Michał "rysiek" Woźniak · 🇺🇦Hey #InfoSec, anyone with opionons #LocalSend? 👀
Specifically, I am interested in anyone with informed opinions on how secure it is. Has it been audited?
Nazo@rysiek Very useful tool. I hope it is secure enough at least for LAN usage. (Keeping an eye on this post with hopes no one says "don't use it!") I really love that I can install it on pretty much everything, so it's even a convenient way to get stuff to and from my phones/tablets as well as my computers.
It does at least have some encryption. Whether it's good enough or not, I guess we'll see what the experts say.
Josh Glenn@rysiek I use it and it works well
SpaceLifeForm@SpaceLifeForm quite the contrary, security is impossible without convenience. The sooner we understand that, the better.
malte@SpaceLifeForm this *making hyperbolic statements and then immediately backpedalling because there's actually some nuance* is sooooo exhausting. have you tried to maybe just _not_ do that? or lead with an informative and nuanced "it depends"?
I fail to see where I backpedaled.
What I am saying is that is best to just avoid using some software networking tool that works over LAN when I could just as easily use a thumb drive.
Malin@rysiek
PREACH!
GPG is insecure, because I'm not smart enough to understand the docs, and all the ad hominems in the world won't make it secure.
@SpaceLifeForm @rysiek Run away WHY? It's LAN only by default, it uses encryption, and you can set several security options like not auto-accepting and using a password.
Is there some exploit in it? Some fundamental security flaw? Or do you solely hate it because it creates a convenience?
Did you review the source code to verify it can not leak?
@SpaceLifeForm @rysiek No. And that's why I'm asking. You just declare run away without a reason.
I'm not a programmer. If everything I didn't know the code of inside and out was bad, that would mean I couldn't run anything. That's why people like us ask experts.
If it is truly LAN only, why is encryption needed?
Why can I not accomplish the same functionality via sneaker net?
Be careful.
@SpaceLifeForm @rysiek Because someone could potentially sniff on your LAN? I didn't say LAN only. I said by default though. As in you'd have to manually open and forward ports and all that. It's not going to UPNP it for you or anything. Not sure how you'd handle the broadcast though.
Encryption may not be strictly needed. But there's literally no reason not to have it. It's easy to implement and other than using 0.0001% more CPU power, it's definitely not going to hurt anything. So give me a good reason NOT to have it even on something that can't go online.
Anyway, I'm going to work with the assumption here that you didn't really know why you said run away at this point.
I know exactly why I said run away.
It is a solution in search of a problem.
If you have not vetted the code, then you need to worry about store and forward.
@SpaceLifeForm @rysiek What do you mean in search of a problem? The problem has existed for a long time. "What is a good way to get files back and forth across devices?" There are a lot of possible solutions, yes, but none quite fit all use-cases. SMB is a big hassle. KDE connect is not universal. Etc etc.
The problem was always there. It has been there since computers first existed. You can argue this or that may suit specific cases better, but this one is a pretty good option that seems to fit the case of being pretty darned universal.
You have not yet mentioned any exploits or security problems with it. Just that you don't like it on principle alone.
The worst use case is from mobile to desktop, I will grant you that.
I have hundreds of floppy drives and I am not afraid to use them.
@SpaceLifeForm @rysiek You, uh, might want to upgrade. Some stuff is several hundred megabytes. Compressed. That could take a while to transfer one floppy at a time even if you can somehow get a 2.88MB formatted disk. (I think I heard of people getting to 1.72 or something like that via various methods, but that's probably your maximum limit.)
Also, good luck even connecting it to some devices.
Also, while you're spending a whole day making said transfer, I'm done it like 15 seconds.
BTW, some stuff I've transferred is more than a couple of gigabytes. At floppy drive speeds that would probably take a week...
I understand your perspective wrt bandwidth.
I am looking at the problem from the perspective of a secure channel.
Let's say I want to send you a large file that is really sensitive.
The only way I can trust that it remains secure is to encrypt it.
But, how do I securely transmit the decryption key to you?
This is why Security is Hard.
@SpaceLifeForm @rysiek I mean your literal answer there is keys.
We're talking about transferring files on a LAN though. The highest threat model applicable here should refer to if you're using a public LAN (say store WiFi or something.) That's the threat model you look at here, not "will State hackers sitting in my lap find a way to break it if I let them work on it all day?" You run it on two devices in a LAN, set a pin, transfer a file, then close it on each. You're setting the bar so high nearly nothing clears it -- including the LAN you'd be running it on really...
If it is purely LAN, and you trust your endpoints, then you could use SFTP.
But, what if I do not trust my endpoints?
@SpaceLifeForm @rysiek What if you do? SFTP is a pain to setup, especially on mobile devices.
You just really really do not like this program, but you have not yet once given a single actual reason why it's exploitable or etc. And I'm not even saying it's not. The question is just "will it suddenly expose your info to the web" or something like that, not "can a state actor sitting outside my house hacking into my LAN maybe get into it with a few days to work at it?"
I think it's time to just put this one to rest.
I agree. Mobile is the endpoint that I would be worried about.
@SpaceLifeForm @rysiek Right, well, if I see any black vans parked nearby I'll close it down, but in the meantime it looks to be safe enough to run five minutes at a time for quick transfers across my LAN.
I'm moving on here.
mirabilos
LisPi@rysiek The site design sucks. There's no clear way to get documentation or whitepapers on its operating theory or design.
@nazokiyoubinbou @rysiek That's still distinctly worse than what Magic Wormhole (https://en.wikipedia.org/wiki/Wormhole_(protocol)) does with PAKE (https://en.wikipedia.org/wiki/Password-authenticated_key_agreement).
It being off by default is a major malus.
It being off by default is a major malus.
@lispi314 @rysiek I'll agree it should be on by default and just generate a random PIN or something. But it isn't hard to check the box. I'm wondering if more than this is needed for over the LAN (well, I wouldn't want to run this on the Web -- at least not without tunneling or something -- but it's not really meant for it.)
For basic LAN usage, only running it as needed, etc as intended, would you say the PIN is sufficient?
Is there anything with such an alternative that is as universal as this? LocalSend has builds for most modern computer types as well as Android and iOS smart devices.
Right now I'm guessing it's ok for home LAN use, be very careful and judicious on public LANs, and of course WANs are a big no?
@nazokiyoubinbou @rysiek Assuming everything on the LAN can be trusted is a mistake.
IoT malware devices are common-enough to be a concern, as are other infected devices or malicious users (semi-public wifi networks, for example).
A pin long-enough to be safe against bruteforcing by such devices would be more unpleasant/error-prone than a passphrase.
A maximum number of tries enables DoS so that's not a good way to mitigate the issue either.
magic-wormhole and https://github.com/LeastAuthority/destiny differ by relay used. Passing the desktop/CLI program the right relay (and possibly transit-relay) as a parameter(s) enables them to interact without issue.
iOS is a difficulty for Free Software due to absurd costs in putting anything on the paywalled platform.
magic-wormhole is (originally) Python, so it should run on basically anything.
IoT malware devices are common-enough to be a concern, as are other infected devices or malicious users (semi-public wifi networks, for example).
A pin long-enough to be safe against bruteforcing by such devices would be more unpleasant/error-prone than a passphrase.
A maximum number of tries enables DoS so that's not a good way to mitigate the issue either.
magic-wormhole and https://github.com/LeastAuthority/destiny differ by relay used. Passing the desktop/CLI program the right relay (and possibly transit-relay) as a parameter(s) enables them to interact without issue.
iOS is a difficulty for Free Software due to absurd costs in putting anything on the paywalled platform.
magic-wormhole is (originally) Python, so it should run on basically anything.
@rysiek @nazokiyoubinbou Huh. Destiny is on iOS apparently, so yeah that works too.
@nazokiyoubinbou @rysiek Given it's Golang (for Destiny), that is most likely because it hasn't been rebuilt/etc since for those platforms, as I assume that Apple provides compilers capable of doing this.
So rebuilding the source & paying the absurd fees would permit fixing that.
So rebuilding the source & paying the absurd fees would permit fixing that.
@lispi314 @rysiek I do want to say, looking this over, it does jump through more hoops. Am I correct in understanding it needs to connect through a relay server?
LocalSend's simplicity may win for simple things like just copying over a (non-serious) picture or driver file or something where security isn't that big of an issue anyway.
@nazokiyoubinbou @rysiek Yeah, it uses a mailbox/rendezvous server.
It's possible to use one in one's LAN. If the two peers can't connect to eachtoher, it then uses a transfer relay (this is also self-hostable).
It's not fully P2P, but it is e2ee.
It's possible to use one in one's LAN. If the two peers can't connect to eachtoher, it then uses a transfer relay (this is also self-hostable).
It's not fully P2P, but it is e2ee.
@nazokiyoubinbou @rysiek I think Briar might be more suitable for fully P2P, but that's not /just/ file transfer (and the desktop version has more limited connectivity support).
@nazokiyoubinbou @rysiek Yes. Briar supports Bluetooth P2P connectivity.
It also supports WLAN & Tor.
It also supports WLAN & Tor.