Urgent upgrade notice at launch #878
Comments
|
Hopefully we'll find some bit in the handshake to allow us to run both the new and old one for a transition period, but if not it will be a very breaking change. :( You don't think it's enough that you get an update notice from FDroid/GPlay? I'll have to think about this feature request for a bit. It would be good to be able to notify users about a protocol-breaking change like that, but I'm also a bit uncomfortable introducing a centralized server like that, especially since it'd also be a form of tracking. If implemented, it would also need to include safe-guards so it doesn't ping the remote server before the user's had a chance to set up a proxy if they want. |
|
I don't think that the update notice is enough. It is important to clearly state to the user before he upgrades that this isn't a regular upgrade and his contacts must upgrade too in order to keep communication between them, or they should both decide not to upgrade. You're right about the centralized server issue. So maybe a different approach would be to add a functionality to the bootstrap nodes that they can return an important notice to the client. I think that in this case the nodes would fetch the centralized server for you and return the notice to you if it exists, so there isn't a big change in the clients except for checking for additional notice payload. |
|
This should be closed right? |
|
Yeah, I don't think we'll be doing anything with this anytime soon. Implementing it in a way that won't make me feel icky feels difficult. :P Publishing a release just before a hypothetical protocol-breaking change would hopefully be good enough. |
|
Closing as per the discussions. |
Hello! This is an amazing project! Thank you for that!
As I stumbled upon the TokTok/c-toxcore#426 security issue and the reimplementation of the handshake as been worked on in TokTok/c-toxcore#1561 and the possibility of being no backwards compatibility as a result of that combined with the fact that aTox is going to get a new big release after long time so the possibility of almost all users to upgrade is high, I suggest to inject a little thing to the app.
If the Tox Protocol is going to change and have no backwards compatibility it is important to encourage users at the launch of the app to upgrade to the new version of the app that will have the new protocol so everyone will be on the new protocol that will be much more secure. So I suggest adding a code to the app that after the unlocking of the profile, it will fetch a URL and if an urgent message is available, it will display it.
That URL needs to be static in a domain whose control would probably not be lost. If that page will return a valid JSON object with the required attributes, the message will be displayed, otherwise no message will be displayed. So for example, if the page would return an empty content (which should be the current behaviour) or the request gets a 404 response (unfortunate loss of domain) or any other error, the app will display no dialog.
The JSON object should have an
idattribute for identifying the message and atitleandmessageattributes for the title and message to display in the dialog.The dialog itself should have an
OKand aDON'T SHOW AGAINbuttons and I suggest putting theOKbutton in the far-right of the dialog (the default location) and theDON'T SHOW AGAINin the far-left so that the two buttons won't be near each other to prevent misclick on theDON'T SHOW AGAINand also to indicate that this is not just another "cancel" button. I think that for this to happen theOKbutton needs to be assigned to the Positive Button and theDON'T SHOW AGAINto the Neutral Button but not sure about this.The
OKbutton offcourse just dismisses the dialog but theDON'T SHOW AGAINbutton should store the current message ID in a preference. Everytime the app fetches that URL and receives a valid JSON object the app should check if the message ID corresponds to the one optionally stored in the preference. If so, then no dialog will be shown, otherwise the new message will be shown and if the user chooses theDON'T SHOW AGAINbutton again, the app will just override the preference with the new message ID as the last one is not relevant anymore.An example of a valid response from that static URL is:
{"id": 1, "title": "Urgent upgrade", "message": "The Tox Protocol has received an important security fix which is not compatible with previous versions. Please upgrade the app for migrating to the new protocol. Note that whether you choose to upgrade or not, your contacts must choose the same as you if you want to keep chatting with them."}As this change means revealing to listeners on the network everytime you open the app and unlock the profile, user anonymity must be respected. So if a proxy like Tor is defined in the settings of the app, this fetching of the URL should be requested through that proxy.
Thank you.
Edit:
If it's possible to get the code of the currently used system language then supporting multiple languages would be nice, with fallback to English. In this case the JSON structure could be that the
titleandmessageattributes would be in an object as a value and the language code as a key. Example JSON:{"id": 1, "en": {"title": "Urgent upgrade", "message": "The Tox Protocol has received an important security fix which is not compatible with previous versions. Please upgrade the app for migrating to the new protocol. Note that whether you choose to upgrade or not, your contacts must choose the same as you if you want to keep chatting with them."}, "fr": {"title": "...", "message": "..."}, "it": {"title": "...", "message": "..."}, "ru": {"title": "...", "message": "..."}, ...}The text was updated successfully, but these errors were encountered: