rules have been patched and you are welcome to test it out. The other vulnerability of preset decryption keys has been implemented on our side, we are only waiting to get new credentials so that existing users will be reauthenticated. However, all existing messages sent with the old decryption keys are protected by firebase rules so they still cannot be read by outside parties."

...I, what?

"We have closed the door"

...okay, have you fixed the vulnerabilities? Have you nuked your app and started over? Is this just a "oh shit this must go away" manoeuvre?

Honestly this doesn't astonish me, this gets me super angry, because these fuckers are getting away with it by patching their largest hole while saying that fixed the thousands of leaks in their Swiss cheese ship

I'm just tired, what the fuck

@AgathaSorceress @julialuna

> "The vulnerability with Firebase rules have been patched and you are welcome to test it out. The other vulnerability of preset decryption keys has been implemented on our side, we are only waiting to get new credentials so that existing users will be reauthenticated. However, all existing messages sent with the old decryption keys are protected by firebase rules so they still cannot be read by outside parties."

Normal :jo_2: :v_enby: replied to Normal :jo_2: :v_enby:

@AgathaSorceress @julialuna honestly after reading this I'm just so fucking tired

This app gets away with 0 scrutiny while it fails every security practice while doing a backflip, and matrix gets condemned to hell when E2EE is a little weaker than assumed

(And even then, people are working hard to fix that weakness right now, while this app just hides their mistakes)

Jesus fucking Christ, it doesn't even compare, even matrix's security is a thousand times better than this glorified piece of shit, while it gets dumped because it's not perfect enough. Meanwhile this goes through and is recommended to a lot of people through misleading advertisement tactics

I love Capitalism and FOSS culture (not)

@AgathaSorceress @julialuna honestly after reading this I'm just so fucking tired

This app gets away with 0 scrutiny while it fails every security practice while doing a backflip, and matrix gets condemned to hell when E2EE is a little weaker than assumed

(And even then, people are working hard to fix that weakness right now, while this app just hides their mistakes)

Go Up