IronJumbo

joined 4 months ago
sorted by: new top controversial old
Why is Simplex calling to Google? in c/simplex@lemmy.ml
[–] IronJumbo@lemmy.world 2 points 3 days ago

I hope @epoberezkin@lemmy.ml will dispel our doubts or a member of the Simplex.chat team :(

Why is Simplex calling to Google? in c/simplex@lemmy.ml
[–] IronJumbo@lemmy.world 1 points 3 days ago (1 children)

It's not about whether the application communicates with these addresses or not. It's about the fundamental question: why are these addresses even encoded in the code of a VERY privacy-sensitive application?

My friend, in every answer you push F-Droid as a cure for all evil. There is no perfect store, F-Droid also has its problems (I wrote about it above). I am not an enemy of F-Droid (I also use it sometimes), but I will repeat: F-Droid control is insufficient (it's security theater - it's not a full audit of the source code).

Why is Simplex calling to Google? in c/simplex@lemmy.ml
[–] IronJumbo@lemmy.world 3 points 4 days ago (8 children)

When installing from Github you only trust the developer and their signed certificate key.

When installing from F-Droid you additionally also have to trust the F-Droid developer's signature.

Besides that F-droid has its own problems:

https://privsec.dev/posts/android/f-droid-security-issues/

I don't use F-Droid. I use Obtainium and additionally check signatures in AppVerifier.

https://sideofburritos.com/blog/obtainium-overview/

Why is Simplex calling to Google? in c/simplex@lemmy.ml
10
Why is Simplex calling to Google? (lemmy.world)
 

Hi

I may be wrong, but can someone help me interpret the results of this analysis correctly?

https://www.hybrid-analysis.com/sample/0a0238f85b8a559e8ab54f67920004db3a67a39bdbdbfa00075fd7d27e41dec4/672423b56b46e4feb006681d

See the Network Related section: Why does Simplex.apk have a hardcoded communication with

issuetracker.google.com

android.googlesource.com

developers.google.com

An app that is advertised as the most privacy-friendly?

All other indicators can (probably) be considered false positives (for example, the Camera permission, which is needed for video calls)

34
New vulnerabilities in VPNs (citizenlab.ca)
submitted 3 months ago* (last edited 3 months ago) by IronJumbo@lemmy.world to c/protonprivacy@lemmy.world
0 comments fedilink
 

Please clarify if ProtonVPN servers are also affected and what are the corrective actions?

https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/

24
Snooze mail - great feature, broken execution (lemmy.world)
 

Please help me vote: https://protonmail.uservoice.com/forums/284483-proton-mail/suggestions/47562803-snooze-function-also-when-conversation-grouping-is