Open mvirkkunen opened 8 years ago
fb39ca4
commented
8 years ago The text entry field could be inside an iframe of a different domain and the encryption code would run in there, only communicating the cipher text to the main page. Similarly, the decrypted messages on the other end would be displayed in iframes.
ndrwy
commented
8 years ago Maybe some ideas to prevent DOM monitoring can be gathered from Mailvelope: https://www.mailvelope.com/help
"Clicking on the Compose button will open a new popup with a separate editor. This ensures that the e-mail creation and encryption process is completely isolated from the webmail provider."
maxisme
commented
8 years ago @fb39ca4 great idea! I have tested this and two problems arise:
@ndrwy I do not want to make the user have to succumb to any changes to the facebook interface other than setting the session password.
@mvirkkunen very valid points. We should be able to identify if facebook are purposefully monitoring any of our created DOMs. Do you think that the method in which @fb39ca4 suggests, is a good one?
mvirkkunen
commented
8 years ago @maxisme Using an iframe from another origin would put same origin restrictions into effect, and the surrounding page would not be able to access the DOM (or mostly anything else) in the frame, assuming the security model in the browser works. You would just need to be careful to have no secrets (i.e. no plaintext messages, no encryption keys) outside of the iframe.
Trying to identify monitoring isn't really worth doing when you should just make the relevant bits inaccessible to the surrounding page.
maxisme
commented
8 years ago @mvirkkunen Okay perfect! Thank you. Working on it now.
I would pay a lot of money for someone to figure out how to automate the enter key on facebook. I am so tired of trying to figure it out! :-1:
So, your marketing website lists Edward Snowden himself as as example of somebody who might be using this add-on. Therefore I'm assuming you claim protection against an adversary who could potentially get websites such as facebook.com to do their bidding.
As far as I can tell this extension does everything via content scripts that share the DOM context with the surrounding webpage, has the user type their messages into the same DOM structure Facebook has access to, and even stores the encryption key in a DOM attribute.
What's to stop a Facebook employee subpoenaed by a government (or just any evil employee) from adding a little extra function to the chat part at facebook.com to grab and store your messages as you're typing them before they get encrypted, or just steal the entire encryption key?