Follow

Fractal (the Gnome @matrix client) still stores the logged-in user's password on the computer, even though this is what a client is supposed to *not* do. If my device somehow gets compromised, I can usually remotely delete that session off my account and remain safe, however the Fractal developers thought ( gitlab.gnome.org/GNOME/fractal ) that it would be a usability benefit for the user if it remembers their password whenever their session gets remotely signed out. What??

· · Web · 2 · 1 · 1

Basically, anyone who uses Fractal should be aware that it may leak their Matrix account's password in case someone steals their device. This makes it unsuited for use on devices with a high risk of theft and getting compromised, such as phones.

@vurpo This is no longer the case for Fractal Next.

@vurpo @matrix a tangentially similar thing also happens with other communication platforms. Iirc, #wire offers secure means of communication, but stores sent and received messages in plain text on your device.
I wouldn't directly value this as an incredibly bad thing. However you may need to take it into consideration when deciding on your threat model and choosing communication platforms accordingly

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!