this post was submitted on 06 Jul 2024

484 points (94.6% liked)

Privacy

30829 readers

1078 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

484

Signal under fire for storing encryption keys in plaintext on desktop app (stackdiary.com)

submitted 1 month ago by [email protected] to c/[email protected]

258 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (2 children)

Alternative headline: Someone has a feature request for Signal which would be of interest to a few people with very specific security needs.

[–] [email protected] 8 points 1 month ago

You mean the types of people who would use signal to communicate with others?

[–] [email protected] 5 points 1 month ago (1 children)

It's not a bad feature to ensure that eg if there's a malicious process running on your computer it can't send all your signal data to whomever

[–] [email protected] 1 points 1 month ago (1 children)

Needing to enter a secure passphrase each time you want to use signal in exchange for one more fragile layer of defence for that one part of your data in a scenario that would normally mean you've already lost unless you're running a super-secure compartmentalized operating system like qubes or something is probably not worth it for most people.

[–] [email protected] 2 points 1 month ago (3 children)

I already enter a passphrase every time I want to use Signal; I use the Molly client on my phone. It's really not a big deal. I also enter a passphrase every time I launch my password manager, every time I launch my two-factor authentication app on my phone, and every time I open my email client. I think it's fairly standard to protect sensitive data on your computer with encryption at rest and to decrypt it upon launching the application that handles the data.

[–] [email protected] 6 points 1 month ago* (last edited 1 month ago) (1 children)

It’s really not a big deal

For most casual users, it is a deal-breaker. And it's hard to get everyday people to use your software with roadblocks like that.

every time I open my email client.

You must not get email very often, this is absolutely a non-starter for me.

[–] [email protected] 2 points 1 month ago

For most casual users, it is a deal-breaker. And it’s hard to get everyday people to use your software with roadblocks like that.

That's fair enough, but the way the mobile app works is that you can opt in to having encryption at rest with a passphrase, so if you want to leave your signal database unencrypted you can.

You must not get email very often, this is absolutely a non-starter for me.

Once you open it you can leave it open if you need notifications. Sometimes I leave it open, sometimes I just want to check my emails and then close it. Idk, I really think typing in a password for authentication/decryption regularly is such a non-issue, like for instance do you not regularly type in a password when you run a command with sudo? Again, if it's opt-in I also don't see the issue, except for the issue of allowing people to not encrypt their Signal data thus potentially compromising the people they're messaging, but obviously that issue is currently universal for Signal desktop.

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago) (2 children)

Huh. I would've thought most desktop users just leave it running all day long like I do. Obviously there is the disk encryption passphrase at boot, adding another one for signal would in my case be redundant.

But the point is not only how easy it is to enter a passphrase, but also how much security that actually gains you. I don't think it does much on the typical desktop, be it windows or linux, where there are so many ways to escalate or persist privilege for anyone that has user-level access.

[–] [email protected] 5 points 1 month ago

I would’ve thought most desktop users just leave it running all day long like I do.

They do. OP is not a normal user.

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (1 children)

Obviously there is the disk encryption passphrase at boot, adding another one for signal would in my case be redundant.

I also have full disk encryption, but I still have some databases on my disk encrypted because I decrypt my disk when I boot my computer. But yeah if you have Signal open (& its db decrypted) all the time it would probably be minimal. I don't have Signal open all the time though, only when I want to check messages or am actively using it

I don’t think it does much on the typical desktop, be it windows or linux, where there are so many ways to escalate or persist privilege for anyone that has user-level access.

The point would be encryption, even the root user wouldn't be able to read encrypted data if they don't have the passphrase

[–] [email protected] 3 points 1 month ago

If you have root, intercepting all the user's keystrokes is trivial.

[–] [email protected] 0 points 1 month ago (1 children)

This has nothing to do with the mobile app, which also has password/biometric unlocking, it's about the desktop electron app.

[–] [email protected] 2 points 1 month ago (1 children)

I know. I never said it was about the mobile app?

[–] [email protected] -2 points 1 month ago (1 children)

You did but it says "desktop" right in the page title.

[–] [email protected] 2 points 1 month ago (1 children)

I'm now genuinely not sure what you're saying. I did what? I said it was about the mobile app? I didn't say it was about the mobile app?

[–] [email protected] -2 points 1 month ago* (last edited 1 month ago) (1 children)

If I'm not mistaken you were talking about how things work "on my phone" but I suppose you had in mind that the principle would apply to desktop as well.

In practice it does somewhat come down to how well containerized and locked-down the environment is, so I think the difference does matter. Android for instance sucks in very many ways, but it's somewhat reliable in usually keeping apps from interfering with each other. There are a few desktops that try to do that, but they're still not too popular I think. Desktop users are used to having full control of everything. Seems to me the pervasive compartmentalization of everything (it wouldn't be sufficient for the purposes we're talking about to put only Signal in a secure container) is accepted as necessary on mobile devices mostly because so many of the apps are terrible.

[–] [email protected] 4 points 1 month ago

If I’m not mistaken you were talking about how things work “on my phone” but I suppose you had in mind that the principle would apply to desktop as well.

Yes, I was using it as a comparator as an example as to why it's not a big deal to type a password every time you open an app, which I don't think is any different between mobile and desktop.