Package: dino-im Version: 0.4.2-1 Severity: normal Tags: upstream X-Debbugs-Cc: debbug.dino...@sideload.33mail.com Control: forwarded -1 https://github.com/dino/dino/issues/971
Dino-im defaults to insecure. This is a terrible security issue because users are being setup to expose sensitive information. The padlock is grey, and when it’s unlocked there is only a very tiny gap between the shank and the body, so it’s very hard to notice the unlocked state before sending a message. Then after sending a message, sometimes there is a red padlock and sometimes just a grey checkmark. The red unlocked padlock has the same problem as the grey unlocked padlock: very hard to notice that it’s unlocked. It’s so hard to notice that I only discovered the problem after *months* of unintentionally exposed chatter. I am gutted. I’m also not the only one. Lots of people are getting stung by this. The bug was reported upstream *4 years* ago. I am reporting it here to make this bug loud and clear for other Debian users in an effort to try to mitigate more people getting burnt. These changes are essential: ① the default should be OMEMO or OpenPGP. Does not matter which, but /unencrypted/ is a reckless default. ② there needs to be an option to force a loud popup warning that interrupts all unencrypted transmission attempts. It should also default to ENABLED. The pop-up should have a “don’t show me this again” button so security ambivalent users only see the nag once. ③ the padlock icon in the message entry field should be bigger. ④ the unlocked state should not just be a tiny gap between the shank and the body; it should be rotated 180° so it’s more clear that it’s in the open state. ⑤ the open state should never be red, green, blue, or grey. Yellow is probably best, perhaps with a “☣” or “⚠” as well. ⑥ in fact, the unlocked padlock icon should be blinking. This would be quite annoying for people who intend to have insecure comms, so the blinking should probably be tied to the toggle option described in ② above. ⑦ fix the inconsistent indicator on insecure messages. It should not be a just a checkmark sometimes and sometimes both a checkmark and an unlocked padlock. In fact, the open padlock is should be paired with the word “unencrypted” spelled out next to it. -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-28-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dino-im depends on: ii dino-im-common 0.4.2-1 ii libadwaita-1-0 1.2.2-1 ii libc6 2.36-9+deb12u7 ii libcairo2 1.16.0-7 ii libgcc-s1 12.2.0-14 ii libgcrypt20 1.10.1-3 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libgee-0.8-2 0.20.6-1 ii libglib2.0-0 2.74.6-2+deb12u2 ii libgnutls30 3.7.9-2+deb12u2 ii libgpgme11 1.18.0-3+b1 ii libgraphene-1.0-0 1.10.8-1 ii libgstreamer-plugins-base1.0-0 1.22.0-3+deb12u1 ii libgstreamer1.0-0 1.22.0-2 ii libgtk-4-1 4.8.3+ds-2+deb12u1 ii libgtk-4-media-gstreamer 4.8.3+ds-2+deb12u1 ii libicu72 72.1-3 ii libnice10 0.1.21-1 ii libpango-1.0-0 1.50.12+ds-1 ii libqrencode4 4.1.1-1 ii libsignal-protocol-c2.3.2 2.3.3-3 ii libsoup-3.0-0 3.2.2-2 ii libsqlite3-0 3.40.1-2 ii libsrtp2-1 2.5.0-3 ii libstdc++6 12.2.0-14 ii libwebrtc-audio-processing1 0.3-1+b1 Versions of packages dino-im recommends: ii ca-certificates 20230311 ii dbus 1.14.10-1~deb12u1 ii fonts-noto-color-emoji 2.042-0+deb12u1 ii network-manager 1.42.4-1 dino-im suggests no packages. -- no debconf information
