[UX/UI] The UI doesn't seem to really communicate the trust level or scope of embedded apps #79
Comments
|
the following post brings the trust level to the point: https://chaos.social/@delta/113816876268085595 once we updated https://delta.chat/en/help#webxdc , we can add a menu entry to link to that paragraph, maybe titled "How private are apps in Delta Chat?" or "How do apps in Delta Chat work?" (we avoid the term "webxdc" when taking to end users); as the help is also available offline, that'd be quite smooth. |
My apologies if I just missed it, but I can't find any info in that link what the webxdc app can access in terms of user info. Can it see my full contact list? If yes, who can it send messages to? Even if potential send targets are "just" everyone in my contact list, that already seems like a potential concern if it's done without any opt-in by the user, since an attacker could befriend me, then make me click on a webxdc game to extract my user list. A super-safe version of webxdc should perhaps only be able to access whatever is going on in the room that it's started in, and should perhaps not be able to change room settings or delete past messages, and have some limit on how many regular chat messages it can send in which amount of time (outside of separate peer to peer connections to another user). Perhaps this is already the case, but there doesn't seem to be clear any info anywhere if it is. Sorry however if it's there and I didn't catch it. |
|
On Tue, Jan 14, 2025 at 10:03 -0800, Ellie wrote:
> the following post brings the trust level to the point: ***@***.***/113816876268085595
My apologies if I just missed it, but I can't find any info in that link what the webxdc app can access in terms of user info. Can it see my full contact list?
No, webxdc apps are IO-sandboxed and can only perform Input-Output through these functions:
https://webxdc.org/docs/spec/api.html
So right now, webxdc apps can not even access the memberlist or other metadata of a chat group.
Even if we did provide access to chat-group data, apps would not be able to send this data anywhere than to the chat (where all members have the same data) as webxdc apps can not perform http or other network requests other than going through the referenced API above.
|
(Transferred from here)
I've noticed that the UI doesn't seem to communicate the trust level or scope of embedded apps. For an encrypted messenger that seems somewhat of a UI bug, so I hope I'm reporting this in the correct location.
For example, I'm in a chat group with the word puzzle game "Wonster". This is presented to me with the following message with a button:
While I love this game, it seems unclear from the UI what this means or implies when I launch it. I think the most pressing questions are:
Who made the code I'm running when I click "Start...", is this some third-party thing or just part of the client? This doesn't seem to be obvious.
How trusted is the code of whatever opens up after I click "Start...", was it vetted in any way, and if it wasn't, does it use any sort of process isolation or sandboxing from the remaining clients?
Who is getting what data of what I enter into the game's popup? For example, when I write a chat message, it's pretty clear that the message gets sent to whoever is in the channel. For this game however, it's not obvious whether this is something executed purely locally (even then, where is the code coming from?) or whether it downloads from some foreign server, and what info that server will get about me especially if I interact with this game. It's also not clear where the word of the day that it has me guess is coming from, or whether whoever made this game will get to know that I played it etc.
Where would I report concerns or bugs with this embedded game, if there were any? I'm assuming if it's a third-party game, it wouldn't be here in this bug tracker.
My apologies if all of this is actually in the UI in an obvious location, and I just missed it. In that case feel free to close the issue.
Related discussion: deltachat/deltachat-pages#986
The text was updated successfully, but these errors were encountered: