Fractal (the Gnome @matrix client) still stores the logged-in user's password on the computer, even though this is what a client is supposed to *not* do. If my device somehow gets compromised, I can usually remotely delete that session off my account and remain safe, however the Fractal developers thought ( gitlab.gnome.org/GNOME/fractal ) that it would be a usability benefit for the user if it remembers their password whenever their session gets remotely signed out. What??

Follow

Basically, anyone who uses Fractal should be aware that it may leak their Matrix account's password in case someone steals their device. This makes it unsuited for use on devices with a high risk of theft and getting compromised, such as phones.

· · Web · 1 · 1 · 1

@vurpo This is no longer the case for Fractal Next.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!