top | item 46252256

(no title)

laserbeam | 2 months ago

Someone needs to design a super dumb and robust system where I can safely store all my keys on all devices I use an account. The fact that whatsapp, signal and other platforms tend to have a primary device for keys is bonkers to me. A primary device that can randomly die, get stolen or fall in a lake.

I have lost chat histories more times than I can remember, and I have to be extra diligent about this these days.

I don’t even want to think about pgp when I have to manually take care of this problem. Not because of my own skills, but because I could never make it reliable for my family and friends on their side.

discuss

nine_k|2 months ago

This is a difference in the threat model.

Signal's threat model is that everything around you is hostile to you, except the parties you interact with. You are an undercover rebel in a totalitarian sect which would sacrifice you to Cthulhu if they see your chat history. Losing it is much better than disclosing it.

Your threat model is likely random black hat hackers who would try to get into your communication channels and dig some dirt to blackmail you, or to impersonate you to scam your grandmother out of several thousand dollars. Signal protects quite well against it. But the chance of this happening even in an unencrypted channel is low enough. You don't mind making the security posture somehow weaker, but preserve the possibility to restore your chat history if your secure device is lost or destroyed.

I suppose the problem could be solved by an encrypted backup with a long key which you keep on a piece of paper in your wallet, and / or in a bank in a safe deposit box. Ideally it would be in the format that the `age` utility supports.

But there is no way around that paper with the long code. If this code is stored on your device, and can be copied, it will be copied by some exploit. No matter how inconspicuous a backdoor you are making, somebody will find it and sneak into it. Should it happen in a publicized case, the public opinion will be "XYZ is insecure, run away from it!".

marcosdumay|2 months ago

> If this code is stored on your device, and can be copied, it will be copied by some exploit.

Yeah... We really need some key-management hardware where the secrets can be copied by some channel that is not the primary one. This used to be more common, before the IT companies started pushing everything into the cloud.

I have recently started to see computer boards with write protection for the UEFI data, what is a related thing that also did go away because mostly of Microsoft. So, maybe things are changing back.

AnonC|2 months ago

> I have lost chat histories more times than I can remember, and I have to be extra diligent about this these days.

As per Signal’s diehard proponents, losing chat history is a feature, not a bug (I’m not being facetious when saying this, and you can see comments of this kind in Signal related threads here).

Edited to add: I don’t agree with that premise and have long disliked losing chat history.

laserbeam|2 months ago

I know you are not being facetious. My problem is random Joe on the street sees it as a bug. He really does care more about actually being able to talk with his wife than Signal’s mathematically correct principles. He needs it to be reliable first, secure second.

wood_spirit|2 months ago

My company recently really cut back on slack retention. At first I was frustrated, but we all quickly got over it and work carried on getting done at the same pace as before and nothing really got impacted like many of us imagined it might.

mmooss|2 months ago

Signal has a backup service in beta, that you can use right now.

pmontra|2 months ago

So, the requirement is a system to store all your keys and that it can be duplicated as many times you wish. It looks like a local password manager, let's say keepass. I use it and have copies of the encrypted db on every device of mine, plus the client to access the passwords. I don't know if it qualifies for dumbness but it feels pretty robust. It survived the fall into the lake test (a river in my case.)

But I see every customer of mine using web based password managers, because they want to share and update passwords with all their team. Of course those password managers can use E2E encryption and many do, but my instinct is that if you are using somebody's else service for your data, you can be locked out from your data.

Anyway, it's the concept of having many passwords and having to manage them that's not dumb enough. The most that people do is letting the browser store and complete passwords. The password can be the same 1234pass on every single site.

WolfeReader|2 months ago

Web-based password manager user here! It's worth noting that Bitwarden and 1Password (probably all the others too) let you export all of your data into an encrypted archive, so anyone who does this periodically won't be "locked out".

(Naturally, this requires extra effort on the users' part, so who knows how many are actually using this ability.)

Helmut10001|2 months ago

I set up automatic backups of WhatsApp to my self-hosted Nextcloud once. Since you need 'tested backups', I tried to decrypt these WhatsApp backups independent of my phone, but this was not possible. You need the original device. There are some hacks online, but they are always out of date.

I am tending now to running Mautrix Whatsapp bridge and backing up my data through this.

laserbeam|2 months ago

Ask yourself. If you want things to be encrypted by default in the world, would a florist be able to self host nextcloud?

wmf|2 months ago

Apple/Google passkeys.

ho_schi|2 months ago

Two problems: Apple. And Google.

throwaway82931|2 months ago

Indeed, passkeys would seem to represent a step forward from single-device to single-account.

UltraSane|2 months ago

But then Apple or Google can control your access to any account that uses those passkeys. We need a protocol where I can store the same passkey on multiple cloud providers

tonyhart7|2 months ago

my proposal devices is like yubikey but instead of yubikey hardware in place like USB devices form

its in the form of ring or bracelet, its small enough and can be carried everywhere with you all the time

its use NFC like technology, it works without battery, fast and "secure enough" for 99% of people

what if the device is stolen???? we can add authorization like biometric (fingerprint etc) while touching devices so it can be sure the real owner is "giving" auth

BaconVonPork|2 months ago

The problem is not a personal hardware security module, as you noted we have them. The problem is that people want redundancy that undermines the point. If you can easily have a copy of your ring just in case, how do you know who has done that process and watches you all the time? Biometrics sounds like a solution yet they are implemented as a cosmetic security layer and this situation is pointless to fix since we leave them everywhere we go.

unknown|2 months ago

[deleted]

Ferret7446|2 months ago

Maybe I'm old but I never expect chat history to be a permanent thing. It's like talking to someone, it should be ephemeral.

If you need a record, use email. Recording and archiving every conversation with someone is just weird.

Thanks for listening, now you dang kids can get off my lawn

UltraSane|2 months ago

There is absolutely no reason not to store and index text chats since they are so little data.