tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.
Gotta love #Electron. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."
It seems to me that Moxie has a very hard line that tradeoffs are always to be made in the direction of maximizing ease of mainstream adoption, and collateral losses don't matter.
And in a sense, this is reasonable if the main goal is to make use of e2e encryption widespread. But boy, do a lot of þose decisions rub me the wrong way.
It would take longer than with Signal, sure, but it would work. I stayed in touch with people across 3 continents with Briar Beta for a while.
But there's a world of different possibilities/usecases between the two you just mentioned. Making it seem as if Briar is only good for a small, tightly-woven group of physically close activists is disingenuous.
I've always taken Moxie's justification to be that encryption without mainstream adoption is next to utterly useless in a public context. That's why he so strongly biases his trade-offs in that direction. And I have to agree with him. It is also why it seems to me that none of the trade-offs are set in stone, so I don't get "rubbed" so badly by them and it appears quite counterproductive to me how harsh some nerds yell at him for them.
@oriol @rysiek @lattera
I use Signal as my main messenger on the phone. If you consider that yelling is a bit of thin skin. Objectively, this trade-offs are sometimes too much, overbraking if you want to say it like that. Sometimes as in this case, they take into account and fix the issue, like the call logs disappearing:
Recently on the forum I proposed to get a setting for the proxy, and they were reluctant, too much complication for the average user. But I think a lot of the people that use Signal will run TOR too. Makes sense to me. But is the way it is.
Fix released a few hours ago: https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1
Update your Signal Desktop to v1.10.1
@rysiek Have you seen what vscode (and not only vscode) electron build does? It's even more scary... https://twitter.com/b1ack0wl/status/995123876404318208
@dangoljames we could start here: https://media.ccc.de/v/28c3-4763-en-the_science_of_insecurity
@dangoljames uhm excuse me?
This is a solid talk, with great ideas, and a strong message. The speaker is a well-recognized security researcher with years of experience, and tons of examples to back up their claims.
The talk makes perfect sense to me, shows a deeper problem in the IT sector that has not been properly recognized, and provides concrete ways to start solving it.
You have any particular criticisms of this talk you want to share?
- emotional appeals
- weak metaphors
- buzzwords/catchphrases like 'attack surface', 'turing complete'
- 'software sucks ass'
- "Kurt Goedel' a physicist? give me a break; the man was not a physicist; he was a fantastic number theoretical mathemetician who authored a seminal theory on that topic, and who had nothing to do with physics.
There's nothing professional about this gal's talk, and very little technical substance.
The whole thing is a load of posturing fail.
@dangoljames What I have against Electron apps:
tl;dr it's a huge attack surface. Any Electron app bundles full ffmpeg, and a shit-ton of other stuff. This means that there is a *LOT* of code that can be buggy/vulnerable.
I am not even going to go into size, memory consumption, etc.
The sheer insecurity of the Electron ecosystem is mind-boggling.
Re: Electron; point taken.
However, the worst of electron is the worst of browsers as well, so its at least moderately naive to assume that because you don't use eg, Atom that you are somehow safer.
So I ask, how can this vector be mitigated, with the tools and on the networks that we have at our disposal, today?
@dangoljames stop writing shitty software. And one practical way to do this is via what's in the presentation.
And yes, the fewer Electron apps I am using, the safer I am. Because Electron *lags behind* Chrome/Chromium, so it is vulnerable to *published vulns* in Chrome/Chromium.
And Electron-based apps lag behind Electron. So it's even worse.
I would rather not run 3 old different vulnerable versions of Chrome/Chromium just to have a chat, IRC, and IDE.
@dangoljames okay, so let me get this straight:
1. you did not watch the talk to the end
2. but still decided to throw random sarcastic hashtags at it
3. you considered Electron apps secure
4. you don't consider stuff in the talk -- which you have not watched in full -- to be solutions
5. you refuse to entertain a notion that there are no immediate solutions and that perhaps we do need to change the way we write software
6. but you have no solutions of your own
I think we're done here.
1. Correct. This is not in question, and reasons have been provided
2. Incorrect. The hashtags were by no means sarcastic in nature
3. Incorrect. I never considered electron apps secure.
4. Strawman. I don't consider the theory presented in the talk to be of practical use in the wild.
@rysiek 5. I don't know of intermediate solutions, but I am open to suggestions. I don't dispute that changes are neccessary. I suspect, however, that "change the way we write software" should read "redesign the protocols and then change the way we write software accordingly"
6. I have repeatedly emphasized that I am l looking for practical solutions to these problems.
JFC what does this guy have against Meredith L. Fucking Patterson, awesome polyhacker and all round nice person?
I've seen her do biochemistry/polymer chemistry hacking, she was already a seasoned biohacker when I showed up, and she's well known in infosec and langsec. And he comes at her for her clothes and dead husband? Blocking is too good for him!
@cathal I tried engaging, I really did. Also, I do believe that the presentation needs to stand on it's own merit regardless of who's the author.
But this presentation does, with room to spare.
Had he gone at it with "yeah, but that's not something users can do" I would have agreed.
Still, this *is* an important part of the solution of the bigger problem, and that needs to be recognized.
There's a difference between "this is not a solution at all" and "...for me right now".
@rysiek the solutions I have come up with feel pretty ineffective in the face of the maelstrom.
I never got started writing electron apps before realizing what a potential problem it is.
I've ditched chrome/chromium in favor of waterfox, and run it in 'do not track' mode.
I left facebook just before it became cool to do so.
This is why I asked the original question, what can be done?
@dangoljames what is to be done?
Slides: 23, 24, 38, 40, 42, 44, 50, 52, 53, 54, 57.
Here are the slides:
But way, way more in the actual talk.
The gist of it: be explicit about input handling and (domain-specific or otherwise) languages your program parses. Use the language with least "computational power", stay away from the halting problem.
Or, you know, actually watch the talk.
I watched as much of the talk as I could stand, and before making this reply I reviewed your slide highlights.
This was just a lot of pretentious grandstanding on the part of this individual giving the presentation.
There is absolutely nothing there about what I can do to fix the browser that I have to use, right now.