Technology

37604 readers

451 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

alyaza@beehaw.org

TheRtRevKaiser@beehaw.org

gyrfalcon@beehaw.org

rs5th@beehaw.org

coldredlight@beehaw.org

Los@beehaw.org

SemioticStandard@beehaw.org

TheRtRevKaiser@kbin.social

remington@beehaw.org

112

Nothing Chats has already been pulled from Google Play over privacy issues (www.theverge.com)

submitted 10 months ago by throws_lemy@lemmy.nz to c/technology@beehaw.org

16 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] semi@lemmy.ml 60 points 10 months ago* (last edited 10 months ago) (6 children)

From the FAQ of the Sunbird website (the tech powering Nothing Chats):

Will the app be open source?

Some of the messaging community believes that software that is open source is more secure. It is our view that it is not. The more visibility there is into the infrastructure and code, the easier it is to penetrate it. By design, open source software is distributed in nature. There is no central authority to ensure quality and maintenance and by putting that responsibility on Sunbird, development would not be feasible. Open source vulnerabilities typically stem from poorly written code that leave gaps, which attackers can use to carryout malicious activities.

To help satisfy our own ambitious goals of providing total privacy and security, we are currently undergoing a third party audit that will validate our security, encryption and data policies and plan on receiving ISO 27001 certification after launch.

This was a huge warning sign when the first round of news about Nothing Chats came around, so I'm glad we're now getting early confirmation that security by obscurity still is a horrible idea and doesn't work

[–] Pantherina@feddit.de 21 points 10 months ago

Lol

Open source vulnerabilities typically stem from poorly written code that leave gaps, which attackers can use to carryout malicious activities.

Dont write or accept bad code then?

[–] astraeus@programming.dev 16 points 10 months ago

This is hilarious. How are we supposed to develop good software if everyone is able to show us where all the flaws are?

[–] erwan@lemmy.ml 13 points 10 months ago

It's funny, they could have said they're not going to release to open source without waving those giant red flags.

[–] azerial@lemmy.dbzer0.com 13 points 10 months ago (1 children)

Right i posted the same thing on another nothing chats thread a few days ago. It's such a bizarre statement that's just not true.

[–] semi@lemmy.ml 14 points 10 months ago* (last edited 10 months ago)

Right! The last I remember hearing the "closed source is more secure" argument was about fifteen years or so ago, so it's surprising that it is being pulled up from the dead.

[–] smeg 12 points 10 months ago (1 children)

Transparency? No, security through obscurity!

[–] scrubbles@poptalk.scrubbles.tech 8 points 10 months ago

Which is obviously what they were counting on, fingers crossed no one notices we're using http

[–] GameWarrior@discuss.online 2 points 10 months ago* (last edited 10 months ago)

I feel like I've been shilling beeper a lot recently. They may or may not read my messages but at least they open source their inferstructure and contribute to the FLOSS projects they use.