I’m not sure why you’re so dismissive of this? It’s kind of asinine.

Does everyone everywhere only ever use computers in an enclosed room? Is everyone with something value to exfiltrate easily accessible to kidnap and beat with a wrench?

This is valuable for corporate espionage, political purposes, or for nation states. If miniaturized, even easier for targeted attacks where it might be difficult to inject malware, or for broad attacks on office workers.

And the best part is that it doesn’t leave a trace which beating someone with a wrench and malware would do…

I’m not claiming some grand level of knowledge here. I also cannot enumerate all risks. The difference is that I know that I don’t know, and the danger that poses towards cognitive biases when it comes to false confidence, and a lack of effective risk management. I’m a professional an adjacent field, mid way into pivoting into cybersecurity, I used to think the same way, that’s why I’m so passionate here. It’s painful to see arguments and thought processes counter to the fundamentals of security & safety that I’ve been learning the past few years. So, yeah, I’m gonna call it out and try and inform.

All that crap said:

And you are right, the problem gets moved. However, that’s the point, that’s how standardization works, and how it’s supposed to work. It’s a force multiplier, it smooths out the implementation. Moving the problem to the OS level means that EVERYONE benefits from advanced in Windows/Macos/Linux. Automatically.

It’s not signal’s responsibility, it shouldn’t be unless that’s a problem they specifically aim to solve. They have the tools available to them already, electron has a standardized API for this, secureStorage. Which handles the OS interop for them.

I’m not arguing that signal needs to roll their own here. The expectation is that they, at least, utilize the OS provided features made available to their software.

Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.

Damn reading literacy has gone downhill these days.

Please reread my post.

But this should be an OS level protection that can be offered to Signal as an app, not the other way around.

1. OSs provide keyring features already
2. The framework signal uses (electron) has a built in API for this EXACT NEED

Cmon, you can do better than this, this is just embarrassing.

That’s all hinges on the assumption that your computer is pwned. Which is wrong

You don’t necessarily have to have privileged access to read files or exfiltrated information.

That point doesn’t matter anyways though because you’re completely ignoring the risk here. Please Google “Swiss cheese model”. Your comment is a classic example of non-security thinking… It’s the same comment made 100x in this thread with different words

Unless you can list out all possible risks and exploits which may affect this issue, then you are not capable of making judgement calls on the risk itself.

That’s not how this works.

This sort of “dismissive security through ignorance” is how we get so many damn security breaches these days.

I see this every day with software engineers, a group that you would think would be above the bar on security. Unfortunately a little bit of knowledge results in a mountain of confidence (see Dunning Kruger effect). They are just confident in bad choices instead.

“We don’t need to use encryption at rest because if the database is compromised we have bigger problems” really did a lot to protect the last few thousand companies from preventable data exfiltration that was in fact the largest problem they had.

Turns out that having read access to the underlying storage for the database doesn’t necessarily mean that the database and all of your internal systems are more compromised. It just means that the decision makers were making poor decisions based on a lack of risk modeling knowledge.

That said the real question I have for you here is:

Are you confident in your omniscience in that you can enumerate all risks and attack factors that can result in data being exfiltrated from a device?

If not, then why comment as if you are?

And there are ways to mitigate this attack (essentially the same as a AiTM or pass-the-cookie attacks, so look those up). Thus rendering your argument invalid.

Just because “something else might be insecure”, doesn’t in any way imply “everything else should also be insecure as well”.

That’s not how this works.

If the stored data from signal is encrypted and the keys are not protected than that is the security risk that can be mitigated using common tools that every operating system provides.

You’re defending signal from a point of ignorance. This is a textbook risk just waiting for a series of latent failures to allow leaks or access to your “private” messages.

There are many ways attackers can dump files without actually having privileged access to write to or read from memory. However, that’s a moot point as neither you nor I are capable of enumerating all potential attack vectors and risks. So instead of waiting for a known failure to happen because you are personally “confident” in your level of technological omnipotence, we should instead not be so blatantly arrogant and fill the hole waiting to be used.

Also this is a common problem with framework provided solutions:

https://www.electronjs.org/docs/latest/api/safe-storage

This is such a common problem that it has been abstracted into apis for most major desktop frameworks. And every major operating system provides a key ring like service for this purpose.

Because this is a common hole in your security model.

They’re arguing a red herring. They don’t understand security risk modeling, argument about signals scope let’s their broken premise dig deeper. It’s fundamentally flawed.

It’s a risk and should be mitigated using common tools already provided by every major operating system (ie. Keychain).

Not necessarily.

https://en.m.wikipedia.org/wiki/Swiss_cheese_model

If you read anything, at least read this link to self correct.

This is a common area where non-security professionals out themselves as not actually being such: The broken/fallacy reasoning about security risk management. Generally the same “Dismissive security by way of ignorance” premises.

