Earlier this month, Signal was embroiled in controversy as a known vulnerability in the desktop client was rediscovered by an iOS developer. Initially, the president of the Signal Foundation decided to state that it didn’t need to be fixed, but after a short period of time, the Signal developers started working on a fix. In short, community engagement saved the day and we can all sleep better knowing that a fair amount of people care about security enough to push for meaningful improvements. That’s not quite the end of the story though, there are good reasons to consider the fine details.

What was the vulnerability?

Many programs you use require persistence in some form or another. In the case of Signal, this means that without saving files you would need to re-sync your account every time you open the program and download all your messages again. To solve this, programs generally store file and/or a database in an application data folder under your user account.

This seems like a normal and reasonable thing to do, however on desktop platforms there is less protection from the user themselves accessing files. This means that any other program you run has the capability of stealing that information as long as it is run under your user account. Mobile operating systems like Android and iOS work differently, and try to isolate files on a per-app basis.

Without any additional protections, such as the user having to enter a password to decrypt the messenger’s files, the user’s messages are vulnerable to being read by malicious actors. Anyone who seizes access to the files also has access to the user’s Signal chats and their content. It’s worth noting that for this particular vulnerability, Session (a Signal fork) was also impacted by this problem. In truth, for the same reasons that Signal didn’t see it as an important problem in 2018, I would expect other applications to have similar problems.

What are the implications?

Convenience vs security:

Depending on what the goals for a particular project are, you can rationally defend particular limitations. If a software project merely intends to be a “starter option” for somebody just beginning to seize control over their digital affairs, ease-of-use may be a higher priority than state-of-the art. It does sound like a terrible idea to those of us who do prioritize privacy and security, but getting more people protected from the most egregious threats can have a huge impact if made easy enough.

Signal is held to a higher standard however, at least by many who see it as the de-facto standard for a secure messenger. One way to overcome the convenience vs security dilemma is to allow for users to opt-in to better security protections. This isn’t necessarily ideal, because people rarely switch away from the defaults. Another solution would be to offer various “flavors” of the program, with different defaults based on the needs the user has. With regular reminders that enhanced security is available, this could be a best-case scenario for everyone involved at the cost of additional development headache.

Another solution that I believe should be considered more, is the adoption of hardware token based authentication. Instead of relying entirely on ourselves to remember and constantly enter difficult passwords, using an authentication key can work better. Having a dedicated encryption module can offer a more seamless interaction with various security measures at the cost of more development overhead. In addition to this, hardware keys can not be stolen over the Internet as easily as passwords.

Of course, without any development work, a sophisticated solution is for experienced users to use something like Qubes OS to manually isolate every program on their system in its own virtual machine.

The only constant is change:

Personally, what’s really interesting to me is that this scenario really highlights how much people are generally willing to overlook problems when there isn’t a readily available ’turn-key’ solution. Since 2018, operating system features built for protecting sensitive information have been developed and more widely adopted by other applications. These features gaining prominence is the very thing that moved the needle on making the status quo untenable.

Not only do threats evolve, but so do solutions. It is possible that many things we currently accept may become disastrous, yet easy to resolve in the future. If nothing else, this is a call to seriously consider long-term sustainability of various habits and techniques, as well as how we can emphasize adaptability in a rapidly changing environment. It is clear that now is not the time for complacency, and that a significant amount of effort is required to truly build a coherent foundation for computing.

File management:

Consider: Does it even make sense to protect various files as ‘special’ in the first place?

While at first glance one may assume that critical information like decryption keys are inherently more worth protecting than miscellaneous files or other program data, but there are good counter-arguments. For example, any documents or records you keep themselves may have sensitive content that also needs to be protected. In addition to this, most browsers are also vulnerable to the same threat, which means attackers can potentially break into a person’s accounts or read their entire browsing history.

That itself is a big problem, without simple answers. One option is to try to build more protections on top of existing systems, another is to wipe the slate clean and try to rebuild entirely based on lessons learned. If you haven’t already, I’d highly recommend watching this interview I had with the developer of Serenum to discuss his attempt at resolving some of these issues from the ground up.

It’s a bold direction for sure, but even more important than the project itself is for more people to learn the fundamental levels of computing to help transform the foundation. People vastly underestimate what can be accomplished with a bit of knowledge becoming a bit more common.

A defense of pragmatism

I will reiterate my position that it’s always worth using the most secure messenger you can with those around you. Isolating yourself entirely by refusing to compromise with close contacts is a road to being very isolated. Instead of demanding everyone you know only interact with you with a single ‘perfect’ option that doesn’t exist taking on the burden of being familiar with multiple good or even less bad options can help move people away from the most egregious circumstances.

Remember that while your own situation is vital, the big picture matters a great deal too.
To paraphrase the founder of FUTO:

“A good programmer can often get in the weeds and be like: Hey, this is cool! I solved this hard conceptual problem, but polishing this for a billion users, that’s no fun! Who’s going to polish it for a billion users? It’s gonna be a big company that can pay people money.”

FUTO - Using the term “open source” - a response to everything!

Protecting digital autonomy needs to be about more than just our own individual self-interest, and more about doing what we can to help others. It is clear now more than ever that we don’t just need great programmers, but we also need more people to take these issues seriously, and that can’t happen if the solutions are too difficult to use. Despite everything, I find it easier and easier to be an optimist regarding these problems. It definitely seems that we really are only a bit of education, support, and passion away from making radical changes for a better technological future.

As bleak as things can be, it’s reassuring that a great deal of the problems we want to take on are very much in the open. As much as it can feel like rebuilding it all requires starting from scratch, that’s not true in the slightest. Important lessons have been learned that can help us steer clear from a wide range of fundamental problems and there is a lot of amazing software to retool or at least learn from.

I hope you can get excited about considering how things can be different, and how you can fit into making our digital environment better for not only yourself, but also those around you. It seems the opportunities for real change are only just beginning to present themselves.

Gabriel
Support this work Liberapay Buy Me a Coffee Monero


Published: Jul 17 2024
Tags:
Privacy Security Chat Remoralization

Lessons from Alt-Tech Failures

Apr 08 2024 Gabriel

Understanding the dangers of letting down your guard.


Prev B @ Next