Describe the bug
Right now, the passphrase and QrCode are blurred. Blurring is not secure, or at least the applied version.
I’ve just started using Anytype and something that struck me when I was in the presentation is that the presenter ( @endac ) showed his screen with the QrCode and passphrase blurred. So I immediately knew it was compromised the second I saw it. I tried on my account instead to avoid leaking other people’s data. But I’d advise the presenter to reset that passphrase or stop showing it as a screenshot is quickly done. Anyway, QrCode is highly redundant and makes “unblurring” really easy. After 2-3 pass in a GAN to “deblur” the screenshot I was able to decode the passphrase of my QrCode and verified with my phone that both passphrase matches between the unblurred one and the original.
To Reproduce
Steps to reproduce the behavior:
-
- Go to Setting
-
- Screenshot the QrCode or take a picture of it via a phone (e.g, a bystander)
-
- Use any good GAN to restore some information in the QrCode. It worked after two passes for me.
-
- Reveal the passphrase and link the rogue device to the account.
Expected behavior
QrCode should be completely hidden instead of blurred
System Information:
- OS: any desktop
- Anytype Version: e.g. 0.20.9
Additional context
Can prove it if given a QrCode generated by anytype with the current settings. But I would avoid posting mine or the presenter’s one.
Thanks.
