netchami,

I was sure that something like this would happen, but I’m really impressed by how quickly it happened.

flop_leash_973, (edited )

Shady service turns out to be insecure and shady. I’m shocked. The real take away from this is if Nothing thought this was a good idea, what other horrible things have they done to their ROM we haven’t found out about yet.

Chinzon,

Hmm, tracks. I will continue using nothing from them

CJOtheReal,

Just don’t use apple services? Force everyone to use signal or fuck off… Thats what i did.

HeartyBeast,
@HeartyBeast@kbin.social avatar

You fucked off?

JeeBaiChow,

E2ee, except when we have to switch protocols. Trust us bro.

sbv,

It’s bizarre that Sunbird touted their solution as end-to-end encrypted, when it can’t be - iMessage drops to plaintext on the Mac farm.

helenslunch,

Well not sure about Sunbird. Beeper advertises this also but it’s not entirely untrue. It’s E2EE from the sender to your Beeper server, where it’s decrypted, then re-encypted as a Matrix message. But it’s all open source so you can see what’s going on.

You can get around this vulnerability by hosting your own Beeper server.

entropicdrift,
@entropicdrift@lemmy.sdf.org avatar

While it’s a good solution, it is entirely untrue. A message is either End to End Encrypted or it is not. If the message is decrypted at any point between the sender and the intended recipient, it is definitively not End to End Encrypted.

helenslunch,

While it’s a good solution, it is entirely untrue.

It’s not though. It’s still encrypted from beginning to end. It just changes encryption in the middle.

entropicdrift,
@entropicdrift@lemmy.sdf.org avatar

You can’t change encryption in the middle without decrypting, however briefly.

Railcar8095,

It’s encrypted at the beginning and at the end, but NOT from beginning to end.

habanhero,

E2EE means it’s End-to-End Encrypted. If it’s decrypted at any point during transit then it’s by definition not E2EE and Beeper shouldn’t be making that claim.

skullgiver, (edited )
@skullgiver@popplesburger.hilciferous.nl avatar

deleted_by_author

    •
    helenslunch,

    Now you’re back to “all of my messages can be stolen if a server gets hacked” again

    Except you’re not because your decrypted messages aren’t stored anywhere.

    skullgiver, (edited )
    @skullgiver@popplesburger.hilciferous.nl avatar

    deleted_by_author

    •
    helenslunch,

    Good points all around

    SuddenlyBlowGreen,

    It’s E2EE from the sender to your Beeper server, where it’s decrypted, then re-encypted as a Matrix message.

    Then it’s not E2E encrypted.

    One end is your device, the other end is the other device. It’s only E2E encrypted if it is not decrypted until it reaches the other device.

    helenslunch,

    Yes. It is.

    Spedwell,

    Sticking two E2EE tunnels together with a plaintext middleman doesn’t result in a single E2EE tunnel.

    The reason the distinction is important is because the security profile is vastly different—a compromised server leads to a compromised message—which isn’t true for actual E2EE services like a pure Matrix link.

    Side note: the first thing you should ask of a “end-to-end encrypted” product to you is “which ‘ends’ do you mean?” I’ve seen TLS advertised as E2EE before.

    Spedwell,

    Adding: TLS is actually a pretty apt analogy here.

    You could make a chat server that just accepts plain text messages over a TLS link, and that’s basically the same security topology as with this Beeper bridge.

    But no one would call that a E2EE chat.

    Sjy, (edited )

    How does one host their own beeper server?

    Edit: found it

    helenslunch,

    github.com/beeper/self-host

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • [email protected]
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • oklahoma
  • Socialism
  • KbinCafe
  • TheResearchGuardian
  • SuperSentai
  • feritale
  • KamenRider
  • All magazines
    •