[Pkg-xmpp-devel] Bug#1076963: dino-im: (security) defaults to insecure, padlock waaaay to subtle, people are getting stung by this!
Manny
debbug.dino-im at sideload.33mail.com
Wed Jul 24 19:50:42 BST 2024
Package: dino-im
Version: 0.4.2-1
Severity: normal
Tags: upstream
X-Debbugs-Cc: debbug.dino-im at sideload.33mail.com
Control: forwarded -1 https://github.com/dino/dino/issues/971
Dino-im defaults to insecure. This is a terrible security issue
because users are being setup to expose sensitive information. The
padlock is grey, and when it’s unlocked there is only a very tiny gap
between the shank and the body, so it’s very hard to notice the
unlocked state before sending a message.
Then after sending a message, sometimes there is a red padlock and
sometimes just a grey checkmark. The red unlocked padlock has the same
problem as the grey unlocked padlock: very hard to notice that it’s
unlocked. It’s so hard to notice that I only discovered the problem
after *months* of unintentionally exposed chatter.
I am gutted. I’m also not the only one. Lots of people are getting
stung by this. The bug was reported upstream *4 years* ago. I am
reporting it here to make this bug loud and clear for other Debian
users in an effort to try to mitigate more people getting burnt.
These changes are essential:
① the default should be OMEMO or OpenPGP. Does not matter which, but
/unencrypted/ is a reckless default.
② there needs to be an option to force a loud popup warning that
interrupts all unencrypted transmission attempts. It should also
default to ENABLED. The pop-up should have a “don’t show me this
again” button so security ambivalent users only see the nag once.
③ the padlock icon in the message entry field should be bigger.
④ the unlocked state should not just be a tiny gap between the shank
and the body; it should be rotated 180° so it’s more clear that it’s
in the open state.
⑤ the open state should never be red, green, blue, or grey. Yellow is
probably best, perhaps with a “☣” or “⚠” as well.
⑥ in fact, the unlocked padlock icon should be blinking. This would be
quite annoying for people who intend to have insecure comms, so the
blinking should probably be tied to the toggle option described in ②
above.
⑦ fix the inconsistent indicator on insecure messages. It should not
be a just a checkmark sometimes and sometimes both a checkmark and an
unlocked padlock. In fact, the open padlock is should be paired with
the word “unencrypted” spelled out next to it.
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-28-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dino-im depends on:
ii dino-im-common 0.4.2-1
ii libadwaita-1-0 1.2.2-1
ii libc6 2.36-9+deb12u7
ii libcairo2 1.16.0-7
ii libgcc-s1 12.2.0-14
ii libgcrypt20 1.10.1-3
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1
ii libgee-0.8-2 0.20.6-1
ii libglib2.0-0 2.74.6-2+deb12u2
ii libgnutls30 3.7.9-2+deb12u2
ii libgpgme11 1.18.0-3+b1
ii libgraphene-1.0-0 1.10.8-1
ii libgstreamer-plugins-base1.0-0 1.22.0-3+deb12u1
ii libgstreamer1.0-0 1.22.0-2
ii libgtk-4-1 4.8.3+ds-2+deb12u1
ii libgtk-4-media-gstreamer 4.8.3+ds-2+deb12u1
ii libicu72 72.1-3
ii libnice10 0.1.21-1
ii libpango-1.0-0 1.50.12+ds-1
ii libqrencode4 4.1.1-1
ii libsignal-protocol-c2.3.2 2.3.3-3
ii libsoup-3.0-0 3.2.2-2
ii libsqlite3-0 3.40.1-2
ii libsrtp2-1 2.5.0-3
ii libstdc++6 12.2.0-14
ii libwebrtc-audio-processing1 0.3-1+b1
Versions of packages dino-im recommends:
ii ca-certificates 20230311
ii dbus 1.14.10-1~deb12u1
ii fonts-noto-color-emoji 2.042-0+deb12u1
ii network-manager 1.42.4-1
dino-im suggests no packages.
-- no debconf information
More information about the Pkg-xmpp-devel
mailing list