- Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2.
- These have now been fixed, and we have not seen evidence of them being exploited in the wild. All of the critical vulnerabilities require cooperation from a malicious homeserver to be exploited.
- Please upgrade immediately in order to be protected against these vulnerabilities.
- Clients with other encryption implementations (including Hydrogen, ElementX, Nheko, FluffyChat, Syphon, Timmy, Gomuks and Pantalaimon) are not affected; this is not a protocol bug.
- We take the security of our end-to-end encryption extremely seriously, and we have an ongoing series of public independent audits booked to help guard against future vulnerabilities. We will also be making some protocol changes in the future to provide additional layers of protection.
- This resolves the pre-disclosure issued on September 23rd.
No two users can claim the same addresses on the platform ensuring that there is no cross-attestation. Additionally, if a user removes an address or wallet, that address cannot be re-attested for at least 60-days.
Block (formerly Square) will be manufacturing their upcoming hardware wallet in Austin, Texas. This post highlights the process they took when making this decision.
No one other than the intended recipient can read transmitted messages, not even Threema as the service operator. It’s not required to provide any personal data whatsoever: If so desired, Threema can be used completely anonymously, i.e., without disclosing one’s phone number or email address.