Document security risks of using a computer that someone else has admin access to #1793

micahellison · 2023-09-16T22:13:06Z

Affected Page(s)

Privacy and Security doesn't have any mention of the case in which you have an encrypted journal on a machine that someone else has admin access to.

What Could Be Better?

While it might be obvious to power users, I think it's worth making clear that even if your journal is encrypted at rest, a user with administrative privileges may be able to compromise your journal while you're decrypting it.

Some examples of how this could happen:

the admin could install a script with the same name as the editor in your config file to intercept your new entries or edited data
the admin could install a keylogger that detects the password when you type it
the admin could visually monitor your usage as you journal

Other Information

Feel free to comment if you can think of other similar scenarios. PRs welcome!

micahellison added documentation Improvements or additions to documentation 🆕 New! ready for pr Okay to start work. Feel free to ask questions. and removed 🆕 New! labels Sep 16, 2023

utopiatopia mentioned this issue Nov 26, 2023

Document security risks of eavesdropping #1834

Merged

4 tasks

micahellison closed this as completed in #1834 Nov 27, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Document security risks of using a computer that someone else has admin access to #1793

Document security risks of using a computer that someone else has admin access to #1793

micahellison commented Sep 16, 2023

Document security risks of using a computer that someone else has admin access to #1793

Document security risks of using a computer that someone else has admin access to #1793

Comments

micahellison commented Sep 16, 2023

Affected Page(s)

What Could Be Better?

Other Information