Bug#843645: Username unconditionally checked

[Alexandre Viau]

I have discussed with the team and we will be working on a patch.

Cheers,

-- 
Alexandre Viau
av...@debian.org



signature.asc
Description: OpenPGP digital signature

Bug#843645: Username unconditionally checked

[Andrey Gursky]

Hi Alexandre,

On Tue, 8 Nov 2016 13:07:42 -0500
Alexandre Viau  wrote:

> I don't think that this is a bug, unless you point me somewhere in the
> Debian Policy that states that this is indeed a bug.
> 
> We want to make Ring as easy to use as possible for non-technical users,
> and choosing good defaults is important. This is why we check the box by
> default. We also think that looking up usernames as you type is much
> more user friendly.
>
> Please prove me wrong If I am and I will be happy to get this fixed.
>
> There is an ongoing effort to make privacy breaches a part of the Debian
> Policy here:
>  - https://bugs.debian.org/726998
> 
> However, this specific bug only talks about documentation.
> 
> If this is indeed a bug, I would fix it by adding a configure flag to
> the gnome client that would allow changing the default state of the
> checkbox.
> 
> I will wait a little bit for your answer, then I will mark this bug as
> wontfix and close it.

Easy and non-technical but secure? Hmm, it's something really hard to
achieve, if even possible. There is always a trade-off, but if the Ring
projects emphasizes the convenience, then the security part might
suffer...

As the user types? Exactly! But not picking the user's system name and
without to ask send it away. So if you insist on leaving checking by
typing, I'm fully OK with it. But never pick something (possibly
private!) and send it away. So a reasonable compromise would be to not
set a name by default, but leave the field empty. By starting typing
the user is aware, that this will be sent away.

But until secured http get's setup, please add a warning, that the name
will be sent UNencrypyed.

Regards,
Andrey

Bug#843645: Username unconditionally checked

[Alexandre Viau]

I don't think that this is a bug, unless you point me somewhere in the
Debian Policy that states that this is indeed a bug.

We want to make Ring as easy to use as possible for non-technical users,
and choosing good defaults is important. This is why we check the box by
default. We also think that looking up usernames as you type is much
more user friendly.

Please prove me wrong If I am and I will be happy to get this fixed.

There is an ongoing effort to make privacy breaches a part of the Debian
Policy here:
 - https://bugs.debian.org/726998

However, this specific bug only talks about documentation.

If this is indeed a bug, I would fix it by adding a configure flag to
the gnome client that would allow changing the default state of the
checkbox.

I will wait a little bit for your answer, then I will mark this bug as
wontfix and close it.

Cheers,

-- 
Alexandre Viau
av...@debian.org



signature.asc
Description: OpenPGP digital signature

Bug#843645: Username unconditionally checked

[Andrey Gursky]

Source: ring
Version: 20161104.4.17a0616~dfsg1-2
Severity: important

Dear maintainer,

by clicking on "Create Ring Account" the system account username is
automatically checked for availability. In this window there is no
statement, that this is performed locally and nothing is sent away,
thus it is a security leak.

And indeed, wireshark reveals that the check is a simple (even not
encrypted) HTTP GET request, e.g. http://ns.ring.cx/name/123
Hopefully, Savoir-faire Linux will setup https soon?

Please, disable this check for now. For a real fix, I'd suggest to
introduce a button ("check now") instead. Additionally, a key press
handler should be registered for the TextEntry widget in order to
quickly check the name (typed/enter/altered/enter/altered/enter/...).

Thanks,
Andrey