Hacker Talks
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
piratepost@poliverso.org to Privacy@lemmy.ml · 2 years ago

Testing a new encrypted messaging app's extraordinary claims: this unofficial audit on the #Converso app looks like a book of horrors…!

poliverso.org

external-link
message-square
5
link
fedilink
0
external-link

Testing a new encrypted messaging app's extraordinary claims: this unofficial audit on the #Converso app looks like a book of horrors…!

poliverso.org

piratepost@poliverso.org to Privacy@lemmy.ml · 2 years ago
message-square
5
link
fedilink

How I accidentally breached a nonexistent database and found every private key in a ‘state-of-the-art’ encrypted messenger called Converso

@privacy

But wait – it gets much, much worse

As I was finishing up the above post, I noticed something a little strange in the code – something I’d glossed over earlier. There are a ton of references to what looks to be functions related to Google’s #Firestore database.

#Converso

Using the Seald credentials from the app's code, plus a random user's phone number and user ID from Converso's public database

  • TheAnonymouseJoker@lemmy.mlBanned
    link
    fedilink
    arrow-up
    0
    arrow-down
    2    ·
    edit-2
    1 year ago

    Removed by mod

    • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍@midwest.social
      link
      fedilink
      arrow-up
      0      ·
      2 years ago

      It’s not about metadata exchange, but metadata exposure.

      Two of those platforms use self-hosted node servers. Behind a VPN with multiple customers, this is virtually untraceable. And certainly far less easily traced than by giving away your cell phone number to a company.

      • TheAnonymouseJoker@lemmy.mlBanned
        link
        fedilink
        arrow-up
        0
        arrow-down
        2        ·
        edit-2
        1 year ago

        Removed by mod

Privacy@lemmy.ml

privacy@lemmy.ml

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacy@lemmy.ml

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

  • Lemmy.ml libre_culture
  • Lemmy.ml privatelife
  • Lemmy.ml DeGoogle
  • Lemmy.ca privacy

much thanks to @gary_host_laptop for the logo design :)

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 525 users / day
  • 1.97K users / week
  • 4.64K users / month
  • 15.7K users / 6 months
  • 2 local subscribers
  • 40.6K subscribers
  • 3.8K Posts
  • 99.9K Comments
  • Modlog
  • mods:
  • k_o_t@lemmy.ml
  • tmpod@lemmy.pt
  • Yayannick@lemmy.ml
  • ranok@sopuli.xyz
  • UI: unknown version
  • BE: 0.19.12
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org