undefined | Better HN

0 pointsmd_9y ago0 comments

> Given Google's stance of not encrypting local storage in any way that I am aware of, this is fundamentally unsurprising. I have long been saying that Android is insecure and that storing passwords in Chrome is dangerous.

ChromeOS and Android both implement FDE. There are some legitimate criticisms of (especially) the latter, voiced by e.g. Matthew Green, but you're just speaking nonsense here.

There's very little value in per-app encryption on desktop OSes; it's security theater.

I shudder to think of what your "secure communications" app does. I hope you're a good lawyer. ;)

0 comments

libertymcateer9y ago

I am not talking about ChromeOS - I am talking about the Chrome browser. Localstorage, last I checked, which was recently, is plaintext.

> ChromeOS and Android both implement FDE

Which is irrelevant if the runtime is compromised, which appears to be the case.

md_OP9y ago

Let's be all Socratic here:

Given a desktop OS like Windows that implements FDE like Bitlocker and runs a browser like Chrome, can you describe a hypothetical threat in which Chrome encrypting localstorage would prevent exploitation?

libertymcateer9y ago

Yes - worms or browsers that scan local data files without accessing the runtime of the parent application.

1 more reply

vetinari9y ago

And it does not matter - it is in Chrome's homedir, no other app can access it. Wrt. physical store, it is on FDE anyway.

libertymcateer9y ago

Good sn.

bitmapbrother9y ago

>Which is irrelevant if the runtime is compromised, which appears to be the case.

You're under the false assumption that these exploits are current - they're not. In fact, they're very old.

libertymcateer9y ago

These ones?

https://www.washingtonpost.com/world/national-security/wikil...

1 more reply

j / k navigate · click thread line to collapse

0 pointsmd_9y ago0 comments

ChromeOS and Android both implement FDE. There are some legitimate criticisms of (especially) the latter, voiced by e.g. Matthew Green, but you're just speaking nonsense here.

There's very little value in per-app encryption on desktop OSes; it's security theater.

I shudder to think of what your "secure communications" app does. I hope you're a good lawyer. ;)

0 comments

libertymcateer9y ago

I am not talking about ChromeOS - I am talking about the Chrome browser. Localstorage, last I checked, which was recently, is plaintext.

> ChromeOS and Android both implement FDE

Which is irrelevant if the runtime is compromised, which appears to be the case.

md_OP9y ago

Let's be all Socratic here:

libertymcateer9y ago

Yes - worms or browsers that scan local data files without accessing the runtime of the parent application.

1 more reply

vetinari9y ago

And it does not matter - it is in Chrome's homedir, no other app can access it. Wrt. physical store, it is on FDE anyway.

libertymcateer9y ago

Good sn.

bitmapbrother9y ago

>Which is irrelevant if the runtime is compromised, which appears to be the case.

You're under the false assumption that these exploits are current - they're not. In fact, they're very old.

libertymcateer9y ago

These ones?

https://www.washingtonpost.com/world/national-security/wikil...

1 more reply

j / k navigate · click thread line to collapse