This is a most excellent place for technology news and articles.
Giving your iCloud credentials to a third party is already sketchy. It gives them the ability to read your messages, documents, health records, etc.
Nothing / Sunbird basically said “trust me bro, we’re super secure.” Then they did this right out of the gate.
What a bunch of morons.
I wholeheartedly agree with you, but in today's world, that doesn't matter to most people. I work in banking and the amount of people who willingly give their whole ass banking information to third parties is insane to me. I'm not talking like just their debit card number or their account and routing numbers, like legitimately their online banking sign in info, and they don't see any potential risk at all
It doesn't help that banks are normalizing this.
I recently began changing banks. To authorize a transfer from one to the other, my only option was to login via a popup. No place to specify account details just "log into your account to give us permissions". Fortunately the new bank is competent so I did it from that side, but it is still normalized insanity
What’s even worse is typically in the terms of those 3rd party sites, they say they can monitor your balances and transactions until you tell them to stop.
IMHO, the big fuck up is on the business side of the fence. Their product’s success rides on Apple not sicking their giant legal team on them. They needed to play this carefully. AKA, they needed to live up to the security promises.
Now they’re in the press for being an iMessage security vulnerability, and security is something Apple spends a LOT of marketing money on.
Apple is going to want to protect that image, and I wouldn’t be surprised if they come for Sunbird in the coming weeks.
They played this fast and loose, and it will probably cost them.
I used to use Privacy.com and Mint until I did some looking into Plaid. They present a login screen that looks like your bank and you assume they're doing some kind of OAuth. Nope they're just taking your full banking credentials and you have to hope they're safe. I think Plaid is a ticking time bomb. When it gets hacked a lot of people will be in trouble.
I think there is an importance nuance: it's not that most people don't care about privacy, it's that they don't realize that they in fact do.
If they ever get bitten in the ass caused by privacy issues, they are likely to share their outrage, justifiably. But yeah, most people don't realize how important privacy is or what a lack of privacy actually implies...
It's hard to train people not to shoot themselves in the foot when their own bank is providing free ammo.
My bank sent me an email this year that literally said Take our security awareness quiz and win an iphone. Click here!
Then there was one time some lady has called, claiming she has an offer from my bank, but needs to verify MY identity first... After contacting the support, I was assured the call was legit. The lady is selling insurance on behalf of the bank. Her number was supposed to be on the list of the official partners, which it wasn't. When I've asked about caller ID spoofing, they've assured me they take security seriously, and are working on a solution. Untill then, I shlould rely on the list...
All of that is still a progress though, because you'll never gues what was the official way to top up my paypal account ~10 years back. Giving my full internet banking credentials to some shady payment gateway. I've never noped the fuck out of a website so fast...
Yup, and in any sane world this sort of thing would sink Nothing as a viable and serious option for a phone OEM. If they are willing to get behind such garbage ideas what else are they doing that hasn't been dragged kicking and screaming into the light yet.
health records
What? Why? Why would you ever trust apple with such private information?
apple health/apple watch
I think very few Android users are actively part of Apple ecosystem. These are just blank accounts they create to show up in a different color on ios messages. I can give you my apple password. I created it when I was briefly issued a Mac at work 10 years ago and never used it since.
Yes but these blank accounts will cease to be blank after these users start having conversations which use the middleman. And the middleman will have access to them..
This imploded so quickly I'm impressed
I think they actually got more press for fucking it up than launching it.
Can confirm, I never heard of them before this post.
What crackhead thought it would be a good idea to store all of that unencrypted?
The same crackhead that thought it was a smart idea to build a business around giving iCloud credentials to a middle man.
I mean it’s Carl Pei, right? He’s always done stuff to get attention his products one way or another.
All Pei did was put a Nothing skin on Sunbird. It was Sunbird that didn’t encrypt the comms.
That said, Pei was so damn thirsty for marketing attention that Nothing obviously didn’t fully vet the security around Sunbird’s product.
This is one of the many reasons I don't like Nothing. They are willing to put users at risk just so they can sell a few more phones.
Let me tell you Nothings strategy:
Make an extract clone of the iPhone and put some gimmick lights on it to get attention.
Make some airpod clones but make them see through to again attract attention
Try to get iMessage working on Nothing 2 (screw you if you're on Nothing 1, Apple style) to reinforce the impression you're using an iPhone.
If successful, price the Nothing 3 even higher to make it seem premium even though it's nothing special at all.
Bring features to the Nothing 3, that the Nothing 2 and Nothing 1 will never get, even though there is no reason not to give it to them too.
Repeat for Nothing 5 and every other Nothing ever. And eventually reach iPhone pricing.
In short, they are using their users just to get popular, become like Apple and get rich. Only to screw you over and make future phones super expensive.
Much like One Plus did. First you position yourself as flagship killer, and once you get a loyal following and deals with mobile carriers then you push the price sky high and give your supporters the middle finger.
Anyone who buys Nothing is a fool.
Nothing is a clone of OnePlus... repeating the same strategy of OnePlus.. destined to the same fate as OnePlus.
I came to the OnePlus bandwagon late and now I know why my experience was so substandard even though so many people had talked them up. I was looking at the Nothing Phone and beginning to consider it because I bought a Pixel I regret and now I think I'll just stick with the phone that's paid for because they all suck. I miss my BlackJack II, Sidekick, and even my G1.
Yes, very sad when happened to One Plus but it was the plan all along. It just shows you that they know what consumers want, especially the really-into-android guys like us, yet when they get what they want in sales and brand, then they drop all that and give us the same slop as everyone else
I don't even exist in the same world as the word "infosec" and even I shudder at the phrase "plain text"
And yet you post this in plain text. Interesting.
/s
Really? Nobody did an arch review for this and figured this was going to be caught/uncovered/talked about day one?
I imagine Nothing’s Infosec team must be terrible or non-existent. Any half decent infosec team would immediately raise red flags and pull in the legal dept as soon as they heard “let’s let our customers give their iCloud credentials to a small vendor we just hired.”
Any half decent infosec team would immediately
... be over-ridden by a Chief Product Officer who says '[something something] for now' .
This sounded like a disaster when it was first revealed they were basically relaying messages through some Macs they had lying around the office.
Lesson learned. Cover up your tracks like Apple before you steal sensitive information.
Só, sketchy idea, took around 2 days to be completely dismantled?
I love how the marketing for this was absolutely everywhere. It wasn't anything new. It just tried and failed to reinvent the wheel that was matrix bridges.
LMAO, who would have thunk it? That was a very desperate attempt to make some sales. I noped it the second I learnt that they were using a mac mini somewhere to log people's iclouds. That was the most pathetic thing I have seen in a while.
Just watched a SomeOrdinaryGamers video about this a couple days ago. Muta gave Nothing too much credit saying the texts etc would probably be encrypted. But lol "plain text". They crazy for that.
There's Nothing to see here.
Any open source way to relay imessage from your own Mac to an android if one was so inclined?
Nothing pulls its iMessage app from the Play Store following privacy disaster
i.e. something pulled its iMessage app from the Play Store following privacy disaster
Ah yes, what we need is another chat app, but this time with bundled badly done social media and cloud storage.
