How does the Android WireGuard app know "an update is available" and why did someone think it was worth violating my privacy so it could tell me something I DGAF to know??
Conversation
Notices
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 29-May-2025 12:39:22 JST 
Rich Felker
- Haelwenn /элвэн/ :triskell: and clacke@libranet.de is my main like this.
-
Embed this notice
Raven (she/they) 🏳️⚧️ (sparklepanic@infosec.exchange)'s status on Thursday, 29-May-2025 12:43:18 JST 
Raven (she/they) 🏳️⚧️
@dalias why wouldn't you want to know a patch is available? honest question
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 29-May-2025 12:43:18 JST
Rich Felker
@sparklepanic Because it's not relevant. If there are no bugs bothering me and I'm not trying to get new functionality, why would I want an update that risks breaking things?
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 29-May-2025 19:46:36 JST
Rich Felker
@froge @sparklepanic It's not stupid. Most "security updates" are nonsense because the software isn't attack surface. Updates must *never* be mandatory. If a piece of software is doing dangerous shit that makes it attack surface, it needs a privacy respecting way to monitor for advisories from a neutral source the publisher can't track, and pinging that source must still be optional, not forced.
-
Embed this notice
CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-May-2025 19:46:39 JST 
CyberFrog
@dalias@hachyderm.io @sparklepanic@infosec.exchange because almost all software updates are actually fixing security relevant bugs in modern times, this statement effectively amounts to "I don't care about security patches, come mess my shit up"
it would be really funny if it wasn't so stupid tbh -
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 29-May-2025 20:24:31 JST
Rich Felker
@froge @sparklepanic Fuck off.
-
Embed this notice
CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-May-2025 20:24:35 JST
CyberFrog
@dalias@hachyderm.io @sparklepanic@infosec.exchange good luck living that way, you're just wrong and nobody agrees, that's why security updates are forced in many software products now
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Friday, 30-May-2025 03:08:41 JST
Rich Felker
@alwayscurious So "less noise on bugtracker" was what they thought was worth violating people's privacy over and potentially getting them arrested? Good to know...
-
Embed this notice
Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Friday, 30-May-2025 03:08:42 JST 
Demi Marie Obenour
@dalias One reason might be that upstream doesn’t want to get bug reports that have already been fixed in the latest version. You (and I) know to check for updates before reporting a bug, but most people don’t.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Friday, 30-May-2025 03:15:57 JST
Rich Felker
@alwayscurious @froge @sparklepanic No, very little is. We just have a very warped sense of the software landscape colored by "apps" that are interlinked with platforms, service providers, messaging, user generated content, etc. And even in these, "the affected functionality" can be well-scoped things like "media decoding and display" or "macros embedded in document" that can be disabled as needed, if users were given the option to do so and if we had a privacy-protecting way to distribute knowledge of the need to disable vulnerable functionality.
But there's also just a ton of software that does not deal with attack surface. And the WireGuard app is a great example of that.
-
Embed this notice
Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Friday, 30-May-2025 03:15:58 JST
Demi Marie Obenour
@dalias @froge @sparklepanic Almost all software is attack surface nowadays, because it deals with untrusted input of some kind. “Disable the functionality” often means “stop using the app”.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Friday, 30-May-2025 08:30:14 JST
Rich Felker
@alwayscurious @froge @sparklepanic Could you elaborate on the form of attack that you think would make wg attack surface? It sounds like you're not familiar with the protocol and expect it's something like OpenVPN (which is bad for this very reason).
-
Embed this notice
Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Friday, 30-May-2025 08:30:15 JST
Demi Marie Obenour
@dalias @froge @sparklepanic WireGuard is absolutely attack surface: it deals with untrusted packets from the network and performs cryptographic operations. What software are you thinking of that is not attack surface?
Yes, vulnerabilities can be in a subset of functionality that can be disabled, but what fraction of users are going to actually disable the functionality? You might, and I might, but the vast majority of people won’t. That’s why the push is to get people to upgrade: for 99+% of people, it’s the right thing to do. You and I are not a representative sample of users.
-
Embed this notice
Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Friday, 30-May-2025 08:32:04 JST
Demi Marie Obenour
@dalias If it being known that you are using WireGuard could get you arrested, you shouldn’t be using the WireGuard app in the first place. WireGuard is not designed to hide that it is being used, and “installing WireGuard with no intent to ever use it” is a serious corner case.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Friday, 30-May-2025 08:32:04 JST
Rich Felker
@alwayscurious Having wireguard installed but not using it while travelling somewhere it could get you in trouble is a very normal thing. Having the Android client announce itself without documenting that it's doing that or giving you a chance to block that behavior is atrociously bad behavior for software with its purpose.
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Friday, 30-May-2025 08:58:35 JST
Rich Felker
@alwayscurious @froge @sparklepanic No, I'm talking about whatever layer implements the protocol, user or kernel. In what manner do you see it being attack surface? What would an attack look like?
-
Embed this notice
Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Friday, 30-May-2025 08:58:36 JST
Demi Marie Obenour
@dalias @froge @sparklepanic I think you are confusing how WireGuard works on Android with how it works on other desktop Linux.
On desktop Linux, WireGuard is run with CAP_NET_ADMIN privileges, so it configure the kernel WireGuard implementation. However, on non-rooted Android, WireGuard cannot do that, because Android does not allow apps to run with CAP_NET_ADMIN! Instead, WireGuard implements the entire protocol in userspace, and that implementation could have security-relevant bugs. For instance, the initial implementation pushed to FreeBSD was horrifically insecure.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Friday, 30-May-2025 09:01:52 JST
Rich Felker
@alwayscurious @froge @sparklepanic There is no parsing. There is no setting policy based on anything sent by a third party. There are no logic branches except bailing out and dropping a packet if any check fails. Otherwise it is a fixed sequence of mathematical operations on a block of data with no regard for or inspection of what data is there.
All GNU social JP content and data are available under the