• OsrsNeedsF2P@lemmy.ml
    7·
    2 years ago

    Unfortunately, Converso is not open source and their website is totally silent on cryptographic primitives and protocols

    The most insane part is this somehow wasn’t the worst part in the article

    A quick look at Seald’s homepage answers many questions. Seald is a drop-in SDK for app developers to integrate end-to-end encryption ‘into any app in minutes’.

    LOOOOL

    Not only does Converso include a Google Analytics tracker to record how you use the app

    This is an encryption app that claims to not even have metadata, btw

    As I was finishing up the above post, I noticed something a little strange in the code – something I’d glossed over earlier. There are a ton of references to what looks to be functions related to Google’s Firestore database.

    As someone who integrates Firebase for work, this made me tremble

    I wrote a few lines of code to see what would happen if I tried to pull from the users collection:

    No way

    Looks like I accidentally breached Converso’s user database

    I quit

    It turns out the Seald username is the user’s phone number, and the encryption password is just their user ID.

    HOW IS IT GETTING WORSE???