0x1a8510f2
commented
2 years ago On one hand:
- Syphon is designed for privacy and security, so those goals should be followed as much as possible, including here.
- Syphon is designed to be user-friendly and therefore might be used by less technically-literate people who may not be aware of the risks of using an outdated OS.
- Such a warning may help convince some people to update to a more secure system, including in environments where costs are minimised and security suffers because of this, like many enterprise environments.
- Such warning could prevent blame for Syphon should someone's Matrix information be leaked due to an insecure system. Not that Syphon is to blame otherwise, but this would ensure that the user is aware that the risk is down to them.
On the other:
- Depending on how reliable we would want this to be, this could become very complex or misleading. For instance, enterprise environments might have custom Android builds for compatibility, but with patches to keep the OS secure. How would we deal with this? Would warnings be issued purely based on whether the given Android version is EOL even if it's a custom build? What about different official patch levels? Is a fully-patched just-EOLed system less secure than a never patched but still-not-EOL system?
- Some people have no way to update and such warning could be annoying, especially if it's not a warning but rather, dropped support. Obviously, support needs to be dropped at some point, but doing so for security purposes only may be unnecessary. Especially since not everyone cares about security so much, and it's ultimately not our responsibility to force them to be secure at the cost of impacting those who are simply unable to.
- Could be considered out of scope for a messaging application, in the case of a warning.
- Another thing to maintain which could get out of date.
- If the app is not updated, either the insecure OS list won't be either, thereby misleading the user, or it will need to be fetched from an online source in which case the app needs to make additional network calls which I think are a bad idea.
- Very platform-dependent which the use of Dart/Flutter is trying to avoid.
Overall, I disagree with dropping support for some OS versions purely for security reasons. However, a warning could be beneficial to the user, as long as it's properly designed both UI/UX-wise and technically (whether the insecure list is hard-coded or fetched from the network).
ereio
EdGeraghty
Unsupported Android is literally dangerous to run in production these days.
Part of the problem, however, is Low-Cost Tech is still being pushed to market with versions of Android which have been out of support for years, and as such IMO it is not for Syphon to remove some ability for secure messaging even on poor endpoints.
Should we display some warning to the user that their device is beyond its safe useful life?