Does anyone know how iMessage handles this on desktop (on Macs) as they (as far as I know) upgraded their encryption recently?
Signal has so many red flags that I’m beginning to wonder if it is a honeypot.
Got some sources for that, chief?
What other red flags do you have in mind?
Signal is actively hostile to alternative clients, or decoupling from Google.
Back when the Signal org used to be called Open Whisper Systems it received grants and auditing from the Open Technology Fund which, at the time, was still a part of Radio Free Asia.
https://web.archive.org/web/20150521181458/https://www.opentechfund.org/project/open-whisper-systems
So tldr, since you didn’t finish your thought, is that they got a grant like 3+ layers down, from the US government.
I have some news for you, or perhaps I can offer you a bridge.
People are free to draw their own conclusions from it. Do you have anything material to contribute, or will you just be putting more smarmy words in my mouth from here on out?
Attack the argument, not the person.
You didn’t explain the implications of what radio free Asia is, I did. I don’t know what words I’m putting in your mouth.
The real problem is that the security model for apps on mobile is much better than that for apps on desktop. Desktop apps should all have private storage that no other non-root app can access. And while we’re at it, they should have to ask permission before activating the mic or camera.
Firejail and bwrap. Flatpaks. There are already ways to do this, but I only know of one distro that separates apps by default like Android does (separate user per app), which is the brand new “EasyOS”.
macOS has nailed it*, even though it’s still not as good as iOS or Android, but leagues and bounds better than Windows and especially Linux.
ETC: *sandboxing/permission system
What does Windows do? Genuine question, I’ve not used it since the 7 days. Regarding Linux, that’s true for stuff installed through regular package managers and whatnot, but Flatpak is pushing a more sandboxed and permission oriented system, akin to Android.
You have granular control over universal windows apps (ie windows 8+ apps) and one global lock over all desktop apps (non uwp), and one global lock over everything. It’s pretty solid considering how little control Microsoft has and it’s wonderful fetish for compatibility.
Tldr basically same as Linux, except app distribution in Linux was bad enough for so long that more stuff is in the new restricted format while windows still has tons of things which will never go away and aren’t in the sandbox. I think not finding a way to sandbox all desktop apps was a mistake.
What’s wrong with the Flatpak permissions system on Linux?
It’s a joke. Apps have defined permissions already allowed on install and some of them have too many things set to allow like home or host access. Also, changing any permission requires restarting the app. It’s heading in the right direction, but it has a looooong way to go to catch up with macOS, let alone Android and iOS.
They do sort of with Flatpak
Ah yes, another prime example that demonstrates that Lemmy is no different than Reddit. Everyone thinks they are a professional online.
Nothing sensitive should ever lack encryption especially in the hands of a third party company managing your data claiming you are safe and your privacy is protected.
No one is invincible and it’s okay to criticize the apps we hold to high regards. If your are pissed people are shitting on Signal you should be pissed Signal gave people a reason to shit on them.
If your device gets compromised, it’s no longer the company’s problem.
Where are you going to store the encryption key? At the end of the day the local machine is effectively pwded anyway
deleted by creator
I presume keys are already sort of encrypted?
Nope. Your presumption is wrong.
👍
They could just add a password
Can we please all just acknowledge that desktop operating systems absolutely suck (in regards to security)?
How is a Desktop OS any different from a mobile one? This is where you need to be more specific.
There are too many differences for me to list here, but unlike mobile operating systems, Windows and most Linux desktops do not provide sandboxed environments for userspace apps by default. Apps generally have free reign over the whole system; reading/writing data from/to other apps without restriction or notification. There are virtually no safeguards against malicious actors.
Mobile operating systems significantly restrict system-level storage space, making key areas read-only to prevent data access or manipulation. They also protect app storage, so one app can’t arbitrarily access or modify data stored for a different app.
Mobile operating systems also follow an image-based update model, wherein updates are atomic. System software updates are generally applied successfully all at once or not at all, helping to ensure your phone is never left in a partial or unusable state after a system update.
For desktop users, macOS, and atomic Linux distros combined with Flatpak are the closest comparisons.
Sure, I was aware. You have the same problem with ssh keys, gpg keys and many other things
However, you can save encrypted ssh, gpg keys and save that encryption key in the OS keyring.
Is it possible to seamlessly integrate, so when something requests those keys you’ll get a prompt?
deleted by creator
Nice, didn’t know, I’ll look into it
Yes, but you STILL need to enter password on every reboot.
So many better standards like XMPP and IRC yet people use Signal and Telegram. I hate marketing.
Signal is an objectively better experience than xmpp, and has about identical security (same with matrix). Irc isn’t secure afaik. Telegram isn’t secure afaik.
A better wish would be that people in 2024 would stop being fuckign weird about their cell number. Some people don’t want to give it out despite white pages being the standard for years (and how the Terminator knows who to kill). Other people refuse to use a messaging app where they can’t use their phone to sign up. Some people want to sign up with their number but not give it out.
This just in: threat actors compromising your devices is bad. More at 11.
Obviously the keys could be stored more securely, but if you’ve got malware on your machine that can exploit this you’ve already got bigger problems.
That’s not how this works.
This sort of “dismissive security through ignorance” is how we get so many damn security breaches these days.
I see this every day with software engineers, a group that you would think would be above the bar on security. Unfortunately a little bit of knowledge results in a mountain of confidence (see Dunning Kruger effect). They are just confident in bad choices instead.
“We don’t need to use encryption at rest because if the database is compromised we have bigger problems” really did a lot to protect the last few thousand companies from preventable data exfiltration that was in fact the largest problem they had.
Are you confident in your omnipotence in that you can enumerate all risks and attack factors that can result in data being exfiltrated from a device?
If not, then why comment as if you are?
Wire does this too :/
What is Wire?
A different encrypted messaging service. Decent, but hasn’t taken off despite using email for accounts rather than phone bonkers numbers
All these apps are going to have to understand that they MUST be compatible between each other
I mean, not really.
Which standard are they going to be forced to use? What infrastructure? What encryption? Are they going to be forced to develop apps for every platform?
The best you can hope to expect is apps using the same standard being compatible. Xmpp, matrix, whisper, whatever. Even matrix bridges don’t really fix compatibility across standards very well.
It’s nice to think that anyone anywhere, could expect to install any app and communicate with anyone else and maintain encryption as well as full privacy. But as far as anyone I’ve ever seen talk about it that’s actually trained in the technology behind it all, it isn’t possible unless there’s a single, enforced standard in use.
Does it suck to have to deal with multiple apps? Hell yes. But I also don’t like the idea of being forced to use whatever compromise protocol would make it realistic. I’d rather have a dozen apps with no single gatekeeper between them.
Isn’t this going to be enforced by the EU 3 months ago?
Don’t use Wire as it isn’t good for privacy or security
Don’t use signal as its not good for anonymity
It is better than Wire and cryptography wise it is very solid
I have three things to say:
- Everyone, please make sure you’ve set up sound disk encryption
- That’s not a suprise (for me at least)
- It’s not much different on mobile (db is unecrypted) - check out molly (signal fork) if you want to encrypt it. However encrypted db means no messages until you decrypt it.
Summary:
- Signal’s desktop app stores encryption keys for chat history in plaintext, making them accessible to any process on the system
- Researchers were able to clone a user’s entire Signal session by copying the local storage directory, allowing them to access the chat history on a separate device
- This issue was previously highlighted in 2018, but Signal has not addressed it, stating that at-rest encryption is not something the desktop app currently provides
- Some argue this is not a major issue for the “average user”, as other apps also have similar security shortcomings, and users concerned about security should take more extreme measures
- However, others believe this is a significant security flaw that undermines Signal’s core promise of end-to-end encryption
- A pull request was made in April 2023 to implement Electron’s safeStorage API to address this problem, but there has been no follow-up from Signal
Thanks ChatGPT.
Oh wow that’s quite a red flag ngl
Why? They would need access to the device
If your system is compromised to such an extend, it really doesn’t make much difference how the keys are stored at rest.
But my system is not compromised?
Did you read the article?
How do you know?
Because I check my system and I don’t even use Signal?
“checking” does not prevent anything bad from happening. and if that file were read by a malicious actor, it would likely be immediate and you’d never even notice.
Did you see that I said “I don’t use Signal”?
If the keys are accessible to any process, your system doesn’t need to be compromised. All it takes is an App that you”trust” to break that trust and snatch everything up. Meta has already been caught fucking around with other social media apps on device. They even intercepted Snapchat traffic on some users devices in order to collect that data. It could be as simple as you installed WhatsApp and they went and pillaged your Signal files.
All it takes is an App that you”trust” to break that trust
I get what you’re trying to say, but that’s something I’d classify as “compromised” as well.
For sure, just suggesting that “compromised” doesn’t necessarily mean you got hacked by someone because they tricked you into giving a password, or they scraped it from another website, or you installed something sketchy. It could be as simple as Microsoft scans all your files with AI, or Meta snoops other social media (which it has been caught doing).
So you’re saying that the os itself is compromised? Gee, good luck protecting your processes from the fucking os, no matter how you do it.
E2EE is not supposed to protect if device get compromised.
Indeed, End-to-End Encryption protects data between those ends, not ends themselves. If ends are compromised, no math will help you.
Plaintext should never be used in any application that deals with security, ever.
It doesn’t use plain text. It is end to end encrypted but that isn’t what this “issue” is
Oh no, tell that to SSH.
unless you’re reading ciphertext yourself, this doesn’t make sense
One could argue that Windows is compromised right out of the box.
Source:
Microsoft are integrating adware and spyware straight into the os.
Source:
Try setup fresh windows 11 system.
I don’t understand how that would prove anything.
A lot of tracker and spyware already mention in setup. And without bypass you cannot setup without microsoft account.
“The computer” decides when to install updates and which ones to install.
source: 93% of ransomware are windows based
99% of people in France are French
BUT WHAT OF QUEBEC
Are they in france?
Correlation is not causation.
Causation was never stated nor implied
Mfw end to end can be compromised at the end.
That said, they should fix this anyway
Intrinsically/semantically no but the expectation is that the texts are encrypted at rest and the keys are password and/or tpm+biometric protected. That’s just how this works at this point. Also that’s the government standard for literally everything from handheld devices to satellites (yes, actually).
At this point one of the most likely threat vectors is someone just taking your shit. Things like border crossings, rubber stamped search warrants, cops raid your house because your roommate pissed them off, protests, needing to go home from work near a protest, on and on.
TPM isn’t all that reliable. You will have people upgrading their pc, or windows update updating their bios, or any number of other reasons reset their tpm keys, and currently nothing will happen. In effect people would see Signal completely break and loose all their data, often seemingly for no reason.
Talking to windows or through it to the TPM also seems sketchy.
In the current state of Windows, the sensible choice is to leave hardware-based encryption to the OS in the form of disk encryption, unfortunate as it is. The great number of people who loose data or have to recover their backup disk encryption key from their Microsoft account tells how easily that system is disturbed (And that Microsoft has the decryption keys for your encrypted date).
If your device is turned on and you are logged in, your data is no longer at rest.
Signal data will be encrypted if your disk is also encrypted.
If your device’s storage is not encrypted, and you don’t have any type of verified boot process, then thats on you, not Signal.
Signal data will be encrypted if your disk is also encrypted.
True.
and you don’t have any type of verified boot process
How motherboard refusing to boot from another drive would protect anything?
Its more about protecting your boot process from malware.
Well, yes. By refusing to boot. It can’t do anything if motherboard is replaced.
Thats correct. Thats one of the many perks.
EDIT: s/do anything/prevent booting/
That’s not how this works.
If the stored data from signal is encrypted and the keys are not protected than that is the security risk that can be mitigated using common tools that every operating system provides.
You’re defending signal from a point of ignorance. This is a textbook risk just waiting for a series of latent failures to allow leaks or access to your “private” messages.
There are many ways attackers can dump files without actually having privileged access to write to or read from memory. However, that’s a moot point as neither you nor I are capable of enumerating all potential attack vectors and risks. So instead of waiting for a known failure to happen because you are personally “confident” in your level of technological omnipotence, we should instead not be so blatantly arrogant and fill the hole waiting to be used.
Also this is a common problem with framework provided solutions:
https://www.electronjs.org/docs/latest/api/safe-storage
This is such a common problem that it has been abstracted into apis for most major desktop frameworks. And every major operating system provides a key ring like service for this purpose.
Because this is a common hole in your security model.
Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.
Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.
Damn reading literacy has gone downhill these days.
Please reread my post.
But this should be an OS level protection that can be offered to Signal as an app, not the other way around.
- OSs provide keyring features already
- The framework signal uses (electron) has a built in API for this EXACT NEED
Cmon, you can do better than this, this is just embarrassing.
This shows an incredibly cavalier approach to security on the part of the team working on signal.
Moxie would be spinning in his grave if he weren’t still working there…
Moxie tried to put a crypto-coin into signal. He is not to be trusted in the slightest.
How in the fuck are people actually defending signal for this, and with stupid arguments such as windows is compromised out of the box?
You. Don’t. Store. Secrets. In. Plaintext.
There is no circumstance where an app should store its secrets in plaintext, and there is no secret which should be stored in plaintext. Especially since this is not some random dudes random project, but a messenger claiming to be secure.
If someone has access to your machine you are screwed anyway. You need to store the encryption key somewhere
Yes, in your head, and in your second factor, if possible, keeping them always encrypted at rest, decrypting at the latest possible moment and not storing (decrypted) secrets in-memory for longer than absolutely necessary at use.
How in the fuck are people actually defending signal for this
Probably because Android (at least) already uses file-based encryption, and the files stored by apps are not readable by other apps anyways.
And if people had to type in a password every time they started the app, they just wouldn’t use it.
AFAIK Android encrypts entire fs with one key. And ACL is not encryption.
Popular encrypted messaging app Signal is facing criticism over a security issue in its desktop application.
Emphasis mine.
I think the point is the developers might have just migrated the code without adjustments since that is how it was implemented before. Similar to how PC game ports sometimes run like shit since they are a close 1-1 of the original which is not always the most optimized or ideal, but the quickest to output.
Been a few days since using electron, but AFAIK electron can’t be used as a wrapper for android apps, or can it? Or is their android app a web app wrapped into a “native” android app too?
Also, since this seems to be an issue since 2018, 6 years should be plenty to rewrite using a native secure storage…
You. Don’t. Store. Secrets. In. Plaintext.
Ok. Enter password at every launch.
All your session cookies are stored in plaintext.
You. Don’t. Store. Secrets. In. Plaintext.
SSH stores the secret keys in plaintext too. In a home dir accessible only by the owning user.
I won’t speak about Windows but on Linux and other Unix systems the presumption is that if your home dir is compromised you’re fucked anyway. Effort should be spent on actually protecting access to the home personal files not on security theater.
Kinda expected the SSH key argument. The difference is the average user group.
The average dude with a SSH key that’s used for more than their RPi knows a bit about security, encryption and opsec. They would have a passphrase and/or hardening mechanisms for their system and network in place. They know their risks and potential attack vectors.
The average dude who downloads a desktop app for a messenger that advertises to be secure and E2EE encrypted probably won’t assume that any process might just wire tap their whole “encrypted” communications.
Let’s not forget that the threat model has changed by a lot in the last years, and a lot of effort went into providing additional security measures and best practices. Using a secure credential store, additional encryption and not storing plaintext secrets are a few simple ones of those. And sure, on Linux the SSH key is still a plaintext file. But it’s a deliberate decision of you to keep it as plaintext. You can at least encrypt with a passphrase. You can use the actual working file permission model of Linux and SSH will refuse to use your key with loose permissions. You would do the same on Windows and Mac and use a credential store and an agent to securely store and use your keys.
Just because your SSH key is a plaintext file and the presumption of a secure home dir, you still wouldn’t do a ~/passwords.txt.
SSH has encrypted keys
Not true, SSH keys need their passphrase to be used. If you don’t set one, that’s on you.
If someone gets access they can delete your keys, or set up something that can intercept your keys in other ways.
The security of data at rest is just one piece of the puzzle. In many systems the access to the data is considered much more important than whether the data itself is encrypted in one particular scenario.
Well yes, but also how would users react if they had to type in their passphrase every time they open the app? This is also exactly what we’re giving up everywhere else by clicking ‘remember this device’.
Come on, 95% of users don’t set passwords on their ssh keys
Where are these stays from lmao.
Counting my friends
You can count me too