Conversation

Notices

1. Embed this notice
   CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-May-2025 19:42:59 JST CyberFrog

   • Rich Felker
   • Raven (she/they) 🏳️‍⚧️

   @khm@hj.9fs.net @sparklepanic@infosec.exchange @dalias@hachyderm.io the wireguard VPN app actually supports distribution and installation outside of the regular app-store flow, and therefore includes an update mechanism for those users, but it's stupid and scummy to leave that turned on for people pulling from an official app store still... also pointless outside of data collection
   
   the guy who builds wireguard and maintains the android app is a well known linux contributor and security researcher, so I doubt they're doing this for malicious reasons, it might just be a stupid oversight

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Thursday, 29-May-2025 19:42:54 JST Rich Felker

     in reply to

     • Raven (she/they) 🏳️‍⚧️

     @froge @khm @sparklepanic It's stupid and scummy to have it on by default, even moreso with no way to turn it off, even outside app stores. This could get people killed. There is no reason one would ever need an update to the wg app unless looking for new functionality. It does not interface with a supplier provided service that might change and need changes for compatibility, and it's not attack surface.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Thursday, 29-May-2025 20:37:26 JST Rich Felker

     in reply to

     @froge Dude. The application never inspects any data from untrusted sources. If using the kernel wg, it never inspects any data at all, only configures the kernel wg interface per your settings. There is zero attack surface.

     Attack surface is stuff like a chat app decoding complex media formats, a browser trying to run arbitrary code in a sandbox, or at least a fucking ASN.1 parser. Not a local tool for configuring your network settings.

     But in any case you're being a jerk and disrespecting the most important part: nobody consented to being tracked or outed as a wireguard user to networks we may connect to.

   • Embed this notice
     CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-May-2025 20:37:28 JST CyberFrog

     in reply to

     • Rich Felker

     @dalias@hachyderm.io "the network service which tunnels absolutely all my private data over a new encrypted protocol is not attack surface and should never update"
     
     fucking lmao

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Thursday, 29-May-2025 21:00:08 JST Rich Felker

     in reply to

     @froge "even if you trust both ends of the connection you should still install security relevant patches to mitigate issues on the network or in the protocol itself,"

     The app doesn't speak the protocol! The Linux kernel does. The app is purely a network configurator tool (unless you're running a very old kernel where a userspace implementation is used instead). The only input it processes is what you type in the UI.

     But also, there is no room for vulns in the wg protocol. I've implemented it from scratch before. It has no gratuitous syntax or options. Fixed form cryptographic framing.

   • Embed this notice
     CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-May-2025 21:00:11 JST CyberFrog

     in reply to

     • Rich Felker

     @dalias@hachyderm.io I actually do think the automated connections to a remote system for updates are bad and should be removed in this case, but it's just wild to me that you genuinely don't believe in mandatory security updates, and further that you actually seem to not understand that the network traffic from a VPN is itself attack surface... this means that even if you trust both ends of the connection you should still install security relevant patches to mitigate issues on the network or in the protocol itself, at the very least, not to mention bugs that can occur when an untrusted application runs locally
     
     most people don't actually completely trust all the applications on their device anyway, even if that application is granted network access to function, this is why defense-in-depth and sandboxing is such a big field of study still

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Thursday, 29-May-2025 21:04:37 JST Rich Felker

     in reply to

     @froge "but it's just wild to me that you genuinely don't believe in mandatory security updates"

     It's wild to me that some people accept backdoors in their software and deem that a necessary security feature. Yes, any way to add new code outside the user's control after the user receives the software is a *backdoor*.

     This is especially wild in a world with powerful authorities run amok who will attempt to use those backdoors. It's only a matter if time.

     Haelwenn /элвэн/ :triskell: likes this.