It’s fundamentally the same as “safety” (Think OSHA and CSB) The same thought processes, the same risk models, the same risk factors…etc

And similarly the same negligence towards filling in holes in your “swiss cheese model”.

“Oh that can’t happen because that would mean x,y,z would have to happen and those are even worse”

“Oh that’s not possible because A happening means C would have to happen first, so we don’t need to consider this is a risk”

…etc

The same logic you’re using is the same logic that the industry has decades of evidence showing how wrong it is.

Decades of evidence indicating that you are wrong, you know infinitely less than you think you do, and you most definitely are not capable of exhaustively enumerating all influencing factors. No one is. It’s beyond arrogant for anyone to think that they could 🤦🤦 🤦

Thus, most risks are considered valid risks (this doesn’t necessarily mean they are all mitigatable though). Each risk is a hole in your model. And each hole is in itself at a unique risk of lining up with other holes, and developing into an actual safety or security incident.

In this case

• signal was alerted to this over 6 years ago
• the framework they use for the desktop app already has built-in features for this problem.
  • this is a common problem with common solutions that are industry-wide.
• someone has already made a pull request to enable the electron safe storage API. And signal has ignored it.

Thus this is just straight up negligence on their part.

There’s not really much in the way of good excuses here. We’re talking about a run of the mill problem that has baked in solutions in most major frameworks including the one signal uses.

https://www.electronjs.org/docs/latest/api/safe-storage

Because the lowest common denominator is much MUCH lower than you think it is.

This means it’s easy to indoctrinate and easy to maintain that for a massive number of people.

Scientific illiteracy is extremely high, and actual “6th grade reading comprehension” is the highest level of literacy for > 50% of a country like the U.S. and ~20% are low literacy or actually illiterate.

This means that half of everyone in the U.S. can read and understand what they read at or below a 6th grade level. This isn’t “reading big words”, it’s “tell us about what you read”, “what is the relationship between x & y” type questions.

This comment for example, up to this point only, would be difficult to understand & comprehend for > 50% of people in the U.S. (it demands an 11th grade reading comprehension). And may be misread, misunderstood, or not understood at all.

People are driven to religions to cults and alt conspiracy theories when they don’t understand how the world works around them. They latch onto extremely simple often misleading or incorrect ideas of how the world works because they can understand it and it “makes sense” within their sphere of ignorance (we all have one, this isn’t meant to be a disparaging term).

This means that the problem is that humans are just not smart enough to escape religion yet. It’s the simplest answer, and it appears to be correct.

I don’t think the concern over pinging 1.1.1.1 is warranted.

ICMP is pretty raw Network traffic, meaning you’re not really causing much actual load here.

You can’t even really try to DDOS with normal ICMP packets. You usually have have to max it’s size out at 64KB with an ICMP floor to even think of having an effect. Vs the, effectively inconsequential, 32 bytes of a normal ICMP packet.

You watching a short YouTube video is equivalent Network load as 180 days of pinging for Network up time.

They keep giving us more reasons to sail the high seas.

Naw, they’ll find some way to “incentivize” (punish you for not) viewing ads and enforce it with eye tracking.

Super glue seems appropriate 🤔

“unfortunately your In-Flight Engagement Actions ™️ did not meet the requirements to qualify you for in flight perks such as entertainment and meals”

“Please ensure you are looking directly at the screen while ads are playing to accumulate In-Flight Engagement Actions ™️”

Coming soon to an airline near you.

Yeah but don’t let reddit lemmy hear you having a nuanced or thoughtful take.

Beer is expensive.

The whole point of this is to show the dad making a sacrifice for his kid.

Ok…

So your point is that a bad logging implementation is bad. And I agree.

I’m not seeing how that’s extendable to implementations as a whole. You’re conflating your bad experience with "log aggregation is bad’.

Just because your company sucks at this doesn’t mean everyone else’s does.

Yeah, ofc it is.

I’m working in a system that generates 750 MILLION non-debug log messages a day (And this isn’t even as many as others).

Good luck grepping that, or making heads or tails of what you need.

We put a lot of work into making the process of digging through logs easier. The absolute minimum we can do it dump it into elastic so it’s available in Kibana.

Similarly, in a K8 env you need to get logs off of your pods, ASAP, because pods are transient, disposable. There is no guarantee that a particular pod will live long enough to have introspectable logs on that particular instance (of course there is some log aggregation available in your environment that you could grep. But they actually usefulness of it is questionable especially if you don’t know what you need to grep for).

These are dozens, hundreds, more problems that crop up as you scale the number of systems and people working on those systems.

So, essentially, really poorly written malware? Given the number of assumptions it makes without any sort of robustness around system configuration it’s about as good as any first-pass bash script.

It’d be a stretch to call it malware, it’s probably an outright fabrication to call it a virus.