Zeronet: Thanks for not hearing me again, Tamas!

Created on 5 Oct 2018 · 14Comments · Source: HelloZeroNet/ZeroNet

First, sorry for the wrong format in the title of the issue, but it is really a issue.

A friend was using ZeroNet in a proxy on a cybercafe. When registered on ZeroID, the notification showing the privatekey had appeared.
The owner saw it via remote PC, then copied it and posted offensive things on their profile.

"Thanks" for not hearing me when I said that ZeroNet had connection problems (was already exploitable before the rev1636 and I discovered it) and was arrogant when I suggested to offer privatekey as file download.

Source

DaniellMesquita

👎3

All 14 comments

I don't see how saving private key to the hdd would help if someone has remote pc access to the machine.

HelloZeroNet on 5 Oct 2018

👎1 👍1

Remote access doesn't only consists on having access to files, but access to the screen.
Assume a streammer is doing a live on Twitch about ZeroNet, then his privatekey shows up. There are lots of things that makes your current privatekey managing very bad against privacy. Usually softwares with privatekeys offers download of the wallet as files.

DaniellMesquita on 5 Oct 2018

Cybercafe's PC's HDD, screenshot and running process list are open to the cafe administrator from the beginning, aren't they? Zeronet's private key is designed to be saved to the HDD so that it's not weird that anybody who has an access to the HDD can use it to login to Zeronet, isn't it???

leftside2 on 5 Oct 2018

👍1

I suggest having the private key as ••••• and a 'Show' button which would reveal it at the user's discretion. Copy button as well, yeah.

anoadragon453 on 5 Oct 2018

If we want to make it remote view secure, then adding a copy button does not helps (as the spectator can capture it when you paste it to a document), but marking it with ••••, an optional reveal on click button and save as file could help

HelloZeroNet on 5 Oct 2018

If we want to make it remote view secure, then adding a copy button does not helps, but marking it with ••••, a reveal on click button and save as file could help

Don't get rid of copy button, because some users haves spy on screen, but not on clipboard (it is my case).

DaniellMesquita on 5 Oct 2018

@DaniellMesquita Not saying a copy button is useless, but how would you even paste the private key without anyone seeing it?

mkg20001 on 5 Oct 2018

@DaniellMesquita Not saying a copy button is useless, but how would you even paste the private key without anyone seeing it?

Using a password manager

DaniellMesquita on 5 Oct 2018

@DaniellMesquita Sure, but the primary issue with screen spying was the cybercafe. What would get improved here?

mkg20001 on 5 Oct 2018

@DaniellMesquita Sure, but the primary issue with screen spying was the cybercafe. What would get improved here?

Not only about cybercafes. Also about GPUs.
Privacy questions are wider, and lots of ways to spy, so we need to take care of it. This is the approach on my pull request.

DaniellMesquita on 5 Oct 2018

Privacy questions are wider, and lots of ways to spy, so we need to take care of it.

Understandable. But that still isn't a reason to use passive aggressive language.
Also I still don't get what exactly a copy button would improve in the _specific_ case of the cybercafe (Otherwise it would be better to split this request off into its own issue)

Not only about cybercafes. Also about GPUs.

GPUs?! So what you're basically saying is that you don't trust the hardware you run zeronet on to be spyware free?! In that case I'd suggest you get yourself trustworthy hardware first...

mkg20001 on 5 Oct 2018

I agree with Tamas: