-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encryption / Ferdium Lock #582
Comments
Hello 👋 I'll try to answer some of your questions:
The Ferdium Lock feature, as far as I know, is only a front end feature to lock all app if you're away from your computer. This is useful if you leave your computer and want to lock Ferdium so that you prevent anyone from getting a hand on the app. The Ferdium Lock password is encrypted and only stored locally (I'm currently on mobile so I can't confirm this right away, but I'm 95% sure of this given that I've taken a look at this portion of code before, when trying to solve a related issue). Nevertheless, if someone tries to access Ferdium, they can try to mess with your local Ferdium config files to change the password, but I'm not really sure they can change it and get access to the app itself.
Generally, I think that your concern is more like a global concern of overall computer security, and not totally related to Ferdium - I think that if anyone gets access to your computer, all your data (Ferdium and not Ferdium related) can be compromised... So I would recommend you to try to secure your computer first (with passwords, security keys, auth systems), which will for sure be a strong barrier for someone trying to get into your computer. |
I second what @SpecialAro said. We don't have access to any of your user data (besides the list of services you have added, which is synchronized across you machines if you use the online synchronization feature of Ferdium). In general, locking an application while your computer is not locked is a tricky thing: https://textslashplain.com/2020/09/28/local-data-encryption-in-chromium/ In theory, Chromium (on which Electron and Ferdium are built) support encrypting cookies on some platforms. However, the encryption key is easily extractable on Windows, so this leaves MacOS. Unfortunately, even there, Electron doesn't support what would be required for a secure "password lock" feature: electron/electron#32407 In the light of this, Ferdium doesn't use cookie encryption and the password lock is only there to deter casual attackers (who aren't able to or don't have an opportunity to extract the cookie storage files). You should rely on full disk-encryption of your OS for protecting your data (including Ferdium cookies) at rest, the security practices of your OS to protect your data from remote attackers, and the OS lock screen (and things like the IOMMU in the case of more exotic attacks) for protecting your data from local attackers. In the future, if Chromium and Electron improve encryption supports, it might be possible to create a password lock with real strength (in the meantime, I was actually arguing for the removal of the password lock feature to avoid giving a false sense of security, but I digress). However, the chances for this are slim, because the kinds of threats models that would be addressed by a password lock feature are much easier to address on the OS level. The single scenario that would be addressed by a (current nonexisting) secure Ferdium lock, but not the OS itself, would be when you give physical access to someone to your computer, but you don't want them to have access to your Ferdium accounts. However, please keep in mind that
|
Okay, first thing - of course - thanks for fast and solid answers! Now I can see that I've been misundestood - or rather I wrote it wrong (english is not my native and sometimes I fail). I used "YOU" in my examples, but what I had in mind was "SOMEONE" - so I was not thinking about "YOU" having access to messages (because I know it already from FAQ that you don't have) - but "SOMEONE" who can have short access to my computer. This concernes was addressed by @kris7t in his post, so I am pleased actually, but I have an idea to wrap it up and then close this Issue (or give it few days for others to comment as you feel). So If I understand well - there is no encryption addon for electron projects, and it never would be more secure than Chromium. Now I will provide my point of view, like "what would be great in my model" to clarify my needs - just for better undestanding. Oh, and please let's not go into "your model is not what most of people do" kind of thing - just let it be, I know this.
Let's begin from here. Actually that's not true in my case - and that's why am asking about this in the first place. My browsing model is about to clear all of the cookies (whitelisting some minor sites) and using password-manager to log-in everytime. And from what I know - it's not a totally nerdy behaviour - a lot of people do this and it's not considered as "spy-stuff". I think that I got an answer already, but let's clarify with these simple questions-examples:
So what I see here? A realistic enhancement, maybe:
So yes, it's all about making Ferdium a handy app also for people who doesn't like to be always logged in. And if I decide to not clear my cookies - maybe there's another way to protect them. About rest, to be clear: Big thanks for your time, again! 💙 PS. Before you decide to close this issue - please add also a 'security' label to the first post, I think it could be handy. |
Yes, they will be able to access your session cookies. Passwords are probably not stored directly (depends on the web application, but it sound like an outrageously bad idea, so I doubt any serious application would do that), but some messages may be cached locally (again, by the web application), too.
Same as the above.
This is a good idea, but a bit hard to do in practice. Ferdium isolates each service as a Chromium "partition", and each partition can have its own WebExtensions. So it would not only require adding extension support to Ferdium, but we'd also have to make sure that each "copy" of the extension in each partition plays nice with each other.
If you want this kind of functionality, maybe a transparent, filesystem-level encryption of the data directory of Ferdium (e.g., eCryptfs or CryFS would work. However, you'd need to unlock and lock the encrypted contained manually before/after running Ferdium, since, for obvious reasons, it wouldn't be able to start and unlock its own files while they are still encrypted.
If this was possible (i.e., control how Chromium retrieves the cookies), making the password lock actually secure would be easy. However, at the moment, Electron or Chromium offer us no API to do this. (Okay, actually, we had a bug a few months ago where we broke Chromium's cookie storage, and no cookies were saved or loaded at all. Nevertheless, there's no way to deliberately control this.) |
Yup, it's all clear for me now. In a way that my own quote...
... it's kinda facepalming. I forgot that there's |
... but there is Ferdium portable version available, and this is a moment when I realise that everything was told in this topic. Closing it, if you don't mind. Thanks again and long live the project! |
Your issue
Firstly: I'm really sorry if there is an answer for my question somewhere. I was really looking everywhere, even in Ferdi/Franz documentation and I couldn't find exact answer. Even if there is an answer somewhere - it's really hard to find it, though. So maybe this topic is needed. Also, please note that I'm not a technical person, so if the anwer is inside the code - It's not easy for me to find it.
Security / Encryption / Ferdium Lock
I need an information about what data is stored on the computer and how it can be retreived by someone else, having my computer opened. We have these options:
I really like Ferdium, because I can use some messengers in one place. It really would be a great thing if this "Ferdium Lock" feature really could give a decent security. I know that Ferdium is not build for security, but maybe there are chances to improve it?
Thank you for your answers.
PS. Please label it as a question, I couldn't find how to do it
The text was updated successfully, but these errors were encountered: