-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Share key via QR code. #1861
Comments
QR codes have usability downsides too, e.g. they're not human read-/writeable. But for secure face-to-face sharing, it's not necessary to introduce a whole new encoding format, only to expose the system sharing UI for the link. On iOS and macOS for example, you can long-press (or right-click) on any link until the context menu appears, choose "Share...", and then choose your nearby friend when they show up as an Airdrop recipient as long as they're within p2p Bluetooth or p2p WiFi range (no need to be connected to the same (or any) WiFi network). According to https://en.wikipedia.org/wiki/AirDrop#Security_and_privacy Airdrop is end-to-end encrypted. Not sure Android has something quite equivalent (it looks like Nearby sharing is not encrypted?) but things like Signal disappearing messages – also available from the system sharing UI if Signal is installed – also provide a good alternative. So perhaps just some UI tweaks could address the issue at root here of "facilitate secure face-to-face sharing". |
I agree with laosb. If I want to give a key to a friend, he/she has to get it through a service that usually cannot be trusted and since there is no password required once one has a key, I don't really like doing it. |
I agree with laosb, there should be QR code option. @krrisztian https://www.greatfirewallofchina.org/index.php?siteurl=https%3A%2F%2Fs3.amazonaws.com |
@4044ever Glad to hear that the Amazon S3 invite page was unblocked for you in China! I'm sure the team is aware that the invite page may not always be accessible to all users in China, has discussed alternatives, and will continue to consider additional options. That being said, why is sending a QR code (of a SIP002 URI) over an untrusted channel any safer than just copy/pasting the URI? QR encoding provides no secrecy. A capable adversary must be assumed to be able to read the contents of a QR code sent over an untrusted channel just as readily as they could read the URI encoded in it. Given that, the URI seems strictly superior, because:
So I think a better plan is to give the server admin user an escape hatch in the UI like the following. This addresses the "can't access S3" problem without giving up so many of the benefits of the existing interaction design. Imagine the below in a textbox the admin user could edit if desired, change the language it's translated into, and then copy/paste to their invitees: Sharing with someone who can't access this Amazon page?
Note the use of a GitHub project README for the fallback instructions page. On GitHub the experience is worse because you can't do dynamic stuff (like detect the user's platform and language, and display the corresponding translations and download link). But GitHub is more painful to block than S3 and has remained unblocked in China, so it's a better backup to share with someone who can't access S3. Let's also remember that the concepts of the access code and the instructions page are separate (though related), rather than conflating them. In other words, "just use a QR code" is not a solution to the problem that the S3 page solves. Neither QR codes nor access code links provide download and installation instructions in the user's language. But the GitHub page-based backup flow above does. |
The Qr code proposal is mainly for offline exchanging. You can’t use signal or most other encrypted IM in China. In most conditions we try to pass the key offline (almost the only secure way to exchange in China). You don’t want to save a file and transfer through Bluetooth, or even by typing a hash manually. |
@laosb As mentioned it looks like Airdrop is end-to-end encrypted (so still secure even if it's over Bluetooth). And plenty of high-quality free software OCR libraries (not to mention cloud services) have been around for long enough that there must be some app where you can point your camera at a URL to scan it with as much ease as you can scan a QR code. If Outline really needed some kind of scanning functionality built in, would you agree that URL scanning would satisfy the requirements you've proposed? |
Fine but not worth doing this for just configuring Outline. I will just create a fork then. Thanks for what you’ve done. |
@laosb Many thanks for using Outline and for the feedback. I can't say when or if it will happen but we haven't ruled out QR codes as a sharing mechanism - I can see them coming in useful in several situations. |
@trevj also if you can support QR codes - connecting on iOS can be mush easily - iOS read QR from Camera app and you can open link (from qr) getoutline.com/connect/hash with same content as now on amazon. but (!) if user have app on they iPhone - that link opens in app, not in browser => if some country block your site but user have app - all can happen. |
Related: |
I recently discovered that when you set up a new server and get presented the Invitation link in that window, you can actually scroll down (Manager v1.2.2) and it will tell you the "raw" access code too. Still not the easiest as I would not want to share my access codes on WeChat (China) but better than nothing. |
last comment is still valid. Outline Manager shows directly the ss:// link. Can copy&paste it to send to end user/friend. You can delete the ss:// part and send it through WeChat without an issue. QR Code would be great but imo too much work for too small of a use case now. |
The weakest part of inviting somebody onboard is sharing the key. People tends to share the key via some unencrypted IM or even SMS, which means censors may directly get the key, causing attacks.
I’m suggesting adding QR code sharing, which is perfect for face-to-face sharing, fast, easy and secure.
The text was updated successfully, but these errors were encountered: