this post was submitted on 02 Oct 2023
40 points (91.7% liked)

Privacy

31939 readers
675 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

As I noted within my post, #[email protected] (alternate link), URL thumbnail generation in Element is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:

In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.


Post Edit History

2023-10-02T00:54Z
1c1,2
< As I noted within my post #[email protected] ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server.
***
> As I noted within my post #[email protected] ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
> > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

2023-10-02T01:28Z
1,2c1,2
< As I noted within my post #[email protected] ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
< > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room. 
***
>  As I noted within my post, #[email protected] ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
> > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

2023-10-02T03:44Z
1c1
< As I noted within my post, #[email protected] ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
***
> As I noted within my post, #[email protected] ([alternate link](https://lemm.ee/post/9955859)), URL thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:

Post Signature

ul7mHTfs8xA/WWwNTVQ9HzKfj/b+xw+q9csWf60OJrT58jMJpmsX8/BicwFodR8W
Llo93EMtboSUEtYZ+wQhaL/HmrEr6arup7gJzZgslOBWPFj5azADHSpjX9RYuvpt
Fk2muTUgJP2e+SW3BGDPmlcluw6mQOYcap84Fdc1eU47LOZprBXob97qInMK5LrL
tzNqARRtXGdogZtQYlNCqCd9eQgqTwPfxKVadmM6G3xQMh6mWQxQz56sCXqj+mlG
OqJyZIgB1UXEuVZeAO3pl9wN+cSM4eqHLHQwEd+aVeSPf75r2d7mZs+VNwr1WfMu
0sWcPh3aZLXKqdls6UJMEA==
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (2 children)

Can’t the admins just edit it and sign with a new key?

Of course, but if the signature were to change, it would no longer match the public key.

Either way there won’t be a way to know for sure who edited the comment

The goal is only to know if the OP edited it or not. It doesn't really matter who edited it if it wasn't the OP. The only important information would be that it wasn't the OP.

but well they can just tell you that.

Verifying with the user's public key accomplishes the same, and is independent of a direct audit from the user.

content-signature:qbUJz7ND/3+S+W0ptyja6zAeT0q7OyzFvJpAOr3iqbbN37+GcdAashDP8QNahRyAwA1X3tm9mh0PePV3VFDaiWzOeSNOQBwrVgnlepu+euG+07WJQT0Env8/vg+Q6qO7tcVN0vp8WGYftF5cjHCkjox2Mcu3dJ1g7ONMh+nJLIhrDTAki4nVLNJuJzznLBZJzohkW3/LBqDMjkPUDq0E3Mdulm6kUpWG8r3ECgxuOjdiHSvUS9yEjOZFpGiBibjQihAlDNqe2Rcx2kCP2H8nhJwclm667KnoinfV52z8v0zNrKlz8PIb6q+whwn6mNkisC02mQwQkStUi4SocZxaAA==
[–] [email protected] 7 points 1 year ago (1 children)

How can I find your public key without going through a channel that could also have been manipulated by the admins, though? That seems problematic to me

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

This is indeed an obstacle in practicality. You are absolutely right in that any channel under control by the admin could be used as a means to orchestrate a MITM attack and replace my public key with theirs. The only way for this to work is for me to personally provide my public key in a separate, and secure channel like Matrix.

I would like to emphasize that this is all just an experiment for my own interest. I would certainly not recommend what I am doing to anyone else.

content-signature:nHszcVqN6q4R+QXnem7w42nxw58kNPNV3UGVK/rxBP5QBWNjoHX5WstdcuLWiiuuky0ZwXVR6zif2/+oWwRcmDtbv+FNlBOKSIVfcW1lSOQNQeBddbmBNIfP7hBjtTSVbszIZPXNzJQykEFdxh9hJVaC3eEqxYnN4oIOdxWjj+MejQ2zpG3l/BdnTLqWX3rf4HK4VPD8OMYyxTbqhtTMMje+tfCrf/EtRfgY3gd0Clm6oWw6WeD6QgQdJHgbRlDrZwIVE8F5zdtnooFcIptlo4ovJl9VX7FdBCExRW9MQJUU+3AZv5gVCZ4pZ9zZaXihGmhdNRDbAX9XQVUSSRc+1w==
[–] [email protected] 2 points 1 year ago

Makes sense, thanks for clarifying!

[–] [email protected] 2 points 1 year ago (1 children)

The goal is only to know if the OP edited it or not. It doesn’t really matter who edited it if it wasn’t the OP. The only important information would be that it wasn’t the OP.

OP can edit comment, sign with a different key and claim his comment was edited by the admins.

So we can't know who really edited the comment unless in the default boring situation: it was OP and he signed it with the correct key which is the same as him just telling "yeah, it was me" or not saying anything at all since it's the default.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

OP can edit comment, sign with a different key and claim his comment was edited by the admins.

Dang, that is a scenario that I hadn't considered. I'm not sure that there's anything that can be done about it.

content-signature:h0Iy5AaMSi9fo+LeWpR1hFpbRygi066LKPL7+5aDJ4Y0mf33R8/E+wn9At+N0dvNr8HH1eAghGkpfCbfcoe5NzzcsRMgfl+qSYjrpb4DmN124DLLoFd7q55R/aqXdqqZP+4DaVTLVN5G2MKg5SPL0SMhHxTl6f4BUxhQCWy6PapqwvsG3D59hVQtNlgm4/ab7oo5ORIR+ENV59+rrssNxaNBsKud4rths93SFMCf/si3Uewo0VNCorTb/KUMoZaHv21zmneq5UxZRkqXD3ZR4/H7vDILWArp350OSpZxm69kTJAeBH3VuvYkKunMlouzsxEJqdLDaaApYWwSyyUYLQ==
[–] [email protected] 1 points 1 year ago (1 children)

Why not just host your own lemmy instance on a cheap vps and be satisfied you're the only admin heh

[–] [email protected] 1 points 1 year ago

Aha, yeah that is also an option. If signatures are possible, it would be less maintenace compared to hosting an instance. Also, I think other instances can still overwrite your data should they choose. It's just stored data after all -- if it's not inherently tied to the user, then anybody can modify it; having federated servers only increases this attack surface.