https://bugs.kde.org/show_bug.cgi?id=496901
Bug ID: 496901
Summary: Neochat leaks information about user's device
Classification: Applications
Product: NeoChat
Version: 24.08.3
Platform: Other
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: General
Assignee: fe...@posteo.de
Reporter: cyber+...@sysrq.in
CC: c...@carlschwan.eu, j...@redstrate.com
Target Milestone: ---
SUMMARY
NeoChat leaks the following metadata in the *public* device ID:
- Hostname
- OS name and version
- CPU architecture
This can be enough for bad actors (like stalkers, scammers and authoritarian
governments) to deanonymize a user.
This puts users who rely on Matrix for secure communication at risk.
STEPS TO REPRODUCE
1. Log in with NeoChat
OBSERVED RESULT
Default device ID is:
"NeoChat sysrq.in gentoo 2.14 x86_64"
EXPECTED RESULT
Default device ID is just "NeoChat"
SOFTWARE/OS VERSIONS
Operating System: Gentoo Linux 2.17
KDE Plasma Version: 6.2.3
KDE Frameworks Version: 6.7.0
Qt Version: 6.7.3
Kernel Version: 6.12.1-gentoo (64-bit)
Graphics Platform: Wayland
Processors: 8 × AMD FX-8320E Eight-Core Processor
Memory: 11.6 ГиБ of RAM
Graphics Processor: NVD9
--
You are receiving this mail because:
You are watching all bug changes.
