Conversations: Feature Request: Allow chat history to be encrypted on disk

Why not just encrypt your phone? What is the downside of this?

Nothing. Except that encryption is often broken or brings a lot of other
issues. I guess it is better to make pressure to OS developers to fix
device encryption.

@jkufner

1. A lot of Cyanogenmod supported devices do not allow to encrypt.
2. Even IF you can encrypt the phone, it does not help when you already unlocked the phone (For example with multiple accounts on phone or tablet)

A lot of Cyanogenmod supported devices do not allow to encrypt.

why is that? Getting a proper device might be the better solution here

Even IF you can encrypt the phone, it does not help when you already unlocked the phone (For example with multiple accounts on phone or tablet)

don't share your (unlocked) device with people you do not trust. and/or don't cheat on your SO

Even IF you can encrypt the phone, it does not help when you already
unlocked the phone (For example with multiple accounts on phone or
tablet)

It is the same when only Coversations would be encrypted.

@iNPUTmice
I understand that the feature might not be the priority of many users. (It is not even my priority, I'm just opening this feature request for a friend that considers switching to Conversations) But just saying that you have to buy a new device in order to not have your conversations open to anybody with access to the device does not sound that great. (Some people don't want to thow away a perfectly fine working device just because it does not have one feature.)

Also, lots of people would be ok with entering their passphrase once on bootup.
But not many people want to enter it EVERY TIME they look at their phone.
So conversations encrypted -> One time (or a few times maybe when it got kicked out of memory)
Device encrypted -> Always, even if you just want to know the weather or do some other stuff.

As to your second comment, that is quite a weak troll. So everybody that uses the tablet has to give up all privacy. (Or better yet, get a new tablet for everyone in the family!!! yay!!)

For OpenPGP messages the easiest way would be an option to keep the messages in their original format and have the decrypted messages only in memory when they are accessed (i.e. when you scroll back). Advantage: not much change, Disadvantage: Slow as hell when you have a long history and want to scroll back a lot..

@jkufner
I am talking about the built-in feature of android 5 (or 4 on tables) having multiple user accounts.
I know that in theory every user gets its own data and memory and process space, but this would mean you are not allowed to root your device (which would break down this full separation).
People don't care about other people accessing their Game highscore but they might care about other people (even family members) being able to look through all conversations they had.

And no, buying everyone a new tablet is not really an option (I already blew all my money on buying Conversations ... :-)

"Also, lots of people would be ok with entering their passphrase once on bootup.
But not many people want to enter it EVERY TIME they look at their phone."
This sounds to me like you only want to get the _feeling_ that you are safe, you don't actually want to _be_ safe. If you just use a pin code, you don't even need to encrypt the device, the other users on the device won't be able to access your chat history. Even better, they won't be able to access anything. Problem solved?

If you're worried about your family/friends spying on you, they are not your family/friends. If you're worried about people other than your family/friends cracking into your device, you should probably 1: get a device that properly supports full encryption and 2: not use Android either way.

Also this (but replace 'passwords' by 'chat history'): https://developer.pidgin.im/wiki/PlainTextPasswords
"Personally, I feel that on any decent operating system, if someone can get to your files you should either be able to trust the person to not touch them, or you shouldn't be storing sensitive information there at all."

"Personally, I feel that on any decent operating system, if someone can
get to your files you should either be able to trust the person to not
touch them, or you shouldn't be storing sensitive information there at all."

Full ACK.

If you didn't care for full disk encryption, there are other things to
worry about than chat history.

I know that in theory every user gets its own data and memory and process space, but this would mean you are not allowed to root your device (which would break down this full separation).

You do know that a root user can just read the password from RAM, right?

I actually agree that DB encryption should be a thing, but from reading over peoples responses here, I think what they really want is for us to store SCRAM bits in the DB, they just don't understand what they're asking for (since passwords seem to be the main topic of discussion), instead of just caching them in RAM. This means your password is never stored. If the SCRAM bits are compromised, the attacker can still log into your account, but they don't have your password (hopefully you weren't using that password anywhere else, but let's be realistic... most people reuse passwords).

