cwtch.im
/
cwtch
16
20
Fork 15
Code Issues 10 Pull Requests 2 Releases 163 Wiki Activity

Incomplete plausible deniability feature for Cwtch app profiles #544

New Issue
Open
opened 2024-01-17 10:47:39 +00:00 by nihilist · 0 comments
nihilist commented 2024-01-17 10:47:39 +00:00
Copy Link

Hello,

I see the cwtch application has been designed around plausible deniability, hence you're supposed to deny the existance of a profile by requiring to type a password to reveal the existance of a profile initially, after a cwtch app shutdown.

However i see that the application creates separate files that clearly shows that there are 2 different profiles in the ~/.cwtch/profiles/ directory.

Threat model: an adversary captures someone's phone in a public protest, and the individual is forced to give passwords, the adversary browses the local files of the application on the phone / laptop. There, the user gives the password to the decoy profile, but the adversary browses the local files and now finds the ~/.cwtch/profiles directory which reveals the existance of the second profile.

I feel like this needs to be adressed, the existance of profiles must be completely deniable, like veracrypt hidden partitions

Hello, I see the cwtch application has been designed around plausible deniability, hence you're supposed to deny the existance of a profile by requiring to type a password to reveal the existance of a profile initially, after a cwtch app shutdown. However i see that the application creates separate files that clearly shows that there are 2 different profiles in the ~/.cwtch/profiles/ directory. Threat model: an adversary captures someone's phone in a public protest, and the individual is forced to give passwords, the adversary browses the local files of the application on the phone / laptop. There, the user gives the password to the decoy profile, but the adversary browses the local files and now finds the ~/.cwtch/profiles directory which reveals the existance of the second profile. I feel like this needs to be adressed, the existance of profiles must be completely deniable, like veracrypt hidden partitions
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
ep
offline-messages
acl-v2
overlays
android_file_download_fix
hybridgroups
enhanced-permissions
settings
post-stable-fixes
fixups
stable-blockers
search
crForceDisconn
server-update
conversation_search
fixCR
deletecontactfix
startupbugs
font-setting
events
handleStatus
fuzzbot
code-fixes
fixpanic
autodownload
esi
eventhooks
autobindings
contactRetryDisconn
priority
createProfileAttr
serverAccept
connectionLogic
fixdeletep2
cached_tokens
indents_and_tools
go_update
protocl_engine_shutdown_fix
timeout_fixes_tokens
fixShutdown
networkAfterOnline
surface-tokens
updateDrone
thread_works
file_sharing_fixes
cbump
emitVer
cleanAndNoDupImport
filesharing-persist
mgroups
tapir-gc
winExport
perf
plugins
healthTime
parseScope
send
sendRetId
nc
import_export
state
profile_images
fastercwtch
tapir0.5
sender_side_previews
hash
1.7conn
1.6_conn
fixAcceptBlock
storage_engine_refactor
publicname
v0.27.0
v0.26.3
v0.26.2
v0.26.1
v0.26.0
v0.25.1
v0.25.0
v0.24.5
v0.24.4
v0.24.3
v0.24.2
v0.24.1
v0.24.0
v0.23.1
v0.23.0
v0.22.2
v0.22.1
v0.22.0
v0.21.0
v0.20.8
v0.20.7
v0.20.6
v0.20.5
v0.20.4
v0.20.3
v0.20.2
v0.20.1
v0.20.0
v0.19.7
v0.19.6
v0.19.5
v0.19.4
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.10
v0.18.9
v0.18.8
v0.18.7
v0.18.6
v0.18.5
v0.18.4
v0.18.3
v0.18.2
v0.18.1
v0.18.0
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.8
v0.16.7
v0.16.6
v0.16.5
v0.16.4
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.2
v0.15.1
v0.15.0
v0.14.19
v0.14.18
v0.14.17
v0.14.16
v0.14.15
v0.14.14
v0.14.13
v0.14.12
v0.14.11
v0.14.10
v0.14.9
v0.14.8
v0.14.7
v0.14.6
v0.14.5
v0.14.4
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.0
v0.9.2
v0.9.1
v0.9.0
v0.8.12
v0.8.11
v0.8.10
v0.8.9
v0.8.8
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.6
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.10
v0.6.9
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.1
v0.5.0
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.16
v0.3.15
v0.3.14
v0.3.13
v0.3.12
v0.3.11
v0.3.10
v0.3.9
v0.3.8
v0.3.7
v0.3.6
v0.3.5
v0.3.4
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.1-pr-1
v0.2.1-pr
v0.2.0
v0.2
Labels
Clear labels   
applications

   
BLOCKED

   
bug

   
design

   
duplicate

   
enhancement

   
fixed?

   
funding-needed

   
help wanted

   
infrastructure

   
invalid

   
payments

   
qubes

   
question

   
ready-for-implementation

   
refactor

   
spam

   
tapir-server

   
testing

   
tor

   
wontfix
No Label
applications
BLOCKED
bug
design
duplicate
enhancement
fixed?
funding-needed
help wanted
infrastructure
invalid
payments
qubes
question
ready-for-implementation
refactor
spam
tapir-server
testing
tor
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cwtch.im/cwtch#544
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?