Well, that was fast. In this weekend’s column, I wrote that Nothing Chats will amount to nothing. It was my typically cheery (sorry, jaded and cynical) take on countering the breezy THIS IS AMAZING narrative about how Nothing Chats would magically make iMessages work on Android.
No more green bubbles! Joy forever! Etc. This despite the company Nothing was using to enable Nothing Chats – Sunbird – being suspiciously cagey regarding anything to do with its tech and security. Hmm.
Up went the app. 24 hours later, down came the app, taking Nothing’s credibility with it. The venerable folks at Ars Technica had been frantically waving red flags about Nothing Chats, and last night presumably with a (deserved) smug grin a mile wide ran with a story that outlined how bad Nothing’s attempt to get iMessage on to your Android blower had fared.
Android developer Dylan Roussel had unearthed nothing short of a data privacy catastrophe, packed with vulnerabilities. Data stored in plain text. No end-to-end encryption, despite Sunbird’s original claims to the contrary. Documents and images stored publicly. The personal information of over 2300 users all accessible.
Some might argue we should give the Nothing folks some slack. They’re new! They were trying to do something amazing with Nothing Chats! Tech should move fast and break things! No. Naïvety is no excuse. If you’re new and unsure about something you’re working on, be more careful. ‘Move fast and break things’ is not acceptable when working with people’s personal information and data.
Will stop at Nothing
This all feels like a company believing its own press. At the very least, it points to serious problems regarding due diligence on Nothing’s part. And given the current state of tech disruptor reverence (and because people desperately wanted iMessages on Android), this incident was all horribly predictable. As is what comes next. Nothing is – astonishingly – planning to ‘bug fix’ its app and put it back online. And, yes, the term ‘bug fix’ is doing very heavy lifting in that sentence.
I reckon anyone going near Nothing Chats after this initial rollout is playing with fire. And I hope tech publications will educate readers about the inherent dangers of such products and ensure they are rock-solid before coming close to a recommendation. If nothing else, I hope you end this particular article with two clear takeaways.
The first is when a company shows what it is, believe it. Sunbird has long been cagey about security. Now we know why.
The second? I’d find it hard to trust Nothing with anything after this fiasco. It now needs to work incredibly hard to rebuild trust, not just forge ahead with Nothing Chats and hope everyone forgets the catastrophe it unleashed. The company seemingly prioritised ramping up hype over being cautious, to get a big story about Nothing. Well, it got one – just not the one it imagined.