Replying to Avatar hodlbod

**Security Update**

I've got some bad news for you guys. This morning, as I was adding error handling to flotilla, I discovered that Coracle has been sending user session objects to bugsnag when reporting errors.

Who is affected: Users who triggered an error in Coracle while signed in with their private key, since December 5th 2023.

What I've done:

- I immediately released a new version of Coracle, both to web and to zap.store

- I have deleted the affected apks from my releases

- I have deleted all my error data from bugsnag

- I have deleted my bugsnag project and rotated my api key, so lingering error reports will be dropped

- I have audited my code for use of the session object to ensure nothing else like this is happening

What you should do:

- If you're logged in with your private key, log out

- Hard refresh the page to ensure you have the latest version of Coracle

The bottom line is that if you signed in to Coracle with your private key, it has been shared with me and with bugsnag. In practical terms, your keys should still be secure, since they were sent over TLS, and have been deleted. But there is no guarantee I can offer that they are in fact gone.

I take my users' privacy seriously. My error reporting implementation doesn't record user IPs, it redacts identifying data, and it allows users to opt-out. I also warn the user when they attempt to enter an nsec into a text field. In this case, I simply screwed up, and I sincerely apologize. Reply to this note if you have any questions.
Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

this is why this universal use of telemetry in software is a bad thing... one bug and millions can be harmed

if i were you i'd be taking that telemetry out

i recall that keybase had a crash report system where if you knew there was going to be a problem because it repeatedly happens, you could activate the logging and then run it and when it starts up and finds a crash log, you could then look at it and then send it up to them

that's how it should be done... requiring users to accept this phoning home as a condition of use should be completely out of the question and for reasons of security, should always be a process by which the user actively and knowingly provides this information to the developers... and when there is a third party involved, it gets even more sticky

and would i be right in saying that this data has found as many bugs, like as many terrorists as the DHS copping feels and irradiating people?

Reply to this note

Please Login to reply.

Discussion

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

actually, come to think of it, though it never seems to want to let me actually send the report, intellij IDEs do this too, they prompt you about the existence of crash logs and ask you if you want to send them