-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signal Desktop stores all received attachments unencrypted on filesystem #5751
Comments
There are platform-specific methods of securely storing key material (e.g. macOS keychain, gnome-keyring) where symmetric encryption keys could be stored for protecting files on disk, to avoid the issue of storing key material on the filesystem adjacent to the files the key protects (which would be pointless). |
Related to #5703 but not quite identical. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been closed due to inactivity. |
Closing still-relevant issues because of inactivity (on the part of the developers to whom they have been reported!) is bad form. It tells your users that they should stop donating time and effort to report issues if you're just going to ignore and autoclose them. This is still an active issue, and now it's closed. Telling me to FOAD would have been simpler. |
Agree this should be reopened ! Even if it's not a short term priority, this seems like a worthy security goal. Seems like it could also be a Good First Issue for other contributors to PR |
This would be a good feature to have, since we cannot assume security from OS in general. Considering data collection and the so much hacking going on with the OS recently. |
This should be a signal feature for every platform and not just Desktop. If data can be accessed so easy on other platforms as well. |
Bug Description
All received attachments are accessible unencrypted at
~/Library/Application Support/Signal/attachments.noindex/
.Steps to Reproduce
Actual Result:
Attachment is stored unencrypted in the filesystem.
Expected Result:
Attachment data is encrypted at rest.
Screenshots
Platform Info
Signal Version:
5.28.0 (intel)
Operating System:
macOS
Linked Device Version:
5.26.9.2
The text was updated successfully, but these errors were encountered: