- cross-posted to:
- foss@beehaw.org
- cross-posted to:
- foss@beehaw.org
You must log in or # to comment.
You are telling me this has been going on for almost a decade now, and no one ever noticed ?
So we trust open source apps under the premise that if malicious code gets added to the code, at least one person will notice ? Here it shows that years pass before anyone notices and millions of people’s communications could have been compromised by the world’s most trusted messaging app.
I don’t know which app to trust after this, if any?
Everyone knew that already tbh
Why is this a shock? Someone would need to have already compromised your device. Even if it was encrypted with a password they still could install a key logger
It is easier to compromise a device than to try and compromise encrypted communications.
Matrix. You can host any version you want, and when you have to update, just do a version diff between you current and latest versions and check yourself.
I have three things to say:
- Everyone, please make sure you’ve set up sound disk encryption
- That’s not a suprise (for me at least)
- It’s not much different on mobile (db is unecrypted) - check out molly (signal fork) if you want to encrypt it. However encrypted db means no messages until you decrypt it.
Does anyone know how iMessage handles this on desktop (on Macs) as they (as far as I know) upgraded their encryption recently?
dawg what the shitfuck
Can we please all just acknowledge that desktop operating systems absolutely suck (in regards to security)?
How is a Desktop OS any different from a mobile one? This is where you need to be more specific.
There are too many differences for me to list here, but unlike mobile operating systems, Windows and most Linux desktops do not provide sandboxed environments for userspace apps by default. Apps generally have free reign over the whole system; reading/writing data from/to other apps without restriction or notification. There are virtually no safeguards against malicious actors.
Mobile operating systems significantly restrict system-level storage space, making key areas read-only to prevent data access or manipulation. They also protect app storage, so one app can’t arbitrarily access or modify data stored for a different app.
Mobile operating systems also follow an image-based update model, wherein updates are atomic. System software updates are generally applied successfully all at once or not at all, helping to ensure your phone is never left in a partial or unusable state after a system update.
For desktop users, macOS, and atomic Linux distros combined with Flatpak are the closest comparisons.
Bruh windows and linux have a secrets vault (cred manager and keyring respectively, iirc) for this exact purpose.
Even Discord uses it on both OSs no problem
Ah yes, another prime example that demonstrates that Lemmy is no different than Reddit. Everyone thinks they are a professional online.
Nothing sensitive should ever lack encryption especially in the hands of a third party company managing your data claiming you are safe and your privacy is protected.
No one is invincible and it’s okay to criticize the apps we hold to high regards. If your are pissed people are shitting on Signal you should be pissed Signal gave people a reason to shit on them.
deleted by creator
Where are you going to store the encryption key? At the end of the day the local machine is effectively pwded anyway
If your device gets compromised, it’s no longer the company’s problem.
I presume keys are already sort of encrypted?
Nope. Your presumption is wrong.
👍
Signal has so many red flags that I’m beginning to wonder if it is a honeypot.
Got some sources for that, chief?
What other red flags do you have in mind?
Back when the Signal org used to be called Open Whisper Systems it received grants and auditing from the Open Technology Fund which, at the time, was still a part of Radio Free Asia.
https://web.archive.org/web/20150521181458/https://www.opentechfund.org/project/open-whisper-systems
So tldr, since you didn’t finish your thought, is that they got a grant like 3+ layers down, from the US government.
I have some news for you, or perhaps I can offer you a bridge.
People are free to draw their own conclusions from it. Do you have anything material to contribute, or will you just be putting more smarmy words in my mouth from here on out?
Attack the argument, not the person.
You didn’t explain the implications of what radio free Asia is, I did. I don’t know what words I’m putting in your mouth.
Signal is actively hostile to alternative clients, or decoupling from Google.
They could just add a password
Why is Signal almost universally defended whenever another security flaw is discovered? They’re not secure, they don’t address security issues, and their business model is unsustainable in the long term.
But, but, if you have malware “you have bigger problems”. But, but, an attacker would have to have “physical access” to exploit this. Wow, such bullshit. Do some of you people really understand what you’re posting?
But, but, “windows is compromised right out of the box”. Yes…and?
But, but, “Signal doesn’t claim to be secure”. Fuck off, yes they do.
But, but, “just use disk encryption”. Just…no…WTF?
Anybody using Signal for secure messaging is misguided. Any on of your recipients could be using the desktop app and there’s no way to know unless they tell you. On top of that, all messages filter through Signal’s servers, adding a single-point-of-failure to everything. Take away the servers, no more Signal.
98% of desktop apps (at least on Windows and Linux) are already broken by design anyways. Any one app can spy on and keylog all other apps, all your home folder data, everything. And anyone can write a desktop app, so only using solutions that (currently) don’t have a desktop app version, seems silly to me.
I don’t think apps can read keystrokes for other apps on Wayland.
Unless you have root
If you have root you could just update the kernel to one that lets you do whatever you want on the system, so there’s no way to stop the attacker from viewing the passwords if the app is capable of displaying them.
Wayland doesn’t magically make other kinds of keyloggers stop working altogether though.
https://old.reddit.com/r/linux/comments/23mj49/wayland_is_not_immune_to_keyloggers/
https://github.com/Aishou/wayland-keylogger
https://github.com/schauveau/sway-keylogger
https://old.reddit.com/r/kde/comments/11h5tvl/wayland_security_keyloggers_are_back/
Linux has a sandbox solution growing in popularity, flatpak.
And Wayland. Xorg is a complete and utter mess
If someone can read my Signal keys on my desktop, they can also:
- Replace my Signal app with a maliciously modified version
- Install a program that sends the contents of my desktop notifications (likely including Signal messages) somewhere
- Install a keylogger
- Run a program that captures screenshots when certain conditions are met
- [a long list of other malware things]
Signal should change this because it would add a little friction to a certain type of attack, but a messaging app designed for ease of use and mainstream acceptance cannot provide a lot of protection against an attacker who has already gained the ability to run arbitrary code on your user account.
https://molly.im/ already restores the encryption to this file and adds other useful things
Not necessarily.
https://en.m.wikipedia.org/wiki/Swiss_cheese_model
If you read anything, at least read this link to self correct.
This is a common area where non-security professionals out themselves as not actually being such: The broken/fallacy reasoning about security risk management. Generally the same “Dismissive security by way of ignorance” premises.
It’s fundamentally the same as “safety” (Think OSHA and CSB) The same thought processes, the same risk models, the same risk factors…etc
And similarly the same negligence towards filling in holes in your “swiss cheese model”.
“Oh that can’t happen because that would mean x,y,z would have to happen and those are even worse”
“Oh that’s not possible because A happening means C would have to happen first, so we don’t need to consider this is a risk”
…etc
The same logic you’re using is the same logic that the industry has decades of evidence showing how wrong it is.
Decades of evidence indicating that you are wrong, you know infinitely less than you think you do, and you most definitely are not capable of exhaustively enumerating all influencing factors. No one is. It’s beyond arrogant for anyone to think that they could 🤦🤦 🤦
Thus, most risks are considered valid risks (this doesn’t necessarily mean they are all mitigatable though). Each risk is a hole in your model. And each hole is in itself at a unique risk of lining up with other holes, and developing into an actual safety or security incident.
In this case
- signal was alerted to this over 6 years ago
- the framework they use for the desktop app already has built-in features for this problem.
- this is a common problem with common solutions that are industry-wide.
- someone has already made a pull request to enable the electron safe storage API. And signal has ignored it.
Thus this is just straight up negligence on their part.
There’s not really much in the way of good excuses here. We’re talking about a run of the mill problem that has baked in solutions in most major frameworks including the one signal uses.
I was just nodding along, reading your post thinking, yup, agreed. Until I saw there was a PR to fix it that signal ignored, that seems odd and there must be some mitigating circumstances on why they haven’t merged it.
Otherwise that’s just inexcusable.
The PR had some issues regarding files that were pushed that shouldn’t have been, adding refactors that should have been in separate PRs, etc…
Though the main reason is that Signal doesn’t consider this issue a part of their threat model.
Those are outside Signal’s scope and depend entirely on your OS and your (or your sysadmin’s) security practices (eg. I’m almost sure in linux you need extra privileges for those things on top of just read access to the user’s home directory).
The point is, why didn’t the Signal devs code it the proper way and obtain the credentials every time (interactively from the user or automatically via the OS password manager) instead of just storing them in plain text?
Feel free to submit a pull request. We could use your help.
I don’t see the reasoning in your answer (I do see its passive-aggressiveness, but chose to ignore it).
I asked “why?”; does your reply mean “because lack of manpower”, “because lack of skill” or something else entirely?
In case you are new to the FOSS world, that being “open source” doesn’t mean that something cannot be criticized or that people without the skill (or time!) to submit PRs must shut the fu*k up.
It’s in the draft phase from what I can see.
You’d need write access to the user’s home directory, but doing something with desktop notifications on modern Linux is as simple as
dbus-monitor "interface='org.freedesktop.Notifications'" | grep --line-buffered "member=Notify\|string" | [insert command here]Replacing the Signal app for that user also doesn’t require elevated privileges unless the home directory is mounted
noexec.They’re arguing a red herring. They don’t understand security risk modeling, argument about signals scope let’s their broken premise dig deeper. It’s fundamentally flawed.
It’s a risk and should be mitigated using common tools already provided by every major operating system (ie. Keychain).
“Highways shouldn’t have guard rails because if you hit one you’ve already gone off the road anyway.”
Whats the next best alternative?
I can find the desktop client, am I missing something?
You’re right, there isn’t one, my apologies; I edited the comment.
You could use some kind of encrypted container on the desktop though, or maybe run it as a separate user that has an encrypted home folder. The problem is you need to define a threat model first. Depending on what you’re afraid of, any particular “solution” could either be way overkill, or never enough.
That depends on your threat model. What are you worried about?
Meeting in person.
With a helicopter over you, loud music next to you, and a dude mowing next to you.
And no smartphone in your pocket, of course.
I’ll organise a time and place to meet in person via … Carrier pigeon?
We’re citizens raging against phones Lazlow.
Matrix or xmpp, bonus points with a personal server
Thanks to interest of late, the conversations and gajim apps have come a long way in recent years, and matrix has made good strides too with element-x
I would only ever suggest matrix if you’re running a private self-hosted instance that is NOT federated, which you can do even easier with Signal anyways.
That’s fine, but why?
It is a privacy and GDPR nightmare, basically all federated services right now are.
https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part1/README.md
https://web.archive.org/web/20240611200030/https://hackea.org/notas/matrix.html
https://anarc.at/blog/2022-06-17-matrix-notes/
https://web.archive.org/web/20210804205638/https://serpentsec.1337.cx/matrix
I’d tried matix but without a high level of technical experience it was pretty difficult to setup. I got as far as docker, that needed ansible, that wouldn’t compile. I also recall there was services I could pay for, but then I’d rely on them to provide the security/servers.
Matrix doesn’t seem for the majority of people taking a first step away from big tech.
Snikket is meant to be super simple to self-host. Ejabberd has a web GUI that can make configuration easier.
Now replace “signal” in your comment with “ssh” and think it over.
deleted by creator
Ah the old Lemmy SHHwitcharoo.
SSHwitcharoo
Thank you.
deleted by creator
But, but, “just use disk encryption”. Just…no…WTF?
So not encrypting keys is bad, but actually encrypting them is bad too? Ok.
Any on of your recipients could be using the desktop app and there’s no way to know unless they tell you.
Another applefan? How it THIS supposed to be in scope of E2EE? Moreover, how having a way to know if recepient is using desktop app is not opposite of privacy?
On top of that, all messages filter through Signal’s servers, adding a single-point-of-failure to everything. Take away the servers, no more Signal.
Indeed. This is why I use Matrix. Also, fuck showing phone numbers to everyone(I heard they did something about it) and registration with phone numbers.
Any “secure” so that relies on someone else for security is not secure.
Fuck the scope of E2EE. Signal makes a lot of claims on their website that are laughable. The desktop app is their main weakness. Attachments are stored unencrypted, keys in plaintext. If they were serious about security, they would depricate the windows app and block it from their servers.
WTF does Apple have to do with anything?
Any “secure” so that relies on someone else for security is not secure.
Fuck the scope of E2EE.
When someone has FSB/NSA agent behind them reading messages, no amount of encryption will help. Biggest cybersecurity vulnreability is located between monitor and chair. When you are texting someone else, that someone else’s chair-monitor space is also vulnreable.
Signal makes a lot of claims on their website that are laughable.
Well, maybe. I didn’t read their claims, nor I use signal.
Attachments are stored unencrypted, keys in plaintext.
Is OS-level encryption plaintext or not? If yes, then they are encrypted, provided user enables such feature in OS. If not - nothing if encrypted fundamentally.
If they were serious about security, they would depricate the windows app and block it from their servers.
WTF does Apple have to do with anything?
You just used applefans’ argument. Yeah, I wonder what.
Well, maybe. I didn’t read their claims, nor I use signal.
Your opinions are invalid.
What app stops a pre install keylogger. I’m all for hearing criticism of Signal but it’s always about things they can’t control.
They can’t control if the encryption keys are stored in plaintext?
Basically for the same reason people often defend apple: the user interface is shiny, and they claim to be privacy oriented.
Signal is a centralized US hosted service, that alone should be enough to disqualify it, outside of our many other criticisms.
I hope you are joking
There is just no excuse for not even salting or SOMETHING to keep the secrets out of plaintext. The reason you don’t store in plaintext is because it can lead to even incidental collection. Say you have some software, perhaps spyware, perhaps it’s made by a major corporation so doesn’t get called that and it crawls around and happens to upload a copy of a full or portion of the file containing this info, now it’s been uploaded and compromised potentially not even by a malicious actor successfully gaining access to a machine but by poor practices.
No it can’t stop a sophisticated malware specifically targeting Signal to steal credentials and gain access but it does mean casual malware that hasn’t taken the time out to write a module to do that is out of luck and increases the burden on attackers. No it won’t stop the NSA but it’s still something that it stops someone’s 17 year old niece who knows a little bit about computers but is no malware author from gaining access to your signal messages and account because she could watch a youtube video and follow along with simple tools.
The claims Signal is an op or the runner is under a national security letter order to compromise it look more and more plausible in light of weird bad basic practices like this and their general hostility. I’ll still use it and it’s far from the worst looking thing out there but there’s something unshakably weird about the lead dev, their behavior and practices that can’t be written off as being merely a bit quirky.
To encrypt it you would need to store a encryption key
The irony
It’s plaintext all the way down.
for not even salting
Wrong secret
I mean combined with any kind of function, even a trivial kind. A salt derived from some machine state data (a random install id generated on install, a hash of computer name, etc) plus a rot13 or something would still be better than leaving it plaintext.
This shows an incredibly cavalier approach to security on the part of the team working on signal.
Moxie would be spinning in his grave if he weren’t still working there…
Moxie tried to put a crypto-coin into signal. He is not to be trusted in the slightest.
Wire does this too :/
What is Wire?
A different encrypted messaging service. Decent, but hasn’t taken off despite using email for accounts rather than phone bonkers numbers
All these apps are going to have to understand that they MUST be compatible between each other
I mean, not really.
Which standard are they going to be forced to use? What infrastructure? What encryption? Are they going to be forced to develop apps for every platform?
The best you can hope to expect is apps using the same standard being compatible. Xmpp, matrix, whisper, whatever. Even matrix bridges don’t really fix compatibility across standards very well.
It’s nice to think that anyone anywhere, could expect to install any app and communicate with anyone else and maintain encryption as well as full privacy. But as far as anyone I’ve ever seen talk about it that’s actually trained in the technology behind it all, it isn’t possible unless there’s a single, enforced standard in use.
Does it suck to have to deal with multiple apps? Hell yes. But I also don’t like the idea of being forced to use whatever compromise protocol would make it realistic. I’d rather have a dozen apps with no single gatekeeper between them.
Isn’t this going to be enforced by the EU 3 months ago?
Don’t use Wire as it isn’t good for privacy or security
Don’t use signal as its not good for anonymity
It is better than Wire and cryptography wise it is very solid
E2EE is not supposed to protect if device get compromised.
Plaintext should never be used in any application that deals with security, ever.
unless you’re reading ciphertext yourself, this doesn’t make sense
It doesn’t use plain text. It is end to end encrypted but that isn’t what this “issue” is
Oh no, tell that to SSH.
One could argue that Windows is compromised right out of the box.
Source:
“The computer” decides when to install updates and which ones to install.
Microsoft are integrating adware and spyware straight into the os.
Source:
Try setup fresh windows 11 system.
I don’t understand how that would prove anything.
A lot of tracker and spyware already mention in setup. And without bypass you cannot setup without microsoft account.
source: 93% of ransomware are windows based
Correlation is not causation.
Causation was never stated nor implied
99% of people in France are French
BUT WHAT OF QUEBEC
Are they in france?
Mfw end to end can be compromised at the end.
That said, they should fix this anyway
Intrinsically/semantically no but the expectation is that the texts are encrypted at rest and the keys are password and/or tpm+biometric protected. That’s just how this works at this point. Also that’s the government standard for literally everything from handheld devices to satellites (yes, actually).
At this point one of the most likely threat vectors is someone just taking your shit. Things like border crossings, rubber stamped search warrants, cops raid your house because your roommate pissed them off, protests, needing to go home from work near a protest, on and on.
TPM isn’t all that reliable. You will have people upgrading their pc, or windows update updating their bios, or any number of other reasons reset their tpm keys, and currently nothing will happen. In effect people would see Signal completely break and loose all their data, often seemingly for no reason.
Talking to windows or through it to the TPM also seems sketchy.
In the current state of Windows, the sensible choice is to leave hardware-based encryption to the OS in the form of disk encryption, unfortunate as it is. The great number of people who loose data or have to recover their backup disk encryption key from their Microsoft account tells how easily that system is disturbed (And that Microsoft has the decryption keys for your encrypted date).
If your device is turned on and you are logged in, your data is no longer at rest.
Signal data will be encrypted if your disk is also encrypted.
If your device’s storage is not encrypted, and you don’t have any type of verified boot process, then thats on you, not Signal.
Signal data will be encrypted if your disk is also encrypted.
True.
and you don’t have any type of verified boot process
How motherboard refusing to boot from another drive would protect anything?
Its more about protecting your boot process from malware.
Well, yes. By refusing to boot. It can’t do anything if motherboard is replaced.
Thats correct. Thats one of the many perks.
EDIT: s/do anything/prevent booting/
That’s not how this works.
If the stored data from signal is encrypted and the keys are not protected than that is the security risk that can be mitigated using common tools that every operating system provides.
You’re defending signal from a point of ignorance. This is a textbook risk just waiting for a series of latent failures to allow leaks or access to your “private” messages.
There are many ways attackers can dump files without actually having privileged access to write to or read from memory. However, that’s a moot point as neither you nor I are capable of enumerating all potential attack vectors and risks. So instead of waiting for a known failure to happen because you are personally “confident” in your level of technological omnipotence, we should instead not be so blatantly arrogant and fill the hole waiting to be used.
Also this is a common problem with framework provided solutions:
https://www.electronjs.org/docs/latest/api/safe-storage
This is such a common problem that it has been abstracted into apis for most major desktop frameworks. And every major operating system provides a key ring like service for this purpose.
Because this is a common hole in your security model.
Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.
Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.
Damn reading literacy has gone downhill these days.
Please reread my post.
But this should be an OS level protection that can be offered to Signal as an app, not the other way around.
- OSs provide keyring features already
- The framework signal uses (electron) has a built in API for this EXACT NEED
Cmon, you can do better than this, this is just embarrassing.
Indeed, End-to-End Encryption protects data between those ends, not ends themselves. If ends are compromised, no math will help you.
So many better standards like XMPP and IRC yet people use Signal and Telegram. I hate marketing.
Signal is an objectively better experience than xmpp, and has about identical security (same with matrix). Irc isn’t secure afaik. Telegram isn’t secure afaik.
A better wish would be that people in 2024 would stop being fuckign weird about their cell number. Some people don’t want to give it out despite white pages being the standard for years (and how the Terminator knows who to kill). Other people refuse to use a messaging app where they can’t use their phone to sign up. Some people want to sign up with their number but not give it out.
