• notannpc@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Obviously the keys could be stored more securely, but if you’ve got malware on your machine that can exploit this you’ve already got bigger problems.

      • douglasg14b@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        That’s not how this works.

        This sort of “dismissive security through ignorance” is how we get so many damn security breaches these days.

        I see this every day with software engineers, a group that you would think would be above the bar on security. Unfortunately a little bit of knowledge results in a mountain of confidence (see Dunning Kruger effect). They are just confident in bad choices instead.

        We don’t need to use encryption at rest because if the database is compromised we have bigger problems” really did a lot to protect the last few thousand companies from preventable data exfiltration that was in fact the largest problem they had.


        Are you confident in your omnipotence in that you can enumerate all risks and attack factors that can result in data being exfiltrated from a device?

        If not, then why comment as if you are?

  • sntx@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    I have three things to say:

    1. Everyone, please make sure you’ve set up sound disk encryption
    2. That’s not a suprise (for me at least)
    3. It’s not much different on mobile (db is unecrypted) - check out molly (signal fork) if you want to encrypt it. However encrypted db means no messages until you decrypt it.
    • AlexWIWA@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      6 months ago

      Mfw end to end can be compromised at the end.

      That said, they should fix this anyway

    • potatopotato@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Intrinsically/semantically no but the expectation is that the texts are encrypted at rest and the keys are password and/or tpm+biometric protected. That’s just how this works at this point. Also that’s the government standard for literally everything from handheld devices to satellites (yes, actually).

      At this point one of the most likely threat vectors is someone just taking your shit. Things like border crossings, rubber stamped search warrants, cops raid your house because your roommate pissed them off, protests, needing to go home from work near a protest, on and on.

      • 9tr6gyp3@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        If your device is turned on and you are logged in, your data is no longer at rest.

        Signal data will be encrypted if your disk is also encrypted.

        If your device’s storage is not encrypted, and you don’t have any type of verified boot process, then thats on you, not Signal.

        • uis@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          6 months ago

          Signal data will be encrypted if your disk is also encrypted.

          True.

          and you don’t have any type of verified boot process

          How motherboard refusing to boot from another drive would protect anything?

        • douglasg14b@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          6 months ago

          That’s not how this works.

          If the stored data from signal is encrypted and the keys are not protected than that is the security risk that can be mitigated using common tools that every operating system provides.

          You’re defending signal from a point of ignorance. This is a textbook risk just waiting for a series of latent failures to allow leaks or access to your “private” messages.

          There are many ways attackers can dump files without actually having privileged access to write to or read from memory. However, that’s a moot point as neither you nor I are capable of enumerating all potential attack vectors and risks. So instead of waiting for a known failure to happen because you are personally “confident” in your level of technological omnipotence, we should instead not be so blatantly arrogant and fill the hole waiting to be used.


          Also this is a common problem with framework provided solutions:

          https://www.electronjs.org/docs/latest/api/safe-storage

          This is such a common problem that it has been abstracted into apis for most major desktop frameworks. And every major operating system provides a key ring like service for this purpose.

          Because this is a common hole in your security model.

          • 9tr6gyp3@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            6 months ago

            Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.

            • douglasg14b@lemmy.world
              link
              fedilink
              arrow-up
              0
              ·
              6 months ago

              Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.

              Damn reading literacy has gone downhill these days.

              Please reread my post.

              But this should be an OS level protection that can be offered to Signal as an app, not the other way around.

              1. OSs provide keyring features already
              2. The framework signal uses (electron) has a built in API for this EXACT NEED

              Cmon, you can do better than this, this is just embarrassing.

      • Redjard@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        TPM isn’t all that reliable. You will have people upgrading their pc, or windows update updating their bios, or any number of other reasons reset their tpm keys, and currently nothing will happen. In effect people would see Signal completely break and loose all their data, often seemingly for no reason.

        Talking to windows or through it to the TPM also seems sketchy.

        In the current state of Windows, the sensible choice is to leave hardware-based encryption to the OS in the form of disk encryption, unfortunate as it is. The great number of people who loose data or have to recover their backup disk encryption key from their Microsoft account tells how easily that system is disturbed (And that Microsoft has the decryption keys for your encrypted date).

    • uis@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Indeed, End-to-End Encryption protects data between those ends, not ends themselves. If ends are compromised, no math will help you.

  • ssm@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    So many better standards like XMPP and IRC yet people use Signal and Telegram. I hate marketing.

    • ruse8145@lemmy.sdf.org
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Signal is an objectively better experience than xmpp, and has about identical security (same with matrix). Irc isn’t secure afaik. Telegram isn’t secure afaik.

      A better wish would be that people in 2024 would stop being fuckign weird about their cell number. Some people don’t want to give it out despite white pages being the standard for years (and how the Terminator knows who to kill). Other people refuse to use a messaging app where they can’t use their phone to sign up. Some people want to sign up with their number but not give it out.

  • Borna Punda@lemmy.zip
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    6 months ago

    The backlash is extremely idiotic. The only two options are to store it in plaintext or to have the user enter the decryption key every time they open it. They opted for the more user-friendly option, and that is perfectly okay.

    If you are worried about an outsider extracting it from your computer, then just use full disk encryption. If you are worried about malware, they can just keylog you when you enter the decryption key anyways.

    • Zak@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      The alternative is safeStorage, which uses the operating system’s credential management facility if available. On Mac OS and sometimes Linux, this means another process running in the user’s account is prevented from accessing it. Windows doesn’t have a protection against that, but all three systems do protect the credentials if someone copies data offline.

      Signal should change this, but it isn’t a major security flaw. If an attacker can copy your home directory or run arbitrary code on your device, you’re already in big trouble.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      A better thing to be worried about IMO is that Signal contains proprietary code. Also to my knowledge nobody is publicly verifying the supposed “reproducible builds” if they even still exist.

    • x1gma@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      The third option is to use the native secret vault. MacOS has its Keychain, Windows has DPAPI, Linux has has non-standardized options available depending on your distro and setup.

      Full disk encryption does not help you against data exfil, it only helps if an attacker gains physical access to your drive without your decryption key (e.g. stolen device or attempt to access it without your presence).

      Even assuming that your device is compromised by an attacker, using safer storage mechanisms at least gives you time to react to the attack.

  • Brayd@discuss.tchncs.de
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    Does anyone know how iMessage handles this on desktop (on Macs) as they (as far as I know) upgraded their encryption recently?

  • Mubelotix@jlai.lu
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    Sure, I was aware. You have the same problem with ssh keys, gpg keys and many other things

  • Dem Bosain@midwest.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    6 months ago

    Why is Signal almost universally defended whenever another security flaw is discovered? They’re not secure, they don’t address security issues, and their business model is unsustainable in the long term.

    But, but, if you have malware “you have bigger problems”. But, but, an attacker would have to have “physical access” to exploit this. Wow, such bullshit. Do some of you people really understand what you’re posting?

    But, but, “windows is compromised right out of the box”. Yes…and?

    But, but, “Signal doesn’t claim to be secure”. Fuck off, yes they do.

    But, but, “just use disk encryption”. Just…no…WTF?

    Anybody using Signal for secure messaging is misguided. Any on of your recipients could be using the desktop app and there’s no way to know unless they tell you. On top of that, all messages filter through Signal’s servers, adding a single-point-of-failure to everything. Take away the servers, no more Signal.

    • Zak@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      If someone can read my Signal keys on my desktop, they can also:

      • Replace my Signal app with a maliciously modified version
      • Install a program that sends the contents of my desktop notifications (likely including Signal messages) somewhere
      • Install a keylogger
      • Run a program that captures screenshots when certain conditions are met
      • [a long list of other malware things]

      Signal should change this because it would add a little friction to a certain type of attack, but a messaging app designed for ease of use and mainstream acceptance cannot provide a lot of protection against an attacker who has already gained the ability to run arbitrary code on your user account.

      • gomp@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        Those are outside Signal’s scope and depend entirely on your OS and your (or your sysadmin’s) security practices (eg. I’m almost sure in linux you need extra privileges for those things on top of just read access to the user’s home directory).

        The point is, why didn’t the Signal devs code it the proper way and obtain the credentials every time (interactively from the user or automatically via the OS password manager) instead of just storing them in plain text?

          • gomp@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            6 months ago

            I don’t see the reasoning in your answer (I do see its passive-aggressiveness, but chose to ignore it).

            I asked “why?”; does your reply mean “because lack of manpower”, “because lack of skill” or something else entirely?

            In case you are new to the FOSS world, that being “open source” doesn’t mean that something cannot be criticized or that people without the skill (or time!) to submit PRs must shut the fu*k up.

        • Zak@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          6 months ago

          You’d need write access to the user’s home directory, but doing something with desktop notifications on modern Linux is as simple as

          dbus-monitor "interface='org.freedesktop.Notifications'" | grep --line-buffered "member=Notify\|string" | [insert command here]

          Replacing the Signal app for that user also doesn’t require elevated privileges unless the home directory is mounted noexec.

        • douglasg14b@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          6 months ago

          They’re arguing a red herring. They don’t understand security risk modeling, argument about signals scope let’s their broken premise dig deeper. It’s fundamentally flawed.

          It’s a risk and should be mitigated using common tools already provided by every major operating system (ie. Keychain).

          • Liz@midwest.social
            link
            fedilink
            English
            arrow-up
            0
            ·
            6 months ago

            “Highways shouldn’t have guard rails because if you hit one you’ve already gone off the road anyway.”

      • douglasg14b@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        Not necessarily.

        https://en.m.wikipedia.org/wiki/Swiss_cheese_model

        If you read anything, at least read this link to self correct.


        This is a common area where non-security professionals out themselves as not actually being such: The broken/fallacy reasoning about security risk management. Generally the same “Dismissive security by way of ignorance” premises.

        It’s fundamentally the same as “safety” (Think OSHA and CSB) The same thought processes, the same risk models, the same risk factors…etc

        And similarly the same negligence towards filling in holes in your “swiss cheese model”.

        “Oh that can’t happen because that would mean x,y,z would have to happen and those are even worse”

        “Oh that’s not possible because A happening means C would have to happen first, so we don’t need to consider this is a risk”

        …etc

        The same logic you’re using is the same logic that the industry has decades of evidence showing how wrong it is.

        Decades of evidence indicating that you are wrong, you know infinitely less than you think you do, and you most definitely are not capable of exhaustively enumerating all influencing factors. No one is. It’s beyond arrogant for anyone to think that they could 🤦🤦 🤦

        Thus, most risks are considered valid risks (this doesn’t necessarily mean they are all mitigatable though). Each risk is a hole in your model. And each hole is in itself at a unique risk of lining up with other holes, and developing into an actual safety or security incident.

        In this case

        • signal was alerted to this over 6 years ago
        • the framework they use for the desktop app already has built-in features for this problem.
          • this is a common problem with common solutions that are industry-wide.
        • someone has already made a pull request to enable the electron safe storage API. And signal has ignored it.

        Thus this is just straight up negligence on their part.

        There’s not really much in the way of good excuses here. We’re talking about a run of the mill problem that has baked in solutions in most major frameworks including the one signal uses.

        https://www.electronjs.org/docs/latest/api/safe-storage

        • fuzzzerd@programming.dev
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          I was just nodding along, reading your post thinking, yup, agreed. Until I saw there was a PR to fix it that signal ignored, that seems odd and there must be some mitigating circumstances on why they haven’t merged it.

          Otherwise that’s just inexcusable.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      6 months ago

      98% of desktop apps (at least on Windows and Linux) are already broken by design anyways. Any one app can spy on and keylog all other apps, all your home folder data, everything. And anyone can write a desktop app, so only using solutions that (currently) don’t have a desktop app version, seems silly to me.

    • SeattleRain@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      What app stops a pre install keylogger. I’m all for hearing criticism of Signal but it’s always about things they can’t control.

    • Dessalines@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Basically for the same reason people often defend apple: the user interface is shiny, and they claim to be privacy oriented.

      Signal is a centralized US hosted service, that alone should be enough to disqualify it, outside of our many other criticisms.

    • uis@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      But, but, “just use disk encryption”. Just…no…WTF?

      So not encrypting keys is bad, but actually encrypting them is bad too? Ok.

      Any on of your recipients could be using the desktop app and there’s no way to know unless they tell you.

      Another applefan? How it THIS supposed to be in scope of E2EE? Moreover, how having a way to know if recepient is using desktop app is not opposite of privacy?

      On top of that, all messages filter through Signal’s servers, adding a single-point-of-failure to everything. Take away the servers, no more Signal.

      Indeed. This is why I use Matrix. Also, fuck showing phone numbers to everyone(I heard they did something about it) and registration with phone numbers.

      • Dem Bosain@midwest.social
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        Any “secure” so that relies on someone else for security is not secure.

        Fuck the scope of E2EE. Signal makes a lot of claims on their website that are laughable. The desktop app is their main weakness. Attachments are stored unencrypted, keys in plaintext. If they were serious about security, they would depricate the windows app and block it from their servers.

        WTF does Apple have to do with anything?

        • uis@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          6 months ago

          Any “secure” so that relies on someone else for security is not secure.

          Fuck the scope of E2EE.

          When someone has FSB/NSA agent behind them reading messages, no amount of encryption will help. Biggest cybersecurity vulnreability is located between monitor and chair. When you are texting someone else, that someone else’s chair-monitor space is also vulnreable.

          Signal makes a lot of claims on their website that are laughable.

          Well, maybe. I didn’t read their claims, nor I use signal.

          Attachments are stored unencrypted, keys in plaintext.

          Is OS-level encryption plaintext or not? If yes, then they are encrypted, provided user enables such feature in OS. If not - nothing if encrypted fundamentally.

          If they were serious about security, they would depricate the windows app and block it from their servers.

          WTF does Apple have to do with anything?

          You just used applefans’ argument. Yeah, I wonder what.

  • jsomae@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    The real problem is that the security model for apps on mobile is much better than that for apps on desktop. Desktop apps should all have private storage that no other non-root app can access. And while we’re at it, they should have to ask permission before activating the mic or camera.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Firejail and bwrap. Flatpaks. There are already ways to do this, but I only know of one distro that separates apps by default like Android does (separate user per app), which is the brand new “EasyOS”.

    • Pussista@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      6 months ago

      macOS has nailed it*, even though it’s still not as good as iOS or Android, but leagues and bounds better than Windows and especially Linux.

      ETC: *sandboxing/permission system

      • tmpod@lemmy.ptM
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        What does Windows do? Genuine question, I’ve not used it since the 7 days. Regarding Linux, that’s true for stuff installed through regular package managers and whatnot, but Flatpak is pushing a more sandboxed and permission oriented system, akin to Android.

        • ruse8145@lemmy.sdf.org
          link
          fedilink
          arrow-up
          0
          ·
          6 months ago

          You have granular control over universal windows apps (ie windows 8+ apps) and one global lock over all desktop apps (non uwp), and one global lock over everything. It’s pretty solid considering how little control Microsoft has and it’s wonderful fetish for compatibility.

          Tldr basically same as Linux, except app distribution in Linux was bad enough for so long that more stuff is in the new restricted format while windows still has tons of things which will never go away and aren’t in the sandbox. I think not finding a way to sandbox all desktop apps was a mistake.

        • Pussista@sh.itjust.works
          link
          fedilink
          arrow-up
          0
          ·
          6 months ago

          It’s a joke. Apps have defined permissions already allowed on install and some of them have too many things set to allow like home or host access. Also, changing any permission requires restarting the app. It’s heading in the right direction, but it has a looooong way to go to catch up with macOS, let alone Android and iOS.

  • thayer@lemmy.ca
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    6 months ago

    While it would certainly be nice to see this addressed, I don’t recall Signal ever claiming their desktop app provided encryption at rest. I would also think that anyone worried about that level of privacy would be using disappearing messages and/or regularly wiping their history.

    That said, this is just one of the many reasons why whole disk encryption should be the default for all mainstream operating systems today, and why per-app permissions and storage are increasingly important too.

      • thayer@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        6 months ago

        No, the average user will never know the difference. I couldn’t tell you exactly what the current performance impact is for hardware encryption, but it’s likely around 1-4% depending on the platform (I use LUKS under Linux).

        For gamers, it’s likely a 1-5 FPS loss, depending on your hardware, which is negligible in my experience. I play mostly first and third person shooter-style games at 1440p/120hz, targeting 60-90 FPS, and there’s no noticeable impact (Ryzen 5600 / RX 6800XT).

        • ruse8145@lemmy.sdf.org
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          6 months ago

          If it has to go to disk for immediate loading of assets while playing a video game you’re losing more than 1-5 fps

          • refalo@programming.dev
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            6 months ago

            Maybe, but not every frame while you’re playing. No game is loading gigs of data every frame. That would be the only way most encryption algorithms would slow you down.

          • thayer@lemmy.ca
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            6 months ago

            Yeah, I’m sure there are a lot of variables there. I can only say that in my experience, I noticed zero impact to gaming performance when I started encrypting everything about 10 years ago. No stuttering or noticeable frame loss. It was a seamless experience and brings real peace of mind knowing that our financial info, photos, and other sensitive files are safely locked away.

        • refalo@programming.dev
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          6 months ago

          For gamers, it’s likely a 1-5 FPS loss

          I highly doubt it… would love to see some hard data on that. Most algorithms used for disk encryption these days are already faster than RAM, and most games are not reading gigabytes/sec from the disk every frame during gameplay for this to ever matter.

      • refalo@programming.dev
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        It depends on how you set it up. I think the default in some cases (like Windows Bitlocker) is to store the key in TPM, so everything becomes transparent to the user at that point, although many disagree with this method for privacy/security reasons.

        The other method is to provide a password or keyfile during bootup, which does change something for the end user somewhat.

      • communism@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        Whole disk encryption wouldn’t change your daily usage, no. It just means that when you boot your PC you have to enter your passphrase. And if your device becomes unbootable for whatever reason, and you want to access your drive, you’ll just have to decrypt it first to be able to read it/write to it, e.g. if you want to rescue files from a bricked computer. But there’s no reason not to encrypt your drive. I can’t think of any downsides.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          If any part of the data gets corrupted you lose the whole thing. Recovery tools can’t work with partially corrupted encrypted data.

          • communism@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            6 months ago

            I don’t think that’s a big deal with Signal data. You can log back into your account, you’d just lose your messages. idk how most people use Signal but I have disappearing messages on for everything anyway, and if a message is that important to you then back it up.

      • devfuuu@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        It’s transparent for end user basically, but protects the laptop at least when outside and if someone steals the computer. As long as it was properly shutdown.

          • devfuuu@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            6 months ago

            If you suspend the laptop when moving locations instead of shutting down or hibernating to disk then disk encryption is useless.

            • thayer@lemmy.ca
              link
              fedilink
              English
              arrow-up
              0
              ·
              6 months ago

              Most operating systems will require your desktop password upon resume, and most thieves are low-functioning drug users who are not about to go Hacker Man on your laptop. They will most likely just wipe the system and install something else; if they can even figure that out.

          • refalo@programming.dev
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            6 months ago

            I think they’re just referring to an outdated concept of OSes with non-journaling filesystems that can cause data corruption if the disk is shut off abruptly, which in theory could corrupt the entire disk at once if it was encrypted at a device level. But FDE was never used in the time of such filesystems anyways.

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Exactly.

      I’ll admit to being lazy and not enabling encryption on my Windows laptops. But if I deployed something for someone, it would be encrypted.

    • Zak@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      I don’t recall Signal ever claiming their desktop app provided encryption at rest.

      I’m not sure if they’ve claimed that, but it does that using SQLCipher.

    • ooterness@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      Full disk encryption doesn’t help with this threat model at all. A rogue program running on the same machine can still access all the files.

      • thayer@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        It does help greatly in general though, because all of your data will be encrypted when the device is at rest. Theft and B&Es will no longer present a risk to your privacy.

        Per-app permissions address this specific threat model directly. Containerized apps, such as those provided by Flatpak can ensure that apps remain sandboxed and unable to access data without explicit authorization.

  • mtchristo@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    You are telling me this has been going on for almost a decade now, and no one ever noticed ?

    So we trust open source apps under the premise that if malicious code gets added to the code, at least one person will notice ? Here it shows that years pass before anyone notices and millions of people’s communications could have been compromised by the world’s most trusted messaging app.

    I don’t know which app to trust after this, if any?

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      Why is this a shock? Someone would need to have already compromised your device. Even if it was encrypted with a password they still could install a key logger

      • mtchristo@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        It is easier to compromise a device than to try and compromise encrypted communications.

    • derpgon@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Matrix. You can host any version you want, and when you have to update, just do a version diff between you current and latest versions and check yourself.

  • mlg@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    6 months ago

    Bruh windows and linux have a secrets vault (cred manager and keyring respectively, iirc) for this exact purpose.

    Even Discord uses it on both OSs no problem