Nicks WorldIf you are a nerd, nothing is stopping you from going into github and making end to end incription like the wizards you are.
@Lynn Ah, but you don't know what happened behind closed doors. Maybe that was planned from the start but for whatever reason it could not happen in the first release.
@NicksWorld You're right, I don't know what happened behind close doors. And if the app had a major security hole, which it did, and for all I know still does perhaps, then the only thing to do is to delay the release. This could be a real legal challenge for these folks now, and going forward. Excuses don't cut it from a legal standpoint.
@Lynn Yeah, I don't think this will end up in court. most people in the community cannot afford lawyers much less good ones who'll back the person suing. Frankly, if I were a judge, I'd dismiss this case and call it trivial.
@NicksWorld Oh, well, identity theft is not trivial. Perhaps you haven't had enough life experience yet, but you may realize that one day.
@NicksWorld So people are not bothered by this, eh? Well I'm bothered by what was done, and I don't even use the app, but then I'm bothered by lack of accountability, so let's just make it the problem of people who don't care, shall we? The blind community can be just horrid sometimes, like now, excusing negligent behavior. To me, that's the ultimate in stupidity.
@Lynn At least they fixed it. Things take time to make. Your cake in the oven does not take 15 minutes to bake for no reason. Any less and it would be a mess.
@NicksWorld @Lynn Just like you don't cut and eat the cake before it is ready, a product should not be released until it is ready.
Alex Chapman (moved to new account)@NicksWorld @fireborn Did they really? Where was that stated? Was it stated in the terms of use? My guess is no.
@Lynn @NicksWorld @fireborn It is apparently in the ReadMe, which even though it says to do so, not everybody does and that's a whole other argument but I just can't with this guy's attitude.
@NicksWorld @Lynn did they know? though? A technical user that can read the code and identify the pitfalls, yes. but there was never a mention of no e2ee in the age where it is mostly universal for chat apps, and no passworld hashing. There was also no mention that vibecoding has been used for parts of the application, including parts that handle user data. If you want people to test your product and provide meaningful feedback, then they should have all of the details to do so
@ratking @NicksWorld @Lynn In a lot of cases, they probably shouldn't. usually a beta is a bug finding and fixing cycle, so product ABIs and protocols are likely not going to shift drastically.
@fireborn @NicksWorld @Lynn Yes, and apparently I missed in all this that it is a public Alpha, but the problem is when you just throw it out there expecting everybody to know exactly what that means, which *might* even be forgiven if this guy didn't have such an attitude and maturity problem. People reported security issues and some of his responses were defensive and way harsher than was necessary. Honestly seems to me a sign of somebody that's burnt out before they've even really gotten started.
@GamingWithEars @fireborn @NicksWorld In the posts I saw over the weekend, I didn't see any mention of that. I could easily have missed that, but that brings up the question of whether people know what that means? Even in beta testing say through Test Flight of other sources, I think it is reasonable to assume the app is secure when it comes to password storage and account creation.
Personally, I feel that app should be pulled until it is ready to pass certain basic tests, especially security related ones. But there appears to be no accountability standard here, whatsoever. That is disgusting in the extreme.
@NicksWorld Right--but this should have been discovered long before release. This is not some hidden unknown flaw that the developers couldn't have expected. It's basic. So why are so many people overlooking it? I don't get that. All the developers are saying is it's fixed--no apologies, just asking people to stop talking about it. And what really bothers me beyond all that, is they're blaming the person who brought the matter out in the open. They should be thanking him. And then I read people saying ... oh, if you're upset about all this, well just take a breather from social media. And you know what, that is really a good idea--I think I need a long vacation from people like this--and I'm not even harmed by this app, and yet I care that others may have been harmed. No one knows that yet. Time will tell, if we start hearing about password unauthorized uses. And we might. Who knows?
@Lynn @NicksWorld Here's the thing. yes, missing such a flaw is bad and shouldn't have happened, but also usually that becomes a problem if it's a huge thing everyone knows about, and knows to look for that flaw too. A normal user, without tech know how wouldn't know these things. Add in it's been corrected now it's not somethign that cna be exploited now.
@ratking @NicksWorld Isn't this exactly what hackers look for? Isn't there software that can detect such things? I think it's good people know about this, and if they choose to continue to use the app, they do so knowingly.
@Lynn @NicksWorld if they see a point in trying to go for a program, yes. it takes a little time and powe rto probe most programs so they usually go for rich targets as it were.
@NicksWorld Well damn, surely if you are blind and encounter an inaccessible app, nothing is stopping you from making your own, we don't need to complain about inaccessibility. Let's just apply this beautiful logic all across the world.