Request to auto connect to interfaces for snap webcord

Quoting from Webcord website:

A Discord and Spacebar client implemented directly without Discord API

As it’s a discord client, it needs to have access to camera, audio-record and password-manager-service. Kindly allow the auto connect, so, that the users doesn’t need to do any extra work.

There is no mention of the use of video / audio in the snap’s description - could you please update the snap description so that users who install the snap will not be surprised that it has these capabilities?

(Note the discord snap is described as All-in-one voice and text chat for gamers as an example).

Once this is done, +1 from me for auto-connect of both camera and audio-record.

Regarding password-manager-service - when connecting the password-manager-service, your snap is able to access all stored secrets, but also your snap’s secrets can be accessed by any other applications with access to the password manager service (including snaps which also have the password-manager-service connected). Since this may not be desirable or obvious to users, in general, we discourage auto-connection of password-manager-service and instead suggest that applications using this interface detect its availability (eg, with snapctl is-connected password-manager-service) and show a dialog with instructions on how to connect the interface manually (eg, with snap connect, the snap store GUI, etc). Ideally when instructing the user, the details of the access will be explained so the user can make an informed choice. While this is an extra step for the user, if done well the process should provide additional trust that your snap and the system as a whole are working together to keep the user’s passwords secure. Alternatively, the snap may choose to store the secrets outside the keyring in an area private to the snap. -1 to auto-connect.

I’ll change the description asap, as soon as I come to a conclusion after discussing with the upstream. Regarding password-manager-service, this is what he said:

Given users don’t need (additional) sandboxing to manage microphone/camera access, I guess the accurate and future-proof description would be microphone/camera access management for Discord as of the usage reason. WebCord should always firewall this access internally anyway and forbid access as sane defaults, eventually asking the users for the permission for the first time once Discord wants to access it. Also org.freedesktop.secrets are used for the encryption (e.g. configs, CSS themes, maybe cookies as well with modified Electron binaries via fuses) and given Electron doesn’t really expose an API (see safeStorage API in Electron docs for more info) that allows me to read any kind of passwords (at least for now), I can’t really use that for evil purposes even if I wanted to, at least without any additional libraries. Discord should not have access to FreeDesktop secret service directly, it’s the Chromium that does that.

The full thread can be found here:

I think you mean snapctl here.

2 Likes

I agree with @alexmurray’s assessment. Assuming the description of the snap is updated to indicate that this app requires video and audio (which still needs to be done), +1 to auto-connecting camera and audio-record. I’m also -1 on auto-connection for the password-manager-service for exactly the same reasons.

I’d request both @alexmurray and @kyrofa to check our discussion in the github link, I added above. I don’t want to step forward without a discussion with upstream. Also, neither I understand codes well. So, better kindly read what he has to say regarding talk with org.freedesktop.secrets and if you have any doubt, kindly ask him. I guess this thing can also be sorted out.

@soumyaDghosh your response above worries me - if you say you don’t understand the code well and hence cannot comment on this discussion without help from upstream, it makes me question your ability to maintain this snap - if you decide to publish a snap to the store you should really commit to maintaining it properly. As such, I am not sure if any of these auto-connects should be granted at this time.

I agree that electron and Node.js itself is very Greek to me, and I am giving it try with this app. As you can anyway see, that this is the first electron app that I am snapping. But, regarding auto connection to microphone and camera, this app itself within its settings keeps the microphone and camera disabled and they ask the user, when they try to access it, if the user want to allow the use of camera or microphone or not.

Also, this app is just an electron wrapper of the discord website.

Now, as you can see, the app already keeps it disabled and asks user to enable it in the settings by default. Also, if a user runs the connection code themselves, they would assume that the app should work fine, which will not be the case. So, it’ll also decrease the user experience. And there is also another fact that the graphical app store, still doesn’t allow copying a code. So, again, if a user is installing it from the graphical app store, then it’ll be problematic too for him. Now, with this much of a hurdle, why will someone use this snap? This app is also not available in the official repos of Ubuntu. So, for average users, will this app not be out of their range?

Hi @soumyaDghosh,

As this is an unofficial snap of the upstream project, and to remain consistent with other recent decisions regarding that interface, I am also -1 for the auto-connection of password-manager-service.

For camera and audio-record auto-connections, I am +1 for this once the description is updated.

I note from the github issue too that the upstream developer is unlikely to contribute to the snap and views it as a community contribution, therefore as @alexmurray points out please continue to maintain the snap.

I have updated the description, with asking the user to connect to password-manager-service if facing any issues.

@dclane can you look into this? The requirement for audio-record & camera plug is met now.

Thank you for taking the time to update the description.

  • audio-record and camera: 3 votes for, 0 against. Granting auto-connect. This is is now live.
  • password-manager-service: 3 votes against, not granting auto-connect.

Hi, WebCord dev here. I thought of giving a few words here to point out how and why my app access following OS components:

  • audio-record and camera: WebCord doesn’t use this directly, but manages the access to these components in order to pass it further to Discord. It’s worth noticing WebCord might not be able to revoke the access (after disabling it in the settings) if it was granted to Discord already (I might take a look if there’s anything I could do about it other than refresh the page). Also the dialog window might only show once (after user clicked on yes and no), after that WebCord does not ask the user anymore – user can change the behaviour of permissions in the settings then either to true or false.

  • password-manager-service: This is more a Chromium thing, since WebCord uses safeStorage API in Electron to encrypt some data it stores in .config, a bit to protect it from the other apps from reading it (I believe Chromium browsers use that exactly to encrypt stored passwords, just so those are not being left on PC in plaintext). It should not be used for reading other passwords than what Chromium (and Electron) generates neither made available to Discord or any unprivileged code, therefore it should be fine to make WebCord use sandbox-specific keyring.

Hi @SpacingBat3,

Thanks a lot for the clarification!

Regarding the password-manager-service, the discussion here may also be relevant for this snap, as we are revisiting the decision: don’t grant the chromium snap auto-connect to the password-manager-service.