Regardless of political belief, why on Earth would anyone not use Signal? These people are just shooting themselves in the foot now.
Freedom Chat reminds me of messengers like Telegram and xChat; they’re exploiting people who don’t know better and follow opinions blindly.
Daigle, who published his findings in a blog post, told TechCrunch it was possible to enumerate the phone numbers of close to 2,000 users who had signed up to use Freedom Chat since it launched. Daigle said Freedom Chat’s servers allowed anyone to flood it with millions of phone number guesses to determine if a user’s phone number was stored on the servers.
Per Daigle, this technique is identical to one described by the University of Vienna in research last month, where academics scraped data on some 3.5 billion user accounts who signed up to WhatsApp by matching billions of phone numbers against WhatsApp’s servers.
Daigle also found Freedom Chat was leaking users’ PIN codes. Using an open source network traffic inspection tool to analyze the data going in and out of the app, Daigle saw that the app would respond with the PIN codes of every other user in the same public channel — even if the PINs weren’t visible to users within the app itself.
According to Daigle, anyone who was in the default Freedom Chat channel, which users are automatically subscribed to when they first sign up, had their PIN broadcast to everyone else in the channel. Daigle told TechCrunch that knowledge of a person’s PIN could allow someone to open the app from a user’s stolen device.
In an app store update published Sunday, Freedom Chat noted: “A critical reset: A recent backend update inadvertently exposed user PINs in a system response. No messages were ever at risk, and because Freedom Chat does not support linked devices, your conversations were never accessible; however, we’ve reset all user PINs to ensure your account stays secure. Your privacy remains our top priority.”