Wouldn’t having full disk encryption achieve most of the benefits of that? In case of someone having access to your unlocked machine what is stopping them from launching the app and looking though it?
Comment on A fresh install of Signal takes up 410MB, blowing both Firefox and Chromium out of the water
VeganCheesecake@lemmy.blahaj.zone 5 months ago
For the most part, I don’t care about App Size. Storage is cheap. What I miss with the Signal Desktop App is the option to save everything in an encrypted container.
kostas@lemm.ee 5 months ago
VeganCheesecake@lemmy.blahaj.zone 5 months ago
Yes, full disk encryption helps against intruders with device access, but not against the files being indexed by other application. My phone is encrypted, but I still use a signal client that is encrypted again.
Natanael@slrpnk.net 5 months ago
Am encrypted container doesn’t help if the directory is mounted and accessible or if the key is in plaintext. Also doesn’t help if the process isn’t isolated. You need a bunch of extra measures like using the OS keystore set to only allow the correct program to retrieve the key, keeping secrets only in process memory, etc.
Tldr it’s a lot of work to do it right. If you do it the simple way like throwing it all in SQLite with encryption active you still leak metadata.
VeganCheesecake@lemmy.blahaj.zone 5 months ago
I have never worked on a properly hardened desktop app, so I don’t have much of a perspective on that, and can definitely see that it might not be worthwhile for the signal team.
I would appreciate some level of encryption, thinking that it might help with less targeted attacks. I’d also appreciate a Web client, like Threema’s with none permanent sessions. But all that’s, as you’d say in German, “Meckern auf hohem Niveau”, especially since I’m not currently contributing to Signal.
kostas@lemm.ee 5 months ago
Hm, but wouldn’t such an application be malicious by default? Having protection against attackers on your device seems of out scope for a messaging application, at that point I would consider something like Tails. Though this may be a rare case when moving to an appimage could help matters.
VeganCheesecake@lemmy.blahaj.zone 5 months ago
Yes and no. I personally would like to be asked permission for such behaviour, but a gallery application, for example, could have legitimate reasons to index all photos on your system. I personally prefer to manually set the folders it is supposed to index, but that doesn’t seem to be a generally accepted paradigm.
In general, I see why you need to trust that a system your app runs on is uncompromised to a a certain degree, but measures to potentially limit harm in case it is still seem sensible, especially for an app with a focus on privacy and security.
lemmytellyousomething@lemmy.dbzer0.com 5 months ago
Same. I’ve seen the alternative called dependency hell too often… Yes, you can.share stuff between apps, but then, versioning is a nightmare.