Conversations: Private images publicly accessible

This url is publicly accessible to anyone who knows the url.

That's correct. The keyword here is knows the url.

There are various attacks (including browser-based ones) to get the URLs of such images.

I don't think so.

This means Conversations breaks users privacy and security.

I disagree.

I don't think so.

You are wrong.

I don't think so.

You are wrong.

Feel free to elaborate on your attack scenario.

@iNPUTmice
So you disagree, then close this issue just 13 minutes after opening --- of MICE and men!

This is a real problem @iNPUTmice. Basically this pattern leaks private content all over the place. You can't send a user out to follow a link a publicly accessible resource (no mater how unknown the resource locator was up until that moment) without them "giving away their position" to any number of potentially bad actors. This is fairly well established in security circles. And no way to delete or secure such resources just makes a bad situation worse.

@Hillside502 @alerque feel free to describe a scenario where an outside attacker could get their hands on such an URL.

giving away their position

If you mean this will leak their IP address then so will Jingle File Transfer. And this is a completely different issue then described by op.

1. If you guess the hash without having the file, then, euh?

2. You can automatically encrypt uploaded files with strong AES if you enable any type of encryption (OTR/OMEMO/OpenPGP)

1. As far as i understand. It is not Conversations specific. Other XMPP clients will do the same.
2. Use encryptio. If encryption is not enabled. Blaming anyone about privacy is useless.

If they guess your url hash, they can guess your password too... ¯\_(ツ)_/¯

@uchchishta and @olerem Nobody said anything about _guessing_ a hash. The issue is the hash being _leaked_ by a browser and since there is no second line of defense (the URL doesn't require authentication) normal usage patterns from un-suspecting users will leak private content they expected to be private to parties they don't know about.

@alerque
How is it leaking it?

1. As I said, you can use encryption...

If you don't want to leak the URL, use HTTPS.

lets assume we really wont to have protected way of file upload.

1. user A is registred to server abz and is able to upload only to this server.
2. user B is registred to server xyz and is able to upload only to this server.
3. Unregistered user should not be able to upload anything to the server.

Problem: how to share some thing?
Solution: only registered user can upload something, and every one should be able to download it.

How to protect it?
wariants:

1. use MAC - not works with clients on other servers and you still need to trust service provider.
2. use encryption!!! encrypt your files.

@alerque , if you are worrying about privacy, why you still trust service provider?

On what timetable do these images expire [self delete] @iNPUTmice

Isn't this really a server issue and not at all anything to do with the client?

I'm running my own prosody with XEP-0363 and it shows the same behaviour. (prosody with mod_http_upload_external)
Is there a server that doesn't have the images publicly available?

@JohnAZoidberg But how to access them then?

With the same credentials as the chat account. I don't know if it makes sense.
If it doesn't or the XEP doesn't work that way this issue isn't even about the server or client choice but a problem with XMPP itself. (If you think it's a problem at all)