[icy]

Looks like Nothing is partnering with a US-based third party called Sunbird to build this service. From Sunbird’s site (https://sunbirdapp.com):

> Will the app be open source?

> Some of the messaging community believes that software that is open source is more secure. It is our view that it is not. The more visibility there is into the infrastructure and code, the easier it is to penetrate it. By design, open source software is distributed in nature. There is no central authority to ensure quality and maintenance and by putting that responsibility on Sunbird, development would not be feasible. Open source vulnerabilities typically stem from poorly written code that leave gaps, which attackers can use to carryout malicious activities.

Not sure I’d be willing to trust them with my Apple ID credentials.

[daeros]

I take the opposite view, look no further than all the security holes in Microsoft Windows compared to Linux which is more difficult to actually maliciously hack that windows.

Security by obscurity has failed every time it's been attempted. every. time.

[PrimeMcFly]

> I take the opposite view, look no further than all the security holes in Microsoft Windows compared to Linux which is more difficult to actually maliciously hack that windows.

Honestly this is a bad example, given the Linux kernel maintainers shitty attitude towards security bugs, and that Windows these days does have a good security design and has had since Vista/7.

[jtriangle]

Not to mention exploits for actively maintained open source projects don't last very long, and patches tend to work the first time.

[zahrc]

Comment from another poster (https://news.ycombinator.com/user?id=pokey96) down below

> From other sites, it seems it uses a Mac Mini in a server room as a proxy for iMessage to accomplish this, with the massive drawback of having to provide Nothing your Apple ID credentials.

No thanks, I’m good.

[cassianoleal]

> Open source vulnerabilities typically stem from poorly written code that leave gaps, which attackers can use to carryout malicious activities.

So in their minds, closing the source automatically leads to well written code? And conversely, if they decide to open their (presumably well-written and secure) code in the future, it will somehow magically turn into poorly written and exploitable code? smh

[0xd1r]

This reiterates the same fallacious argument large corporations use to put one over open-source. And since it sounds plausible to the layman, it is parroted by them. Quite shocking to see another example out and about.

[idle_zealot]

How gross and disingenuous. If they want to keep their source proprietary to create a moat then just say so. Lying about open source software being shoddy and insecure just totally puts me off.

[charcircuit]

They are not wrong that it is easier to penetrate open source software, but in regards to a messaging app security is not a big issue due to the most risky stuff being handled by platform provided api and mobile operating systems having a modern security model.

[jtriangle]

What a crock of shit