Device name leaks personal information #910
Comments
|
I'll add this is likely less a problem on Android, as Android devices get assigned a random name, |
|
Thanks for the report and UX suggestions. We need to manage this leak better. |
|
see also https://github.com/vector-im/riot-web/issues/2295, where this issue has been discussed for the web client. |
|
Note that in Riot 0.3.8, you can rename and delete a device when clicking on it from the devices list on the settings page: |
|
related to element-hq/riot-meta#12 |
giomfo
added a commit
to matrix-org/matrix-ios-sdk
that referenced
this issue
Oct 2, 2017
The device display name is now provided by the Riot application. Related to `Device name leaks personal information` element-hq/element-ios#910
giomfo
added a commit
to matrix-org/matrix-ios-kit
that referenced
this issue
Oct 2, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
Currently, the riot/matrix device name by default for iOS users is “bladibla's iPhone”. Most people will put their first name, some will even put their full name, resulting in an iPhone device name that leaks personal information.
If one picks a Matrix username with the idea of separating that identity from their legal/usual name, their actual name will be easily accessible simply by looking at their list of devices.
I suggest Riot either doesn't name devices according to the iOS device name. Maybe use a random identifier, or ask users to pick a name for this device.
Alternatively, I suggest Riot warn users clearly that their Matrix device name will be that of their iOS device, leaking this information. This second solution is not as good in my mind.
And in any case, asking for user interaction to pick a device name is not a good idea either.
Hope this helps in any case.
The text was updated successfully, but these errors were encountered: