• potatopotato@sh.itjust.works
      link
      fedilink
      arrow-up
      16
      arrow-down
      1
      ·
      6 months ago

      Intrinsically/semantically no but the expectation is that the texts are encrypted at rest and the keys are password and/or tpm+biometric protected. That’s just how this works at this point. Also that’s the government standard for literally everything from handheld devices to satellites (yes, actually).

      At this point one of the most likely threat vectors is someone just taking your shit. Things like border crossings, rubber stamped search warrants, cops raid your house because your roommate pissed them off, protests, needing to go home from work near a protest, on and on.

      • 9tr6gyp3@lemmy.world
        link
        fedilink
        arrow-up
        17
        arrow-down
        9
        ·
        edit-2
        6 months ago

        If your device is turned on and you are logged in, your data is no longer at rest.

        Signal data will be encrypted if your disk is also encrypted.

        If your device’s storage is not encrypted, and you don’t have any type of verified boot process, then thats on you, not Signal.

        • douglasg14b@lemmy.world
          link
          fedilink
          arrow-up
          9
          arrow-down
          3
          ·
          edit-2
          6 months ago

          That’s not how this works.

          If the stored data from signal is encrypted and the keys are not protected than that is the security risk that can be mitigated using common tools that every operating system provides.

          You’re defending signal from a point of ignorance. This is a textbook risk just waiting for a series of latent failures to allow leaks or access to your “private” messages.

          There are many ways attackers can dump files without actually having privileged access to write to or read from memory. However, that’s a moot point as neither you nor I are capable of enumerating all potential attack vectors and risks. So instead of waiting for a known failure to happen because you are personally “confident” in your level of technological omnipotence, we should instead not be so blatantly arrogant and fill the hole waiting to be used.


          Also this is a common problem with framework provided solutions:

          https://www.electronjs.org/docs/latest/api/safe-storage

          This is such a common problem that it has been abstracted into apis for most major desktop frameworks. And every major operating system provides a key ring like service for this purpose.

          Because this is a common hole in your security model.

          • 9tr6gyp3@lemmy.world
            link
            fedilink
            arrow-up
            3
            arrow-down
            7
            ·
            edit-2
            6 months ago

            Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.

            • douglasg14b@lemmy.world
              link
              fedilink
              arrow-up
              3
              ·
              6 months ago

              Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.

              Damn reading literacy has gone downhill these days.

              Please reread my post.

              But this should be an OS level protection that can be offered to Signal as an app, not the other way around.

              1. OSs provide keyring features already
              2. The framework signal uses (electron) has a built in API for this EXACT NEED

              Cmon, you can do better than this, this is just embarrassing.

        • uis@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          6 months ago

          Signal data will be encrypted if your disk is also encrypted.

          True.

          and you don’t have any type of verified boot process

          How motherboard refusing to boot from another drive would protect anything?

      • Redjard@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        5
        arrow-down
        3
        ·
        6 months ago

        TPM isn’t all that reliable. You will have people upgrading their pc, or windows update updating their bios, or any number of other reasons reset their tpm keys, and currently nothing will happen. In effect people would see Signal completely break and loose all their data, often seemingly for no reason.

        Talking to windows or through it to the TPM also seems sketchy.

        In the current state of Windows, the sensible choice is to leave hardware-based encryption to the OS in the form of disk encryption, unfortunate as it is. The great number of people who loose data or have to recover their backup disk encryption key from their Microsoft account tells how easily that system is disturbed (And that Microsoft has the decryption keys for your encrypted date).

    • AlexWIWA@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      edit-2
      6 months ago

      Mfw end to end can be compromised at the end.

      That said, they should fix this anyway

    • uis@lemm.ee
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      Indeed, End-to-End Encryption protects data between those ends, not ends themselves. If ends are compromised, no math will help you.

  • x1gma@lemmy.world
    link
    fedilink
    arrow-up
    90
    arrow-down
    15
    ·
    edit-2
    6 months ago

    How in the fuck are people actually defending signal for this, and with stupid arguments such as windows is compromised out of the box?

    You. Don’t. Store. Secrets. In. Plaintext.

    There is no circumstance where an app should store its secrets in plaintext, and there is no secret which should be stored in plaintext. Especially since this is not some random dudes random project, but a messenger claiming to be secure.

    Edit: “If you got malware then this is a problem anyway and not only for signal” - no, because if secure means to store secrets are used, than they are encrypted or not easily accessible to the malware, and require way more resources to obtain. In this case, someone would only need to start a process on your machine. No further exploits, no malicious signatures, no privilege escalations.

    “you need device access to exploit this” - There is no exploiting, just reading a file.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      29
      arrow-down
      6
      ·
      6 months ago

      You. Don’t. Store. Secrets. In. Plaintext.

      SSH stores the secret keys in plaintext too. In a home dir accessible only by the owning user.

      I won’t speak about Windows but on Linux and other Unix systems the presumption is that if your home dir is compromised you’re fucked anyway. Effort should be spent on actually protecting access to the home personal files not on security theater.

        • dave@programming.dev
          link
          fedilink
          arrow-up
          9
          ·
          6 months ago

          Well yes, but also how would users react if they had to type in their passphrase every time they open the app? This is also exactly what we’re giving up everywhere else by clicking ‘remember this device’.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          If someone gets access they can delete your keys, or set up something that can intercept your keys in other ways.

          The security of data at rest is just one piece of the puzzle. In many systems the access to the data is considered much more important than whether the data itself is encrypted in one particular scenario.

      • x1gma@lemmy.world
        link
        fedilink
        arrow-up
        12
        arrow-down
        3
        ·
        6 months ago

        Kinda expected the SSH key argument. The difference is the average user group.

        The average dude with a SSH key that’s used for more than their RPi knows a bit about security, encryption and opsec. They would have a passphrase and/or hardening mechanisms for their system and network in place. They know their risks and potential attack vectors.

        The average dude who downloads a desktop app for a messenger that advertises to be secure and E2EE encrypted probably won’t assume that any process might just wire tap their whole “encrypted” communications.

        Let’s not forget that the threat model has changed by a lot in the last years, and a lot of effort went into providing additional security measures and best practices. Using a secure credential store, additional encryption and not storing plaintext secrets are a few simple ones of those. And sure, on Linux the SSH key is still a plaintext file. But it’s a deliberate decision of you to keep it as plaintext. You can at least encrypt with a passphrase. You can use the actual working file permission model of Linux and SSH will refuse to use your key with loose permissions. You would do the same on Windows and Mac and use a credential store and an agent to securely store and use your keys.

        Just because your SSH key is a plaintext file and the presumption of a secure home dir, you still wouldn’t do a ~/passwords.txt.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      15
      arrow-down
      8
      ·
      edit-2
      6 months ago

      How in the fuck are people actually defending signal for this

      Probably because Android (at least) already uses file-based encryption, and the files stored by apps are not readable by other apps anyways.

      And if people had to type in a password every time they started the app, they just wouldn’t use it.

      • uis@lemm.ee
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        AFAIK Android encrypts entire fs with one key. And ACL is not encryption.

    • uis@lemm.ee
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      6 months ago

      You. Don’t. Store. Secrets. In. Plaintext.

      Ok. Enter password at every launch.

      • x1gma@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        Chrome cookies are encrypted, for exactly the reasons stated. If malware gains access to your system and compromises it in a way that DPAPI calls can be replicated in the way Chrome does it, then your sessions will also be compromised. But this is way harder to do, and at least prevents trivial data exfiltration.

  • thayer@lemmy.ca
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    7
    ·
    edit-2
    6 months ago

    While it would certainly be nice to see this addressed, I don’t recall Signal ever claiming their desktop app provided encryption at rest. I would also think that anyone worried about that level of privacy would be using disappearing messages and/or regularly wiping their history.

    That said, this is just one of the many reasons why whole disk encryption should be the default for all mainstream operating systems today, and why per-app permissions and storage are increasingly important too.

    • ooterness@lemmy.world
      link
      fedilink
      English
      arrow-up
      28
      arrow-down
      2
      ·
      6 months ago

      Full disk encryption doesn’t help with this threat model at all. A rogue program running on the same machine can still access all the files.

      • thayer@lemmy.ca
        link
        fedilink
        English
        arrow-up
        12
        ·
        6 months ago

        It does help greatly in general though, because all of your data will be encrypted when the device is at rest. Theft and B&Es will no longer present a risk to your privacy.

        Per-app permissions address this specific threat model directly. Containerized apps, such as those provided by Flatpak can ensure that apps remain sandboxed and unable to access data without explicit authorization.

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      4
      ·
      6 months ago

      Exactly.

      I’ll admit to being lazy and not enabling encryption on my Windows laptops. But if I deployed something for someone, it would be encrypted.

    • Zak@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      I don’t recall Signal ever claiming their desktop app provided encryption at rest.

      I’m not sure if they’ve claimed that, but it does that using SQLCipher.

    • Tywele [she|her]@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      6 months ago

      Does encrypting your disks change something for the end user in day to day usage? I’m honest, I’ve never used encrypted disks in my life.

      • communism@lemmy.ml
        link
        fedilink
        arrow-up
        9
        ·
        6 months ago

        Whole disk encryption wouldn’t change your daily usage, no. It just means that when you boot your PC you have to enter your passphrase. And if your device becomes unbootable for whatever reason, and you want to access your drive, you’ll just have to decrypt it first to be able to read it/write to it, e.g. if you want to rescue files from a bricked computer. But there’s no reason not to encrypt your drive. I can’t think of any downsides.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          If any part of the data gets corrupted you lose the whole thing. Recovery tools can’t work with partially corrupted encrypted data.

          • communism@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            I don’t think that’s a big deal with Signal data. You can log back into your account, you’d just lose your messages. idk how most people use Signal but I have disappearing messages on for everything anyway, and if a message is that important to you then back it up.

      • refalo@programming.dev
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        6 months ago

        It depends on how you set it up. I think the default in some cases (like Windows Bitlocker) is to store the key in TPM, so everything becomes transparent to the user at that point, although many disagree with this method for privacy/security reasons.

        The other method is to provide a password or keyfile during bootup, which does change something for the end user somewhat.

      • thayer@lemmy.ca
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        6 months ago

        No, the average user will never know the difference. I couldn’t tell you exactly what the current performance impact is for hardware encryption, but it’s likely around 1-4% depending on the platform (I use LUKS under Linux).

        For gamers, it’s likely a 1-5 FPS loss, depending on your hardware, which is negligible in my experience. I play mostly first and third person shooter-style games at 1440p/120hz, targeting 60-90 FPS, and there’s no noticeable impact (Ryzen 5600 / RX 6800XT).

        • ruse8145@lemmy.sdf.org
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          edit-2
          6 months ago

          If it has to go to disk for immediate loading of assets while playing a video game you’re losing more than 1-5 fps

          • refalo@programming.dev
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            6 months ago

            Maybe, but not every frame while you’re playing. No game is loading gigs of data every frame. That would be the only way most encryption algorithms would slow you down.

            • ruse8145@lemmy.sdf.org
              link
              fedilink
              arrow-up
              1
              ·
              6 months ago

              Yeah was thinking about that (edited to add immediate) – games are certainly background loading nowadays but the stuff needed is intended to be in ram by the time it’s needed, afaik.

          • thayer@lemmy.ca
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            6 months ago

            Yeah, I’m sure there are a lot of variables there. I can only say that in my experience, I noticed zero impact to gaming performance when I started encrypting everything about 10 years ago. No stuttering or noticeable frame loss. It was a seamless experience and brings real peace of mind knowing that our financial info, photos, and other sensitive files are safely locked away.

            • ruse8145@lemmy.sdf.org
              link
              fedilink
              arrow-up
              1
              ·
              6 months ago

              For sure I’m just saying i’d guess that’s because at play time you’re loading everything into ram. For bulk loading I would encryption perf follows the general use case.

              (Tldr encryption shouldn’t matter for games)

        • refalo@programming.dev
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          6 months ago

          For gamers, it’s likely a 1-5 FPS loss

          I highly doubt it… would love to see some hard data on that. Most algorithms used for disk encryption these days are already faster than RAM, and most games are not reading gigabytes/sec from the disk every frame during gameplay for this to ever matter.

      • devfuuu@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        6 months ago

        It’s transparent for end user basically, but protects the laptop at least when outside and if someone steals the computer. As long as it was properly shutdown.

          • refalo@programming.dev
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            6 months ago

            I think they’re just referring to an outdated concept of OSes with non-journaling filesystems that can cause data corruption if the disk is shut off abruptly, which in theory could corrupt the entire disk at once if it was encrypted at a device level. But FDE was never used in the time of such filesystems anyways.

          • devfuuu@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            If you suspend the laptop when moving locations instead of shutting down or hibernating to disk then disk encryption is useless.

            • thayer@lemmy.ca
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              6 months ago

              Most operating systems will require your desktop password upon resume, and most thieves are low-functioning drug users who are not about to go Hacker Man on your laptop. They will most likely just wipe the system and install something else; if they can even figure that out.

  • HappyTimeHarry@lemm.ee
    link
    fedilink
    English
    arrow-up
    45
    arrow-down
    3
    ·
    6 months ago

    That applies to pretty much all desktop apps, your browser profile can be copied to get access to all your already logged in cookie sessions for example.

    • kryllic@programming.dev
      link
      fedilink
      arrow-up
      10
      ·
      6 months ago

      IIRC this is how those Elon musk crypto livestream hacks worked on YouTube back in the day, I think the bad actors got a hold of cached session tokens and gave themselves access to whatever account they were targeting. Linus Tech Tips had a good bit in a WAN show episode

    • douglasg14b@lemmy.world
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      edit-2
      6 months ago

      And there are ways to mitigate this attack (essentially the same as a AiTM or pass-the-cookie attacks, so look those up). Thus rendering your argument invalid.

      Just because “something else might be insecure”, doesn’t in any way imply “everything else should also be insecure as well”.

  • Prethoryn Overmind@lemmy.world
    link
    fedilink
    arrow-up
    35
    arrow-down
    7
    ·
    6 months ago

    Ah yes, another prime example that demonstrates that Lemmy is no different than Reddit. Everyone thinks they are a professional online.

    Nothing sensitive should ever lack encryption especially in the hands of a third party company managing your data claiming you are safe and your privacy is protected.

    No one is invincible and it’s okay to criticize the apps we hold to high regards. If your are pissed people are shitting on Signal you should be pissed Signal gave people a reason to shit on them.

  • jsomae@lemmy.ml
    link
    fedilink
    arrow-up
    23
    ·
    6 months ago

    The real problem is that the security model for apps on mobile is much better than that for apps on desktop. Desktop apps should all have private storage that no other non-root app can access. And while we’re at it, they should have to ask permission before activating the mic or camera.

    • Pussista@sh.itjust.works
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      edit-2
      6 months ago

      macOS has nailed it*, even though it’s still not as good as iOS or Android, but leagues and bounds better than Windows and especially Linux.

      ETC: *sandboxing/permission system

        • Pussista@sh.itjust.works
          link
          fedilink
          arrow-up
          3
          ·
          6 months ago

          It’s a joke. Apps have defined permissions already allowed on install and some of them have too many things set to allow like home or host access. Also, changing any permission requires restarting the app. It’s heading in the right direction, but it has a looooong way to go to catch up with macOS, let alone Android and iOS.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      4
      ·
      6 months ago

      Firejail and bwrap. Flatpaks. There are already ways to do this, but I only know of one distro that separates apps by default like Android does (separate user per app), which is the brand new “EasyOS”.

  • ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    arrow-up
    19
    ·
    6 months ago

    Whatever its stores and however it stores it doesn’t matter to me: I moved its storage space to my ~/.Private encrypted directory. Same thing for my browser: I don’t use a master password or rely on its encryption because I set it up so it too saves my profile in the ~/.Private directory.

    See here for more information. You can essentially secure any data saved by any app with eCryptfs - at least when you’re logged out.

    Linux-only of course. In Windows… well, Windows.

    • uis@lemm.ee
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      Or ext4 encrytion. Which is overpowered. You can have different keys for different files and directories.

  • Majestic@lemmy.ml
    link
    fedilink
    arrow-up
    23
    arrow-down
    6
    ·
    6 months ago

    There is just no excuse for not even salting or SOMETHING to keep the secrets out of plaintext. The reason you don’t store in plaintext is because it can lead to even incidental collection. Say you have some software, perhaps spyware, perhaps it’s made by a major corporation so doesn’t get called that and it crawls around and happens to upload a copy of a full or portion of the file containing this info, now it’s been uploaded and compromised potentially not even by a malicious actor successfully gaining access to a machine but by poor practices.

    No it can’t stop a sophisticated malware specifically targeting Signal to steal credentials and gain access but it does mean casual malware that hasn’t taken the time out to write a module to do that is out of luck and increases the burden on attackers. No it won’t stop the NSA but it’s still something that it stops someone’s 17 year old niece who knows a little bit about computers but is no malware author from gaining access to your signal messages and account because she could watch a youtube video and follow along with simple tools.

    The claims Signal is an op or the runner is under a national security letter order to compromise it look more and more plausible in light of weird bad basic practices like this and their general hostility. I’ll still use it and it’s far from the worst looking thing out there but there’s something unshakably weird about the lead dev, their behavior and practices that can’t be written off as being merely a bit quirky.

      • Majestic@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        I mean combined with any kind of function, even a trivial kind. A salt derived from some machine state data (a random install id generated on install, a hash of computer name, etc) plus a rot13 or something would still be better than leaving it plaintext.

        • uis@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          6 months ago

          Malware has access to it.

          If fs is not encrypted, then malicious hardware(FSB agent’s laptop) also has access to it. If encrypted, then it we are back to statement many people told here about encrypting fs.

          plus a rot13

          That’s not salting.

  • mlg@lemmy.world
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    3
    ·
    6 months ago

    Bruh windows and linux have a secrets vault (cred manager and keyring respectively, iirc) for this exact purpose.

    Even Discord uses it on both OSs no problem

  • sntx@lemm.ee
    link
    fedilink
    arrow-up
    13
    arrow-down
    2
    ·
    6 months ago

    I have three things to say:

    1. Everyone, please make sure you’ve set up sound disk encryption
    2. That’s not a suprise (for me at least)
    3. It’s not much different on mobile (db is unecrypted) - check out molly (signal fork) if you want to encrypt it. However encrypted db means no messages until you decrypt it.
        • ruse8145@lemmy.sdf.org
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          6 months ago

          That’s quite a take given the source of most current end to end encrypted messaging algorithms.

          But also, whooosh

    • notannpc@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      3
      ·
      6 months ago

      Obviously the keys could be stored more securely, but if you’ve got malware on your machine that can exploit this you’ve already got bigger problems.

      • douglasg14b@lemmy.world
        link
        fedilink
        arrow-up
        6
        arrow-down
        5
        ·
        edit-2
        6 months ago

        That’s not how this works.

        This sort of “dismissive security through ignorance” is how we get so many damn security breaches these days.

        I see this every day with software engineers, a group that you would think would be above the bar on security. Unfortunately a little bit of knowledge results in a mountain of confidence (see Dunning Kruger effect). They are just confident in bad choices instead.

        We don’t need to use encryption at rest because if the database is compromised we have bigger problems” really did a lot to protect the last few thousand companies from preventable data exfiltration that was in fact the largest problem they had.

        Turns out that having read access to the underlying storage for the database doesn’t necessarily mean that the database and all of your internal systems are more compromised. It just means that the decision makers were making poor decisions based on a lack of risk modeling knowledge.


        That said the real question I have for you here is:

        Are you confident in your omniscience in that you can enumerate all risks and attack factors that can result in data being exfiltrated from a device?

        If not, then why comment as if you are?

  • 𝕸𝖔𝖘𝖘@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    6 months ago

    Couldn’t they set up a 2fa, where it sends a notification to your mobile Signal (since you must have that anyway, to use desktop)? If you want to decrypt your Desktop Signal, you need to allow it on your Mobile Signal.

  • ssm@lemmy.sdf.org
    link
    fedilink
    arrow-up
    8
    arrow-down
    9
    ·
    edit-2
    6 months ago

    So many better standards like XMPP and IRC yet people use Signal and Telegram. I hate marketing.

    • ruse8145@lemmy.sdf.org
      link
      fedilink
      arrow-up
      4
      arrow-down
      4
      ·
      6 months ago

      Signal is an objectively better experience than xmpp, and has about identical security (same with matrix). Irc isn’t secure afaik. Telegram isn’t secure afaik.

      A better wish would be that people in 2024 would stop being fuckign weird about their cell number. Some people don’t want to give it out despite white pages being the standard for years (and how the Terminator knows who to kill). Other people refuse to use a messaging app where they can’t use their phone to sign up. Some people want to sign up with their number but not give it out.