Compared to intermediaries like Nothing and Beeper, iMessage is fort Knox.
And don’t get me wrong, I don’t trust Apple with a proprietary messaging app that only runs on a proprietary set of operating systems. But in theory, at least, their messaging protocol is sound-ish, and allegedly people have audited it and the server. So theoretically, unless iOS itself is insecure (and Apple has some incentive to make it that way) iMessage is at least moderately secure.
But this… From the outset, it was basically a known factor that you handed over your keys to some random company, they received and decrypted these otherwise encrypted messages, and then they sent them to you. In a best case scenario, they have all your stuff, but they picky promise to delete it.
If you’re security is as good as a pinky promise, then using the worst possible encryption to transfer your most important secrets should be a death knell for trusting the Nothing developers, and the white label solution they yanked up the shelf and slapped their brand onto.
It makes me question how serious the whole operation is.
Beeper is pretty good with it, as they make it clear that it’s insecure and use an encrypted protocol to get the messages to the server. Still, it’s better to host your own (which Beeper lets you do, as it’s just Matrix) or not use it.
Compared to intermediaries like Nothing and Beeper, iMessage is fort Knox.
And don’t get me wrong, I don’t trust Apple with a proprietary messaging app that only runs on a proprietary set of operating systems. But in theory, at least, their messaging protocol is sound-ish, and allegedly people have audited it and the server. So theoretically, unless iOS itself is insecure (and Apple has some incentive to make it that way) iMessage is at least moderately secure.
But this… From the outset, it was basically a known factor that you handed over your keys to some random company, they received and decrypted these otherwise encrypted messages, and then they sent them to you. In a best case scenario, they have all your stuff, but they picky promise to delete it.
If you’re security is as good as a pinky promise, then using the worst possible encryption to transfer your most important secrets should be a death knell for trusting the Nothing developers, and the white label solution they yanked up the shelf and slapped their brand onto.
It makes me question how serious the whole operation is.
Your security is actually worse than a pinky promise in that case because you also have to consider that they could be hacked.
Beeper is pretty good with it, as they make it clear that it’s insecure and use an encrypted protocol to get the messages to the server. Still, it’s better to host your own (which Beeper lets you do, as it’s just Matrix) or not use it.