Privacy

31975 readers

445 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

483

Signal under fire for storing encryption keys in plaintext on desktop app (stackdiary.com)

submitted 4 months ago by [email protected] to c/[email protected]

258 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 32 points 4 months ago (52 children)

Why is Signal almost universally defended whenever another security flaw is discovered? They're not secure, they don't address security issues, and their business model is unsustainable in the long term.

But, but, if you have malware "you have bigger problems". But, but, an attacker would have to have "physical access" to exploit this. Wow, such bullshit. Do some of you people really understand what you're posting?

But, but, "windows is compromised right out of the box". Yes...and?

But, but, "Signal doesn't claim to be secure". Fuck off, yes they do.

But, but, "just use disk encryption". Just...no...WTF?

Anybody using Signal for secure messaging is misguided. Any on of your recipients could be using the desktop app and there's no way to know unless they tell you. On top of that, all messages filter through Signal's servers, adding a single-point-of-failure to everything. Take away the servers, no more Signal.

[–] [email protected] 35 points 4 months ago (11 children)

If someone can read my Signal keys on my desktop, they can also:

Replace my Signal app with a maliciously modified version
Install a program that sends the contents of my desktop notifications (likely including Signal messages) somewhere
Install a keylogger
Run a program that captures screenshots when certain conditions are met
[a long list of other malware things]

Signal should change this because it would add a little friction to a certain type of attack, but a messaging app designed for ease of use and mainstream acceptance cannot provide a lot of protection against an attacker who has already gained the ability to run arbitrary code on your user account.

[–] [email protected] 18 points 4 months ago* (last edited 4 months ago) (2 children)

Not necessarily.

https://en.m.wikipedia.org/wiki/Swiss_cheese_model

If you read anything, at least read this link to self correct.

This is a common area where non-security professionals out themselves as not actually being such: The broken/fallacy reasoning about security risk management. Generally the same "Dismissive security by way of ignorance" premises.

It's fundamentally the same as "safety" (Think OSHA and CSB) The same thought processes, the same risk models, the same risk factors....etc

And similarly the same negligence towards filling in holes in your "swiss cheese model".

"Oh that can't happen because that would mean x,y,z would have to happen and those are even worse"

"Oh that's not possible because A happening means C would have to happen first, so we don't need to consider this is a risk"

....etc

The same logic you're using is the same logic that the industry has decades of evidence showing how wrong it is.

Decades of evidence indicating that you are wrong, you know infinitely less than you think you do, and you most definitely are not capable of exhaustively enumerating all influencing factors. No one is. It's beyond arrogant for anyone to think that they could 🤦🤦 🤦

Thus, most risks are considered valid risks (this doesn't necessarily mean they are all mitigatable though). Each risk is a hole in your model. And each hole is in itself at a unique risk of lining up with other holes, and developing into an actual safety or security incident.

In this case

signal was alerted to this over 6 years ago
the framework they use for the desktop app already has built-in features for this problem.
- this is a common problem with common solutions that are industry-wide.
someone has already made a pull request to enable the electron safe storage API. And signal has ignored it.

Thus this is just straight up negligence on their part.

There's not really much in the way of good excuses here. We're talking about a run of the mill problem that has baked in solutions in most major frameworks including the one signal uses.

https://www.electronjs.org/docs/latest/api/safe-storage

[–] [email protected] 4 points 4 months ago (1 children)

I was just nodding along, reading your post thinking, yup, agreed. Until I saw there was a PR to fix it that signal ignored, that seems odd and there must be some mitigating circumstances on why they haven't merged it.

Otherwise that's just inexcusable.

[–] [email protected] 7 points 4 months ago

The PR had some issues regarding files that were pushed that shouldn't have been, adding refactors that should have been in separate PRs, etc...

Though the main reason is that Signal doesn't consider this issue a part of their threat model.

load more comments (8 replies)

load more comments (48 replies)