Privacy

30753 readers

933 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

474

Signal under fire for storing encryption keys in plaintext on desktop app (stackdiary.com)

submitted 1 month ago by [email protected] to c/[email protected]

258 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 53 points 1 month ago (2 children)

That applies to pretty much all desktop apps, your browser profile can be copied to get access to all your already logged in cookie sessions for example.

[–] [email protected] 11 points 1 month ago

IIRC this is how those Elon musk crypto livestream hacks worked on YouTube back in the day, I think the bad actors got a hold of cached session tokens and gave themselves access to whatever account they were targeting. Linus Tech Tips had a good bit in a WAN show episode

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago) (1 children)

And there are ways to mitigate this attack (essentially the same as a AiTM or pass-the-cookie attacks, so look those up). Thus rendering your argument invalid.

Just because "something else might be insecure", doesn't in any way imply "everything else should also be insecure as well".

[–] [email protected] 3 points 1 month ago (1 children)

It is the same concept. Once your machine is pwded you are screwed

[–] [email protected] 2 points 1 month ago (1 children)

That's all hinges on the assumption that your computer is pwned. Which is wrong

You don't necessarily have to have privileged access to read files or exfiltrated information.

That point doesn't matter anyways though because you're completely ignoring the risk here. Please Google "Swiss cheese model". Your comment is a classic example of non-security thinking.... It's the same comment made 100x in this thread with different words

Unless you can list out all possible risks and exploits which may affect this issue, then you are not capable of making judgement calls on the risk itself.

[–] [email protected] 1 points 1 month ago (1 children)

You act as though you somehow have more knowledge than everyone else. They problem is that you don't understand encryption and permissions. You can't just magically make something unreadable by programs with the same permission level. If you encrypt it there will need to be a key to decrypt it. That can could conceivably be encrypted with a password but that would require someone to enter a password. If they don't enter a password they key will be stored plain text so anyone could easily decrypt your messages. Programs running as a user have the same permissions as that user. Does that make sense? You can't just make something selectively unreadable with the current security model. I guess you could try to implement some sort or privileged daemon but that would open up more issues than it solved.

I would have a problem if Signal claimed that the desktop messages were encrypted at rest. However, they don't make any such claim. If you are concerned about security I would recommend running everything in virtual machines and flatpaks. This way the chances of something misbehaving in a way that causes harm is minimized.

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago)

I'm not claiming some grand level of knowledge here. I also cannot enumerate all risks. The difference is that I know that I don't know, and the danger that poses towards cognitive biases when it comes to false confidence, and a lack of effective risk management. I'm a professional an adjacent field, mid way into pivoting into cybersecurity, I used to think the same way, that's why I'm so passionate here. It's painful to see arguments and thought processes counter to the fundamentals of security & safety that I've been learning the past few years. So, yeah, I'm gonna call it out and try and inform.

All that crap said:

And you are right, the problem gets moved. However, that's the point, that's how standardization works, and how it's supposed to work. It's a force multiplier, it smooths out the implementation. Moving the problem to the OS level means that EVERYONE benefits from advanced in Windows/Macos/Linux. Automatically.

It's not signal's responsibility, it shouldn't be unless that's a problem they specifically aim to solve. They have the tools available to them already, electron has a standardized API for this, secureStorage. Which handles the OS interop for them.

I'm not arguing that signal needs to roll their own here. The expectation is that they, at least, utilize the OS provided features made available to their software.