@iNPUTmice
Sure, so maybe don't enter the passphrase for the logs ... (which wouldn't be possible to do with device encryption)

As mentioned, the big difference between FDE and the app-specific log encryption would be that you don't have to enter the passphrase every time you look at the phone.
You could even cancel the log-passphrase prompt, then you just wouldn't have any chat history..

@SamWhited
This specific feature request is basically just regarding logs from encrypted communications.
You can already prevent the logging of encrypted communications, but with this feature request you could still retain a chat history on the device.

The storage of the xmpp access credentialy are not within the scope of this feature request. If I want secure communication I encrypt with OpenPGP, thus even if someone were to gain access to the XMPP credentials they still wouldn't be able to get access to the conversation.

I actually agree that DB encryption should be a thing, but from reading over peoples responses here, I think what they really want is for us to store SCRAM bits in the DB (since passwords seem to be the main topic of discussion)

No I think people are just mixing up password (as in account password) and encryption key (as in db encryption key)

Sure, so maybe don't enter the passphrase for the logs ... (which wouldn't be possible to do with device encryption)

I don't get that. If the DB is in use the encryption key has to be in RAM somewhere otherwise new messages can not be read. (Edit: written)

Can we back of a little and can you describe the attack scenario or the attacker?

@iNPUTmice

Ok here's the scenario:

1. Unencrypted device
2. No pin or passphrase for the device (just swipe to unlock, whatever)

You lose your device.

So of course the xmpp credentials are fair game. Maybe also any chat history that was done without OpenPGP or OTR communication.

Now what this feature request asks for is the encrypted storage of any messages that were originally encrypted
Basically replace the "don't store log for encrypted communication" with "store passphrase encrypted log for encrypted communication" and an option to set a passphrase with a configurable timeout (similar to the OpenPGP passphrase)
Thus if you just do normal chats you don't even need to worry about it, but when you open a chat with encrypted messages (edit: or receive an encrypted message) it asks you for the passphrase and then shows the history or adds the message to the log)

You would have 3 different passphrases when using OpenPGP encrypted chat messages (I agree that this might be confusing)

1. The XMPP credential passphrase
2. The OpenPGP passphrase
3. The "chat log" passphrase

@github-k8n Ok fair enough. I maybe miss understood you then. I thought you were trying to protect your chat messages against people who are allowed to access your device.

So of course the xmpp credentials are fair game. Maybe also any chat history that was done without OpenPGP or OTR communication.

So are your Emails, Photos, Credentials to any cloud service, all your contacts phone numbers, home addresses.
If my device got stolen and I didn't even had a pin lock my chat history would be the least of my worries. But fair enough. That might be different for different people.

I'm gonna leave this issue open if someone wants to implement this but for me personally it's a much better solution to just have at least a pattern or pin lock on my phone.

Which is the XEP that allows for conversation revision where Party_B can edit statement in Party_A client? Would not this be a more prudent first step?

[assumes end2end encryption]

"Chatlog passphrase" seems to be inherent design of Guardian Project's ChatSecure. I, myself, however, would still prefer first conversation revision. Better yet would be a must accept XEP type user preference set where

"to converse with me your client must accept these terms [like no local history, must allow revisions, must otr]"

And akin to the PSTN privacy arms race you may set 'Hide caller id number' but I shall always have 'anonymous rejection'. If neither will budge then no incoming call from you and I'm happy with that. Others might have looser constraints. [anveo and other itsp would allow me to prompt you to manually key in your caller id number before routing the call to my registered device... arms race vs caller integrity]

Yeah this is pretty ridiculous. If you want things stored on your phone to be secure you should at the very least have a lockscreen.

@iNPUTmice can you clarify if there's anything about Conversations (messages, files exchanged, people contacted, IDs, timestamps, metadata) accessible to third party applications assuming those applications have no root access, but default Android privileges (they can access sdcard for example) and do not exploit unknown vulnerabilities? AFAIK this would be the only sane reason to encrypt the app itself since phones are encrypted by default now. Correct me if there's anything I missed that could be a reason why other apps encrypt themselves (Signal being the main example).

@gerg5c42g542g2c54g52c all files (images, voice recordings, ...) will be stored on the 'SD card'. Otherwise they wouldn't be accessible from the computer. Messages, passwords, keys and everything else is stored in a private database that is not accessible from other apps.

@gerg5c42g542g2c54g52c There's also #1588 leaking some info