❌ Software Removal | Movim serious privacy violations #1583
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1583
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
Please remove Movim from this list, serious privacy violations, does save user ip address and geo coordinates without even asking, see https://github.com/movim/movim/issues/892 - this is even more problematic as it will lead users who want to self-host into serious trouble potentially.
Also I would like to strongly suggest to at least conduct some auditing of basic (mis-)features before putting tools with such blatant privacy violations on this list. Yes, I know this is a lot of work.
I need to add that in https://github.com/movim/movim/issues/63 you can see developers of that software talking about doing "end-to-end" encryption "on the server" by PHP - what makes absolutely no sense and shows that these people have no understanding of privacy or encryption and should not do what they are doing or at least learn some very basic things before going ahead with what they are doing. This is dangerous.
@apimon did you even read #63 ? Do you think that in those pages and pages of discussions, since 2015 I'm not even aware today about this security thing ? Seriously ?
https://github.com/movim/movim/issues/63#issuecomment-253971839 => 2016
It's been years that I have pressure about this E2EE thing, years of discussions, and ideas of how to handle it. I didn't even started to implement it at the moment, didn't even expressed my plan about it and you're directly drawing conclusions. Seriously ?
Yes I'm planning to do E2EE server side, by saying it clearly to the user, and many were fine with that, because in some cases their servers is hosted at their place, or in their company and they can trust it. What is the difference security wise with a E2EE done in JS, where the JS is actually delivered by a web server that can be compromised ?
For the movim/movim#892 issue, yes it was not clearly explained, but here you didn't even noticed that this thing is actually happening on the movim.eu XMPP server, that is a totally different project than the Movim sourcecode. So yes I'll explain it clearly, but it's not related at all with Movim platform that I'm developing for 10 years.
Before doing any criticism and running everywhere maybe you should simply come talk with us and handle things more quietly.
s/quiet/calm/. It'd be ok to do it transparently, if it were presented based on facts and in a constructive manner.
Reading the linked issues and comments, if I understood correctly there are two issues:
@privacytoolsIO/editorial I vote for closing this issue.
Closing for inactivity in all associated issues and I imagine that the team has had time to see this in 8 days.