![]() I'm sure an intrepid security researcher with some free time can find some interesting around their RichTextBox usage )Īnyway, it sure would be nice if y'all restored the AUTHORS. However, in terms of code-quality, the new features are implemented very amateurishly and almost certainly contain bugs if not outright security and or privacy vulnerabilities. I did not find anything actively malicious (eg backdoors, broken crypto, etc). I may make a future post outlining the sketchy things found, but the takeaway is don't use Speek.App if you care about your anonymity and safety. I have created a separate branch with additional (increasingly snarky) comments in the git commit messages here: You can find this branch in my own github repo with Speek.App's original commit messages here:įor the aforementioned turbo-nerds: I did restore the submodule relationship to libfmt and tor in my branches.įinally, I went through and audited the source (and it did not disappoint). Ok, so the other day I rebased Speek.App onto the aforementioned commit and restored the entire git history. Copying and pasting breaks this link so the version of tor in the Speek.App repo is now several months old We include these external dependencies as a git submodule, which is basically a soft-link to an external git repo to make it easy to update versions (for instance if we need a new feature or if there has been a critical bug-fix). Side note (you can skip this paragraph if you're not a turbo-nerd): a side effect of this approach is that they have essentially copied all of the source of (a now old) version of tor (which Ricochet-Refresh uses for ed25519 encryption primitives) and the fmt library (which we use for debug logging, only enabled by a compile-time flag not set in our official releases). I'll leave it to the community to speculate as to whether this is due to maliciousness or incompetence. Instead, the Speek.App team essentially copy+pasted the code into a new git repo, and made a v large 'initial commit'. So, the normal way of going about this is to create a clone of a git repo, and start a new branch with your commits on top. So despite their omissions, Speek.App is based off of Ricochet-Refresh as best as I can figure commit 56b33faa70337a812b57f8f19f8475af282eb6c0 from October 21: Github: web: AppImageHub: MacStore: WinStore: We want to create the best privacy messenger out there!įor more information please check out the following links: Please check it out and send us your feedback. ![]() We also already have versions in the Mac Store, Windows Store and on AppImageHub and we also want to release versions for Android and iOS. We are also working on multiple new features like: Emoji support, better file sharing and image sharing, multiple identities, backing up identities, password protection and much more is planned. ![]() The old Ricochet was not very attractive for most users and we think that it is important to onboard as many people as possible, because privacy becomes a bigger topic everyday (banning of E2E encryption, client side banning, etc.). Our main goal is to create a user friendly messenger based on Ricochet. The messenger is of course open-source and available on GitHub. ![]() We are developing a privacy messenger that is based on the good old Ricochet messenger ( (software)). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |