i think i found a major security flaw with #libremone.
i can log into riot.im using the homeserver url chat.librem.one with ANYONES username and ANY RANDOM PASSWORD and ill enter the account
@purism ips can be grabbed from this. in the security & privacy section of the settings.
@rae As an update, we've fixed the bug and chat is back up. I am writing up a full report and will publish it after the development team is able to distribute a security patch of their own. Thank you for your responsible disclosure!
