This repository has been archived by the owner on Feb 12, 2023. It is now read-only.
Allow easy transition to a new ToxID without having to start afresh #3335
Labels
C-feature-request
The issue contains a feature request
proposal
upstream
The problem is with a component from a 3rd party
If one manages to get access to your computer (either physically or remotely) they can steal your Tox profile and potentially also your password for it (if it's an encrypted profile). And all one can really do currently about it is to create a new profile, delete the old, then just reconfigure the new and add all contacts back. Now this is fine except for I think that there could be a better transition between the old and the new profile where your contacts' ToxIDs at least get saved and so are your settings to make it less of a shake up when you get compromised and you have to sort of start afresh again.
So I think that a really good method for this would be to have a button somewhere on the main screen which allows one to create a new profile (so to generate a new set of keys and ToxID and everything) but all of their contacts and current settings stay so that they just click this button and it's done, maybe they need to restart qTox, but it's that simple when you get compromised to get secure again.
So then the idea is that perhaps immediately or perhaps when you click on a contact (as they will still have your old profile listed as a contact and if it is set to automatically remove your old profile from their contacts list and add the new one a hacker getting hold of your profile could just as easily use this as a method to blocking you out so that they get your contacts, and you get no-one) you get a notice explaining the as you changed your keys you need to re-send all your contacts requests (but at least you have all your contacts easily listed there and don't have to get all of the necessary ToxIDs so it makes the process easier and less stressful) and there will be a little button or something allowing you to do this
Now when your contact receives the request it should probably launch a little box explaining to them that this profile is based on the profile of one of their current contacts and that they should make contact with the contact through other means before accepting the new request as this could just be a hacker with their profile, and if so then they should simply advise their friend to also change their keys as the hacker is still likely to have access to their current and proper profile.
So basically this would just make it much easier for a user whose profile is compromised to create a new profile in terms of security and privacy so that the hacker can't send stuff as the real them any more nor read their messages, but mean that the user doesn't have to reconfigure qTox again and have to get all the necessary ToxIDs again to add all their contacts back as it would all come with, the only thing that would be new would be the security side of things.
I originally filed a report on this on the upstream toxcore project but they thought it was more of a client side-implementation issue: irungentoo/toxcore#1580.
The text was updated successfully, but these errors were encountered: