update faq, added threat model res

2021-03-12 10:42:58 -05:00 · 2021-03-12 10:42:58 -05:00 · 76d5e1ef2a
parent 2275193664
commit 76d5e1ef2a
4 changed files with 32 additions and 43 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 *.idea
 *.out
 *.log
+.obsidian
--- a/FAQ-V1.md
+++ b/FAQ-V1.md
@ -1,22 +1,19 @@
- [Frequently Asked Questions](#frequently-asked-questions)
-  - [ENS Names](#ens-names)
-    - [What does "intrisic gas too low" mean?](#what-does-%22intrisic-gas-too-low%22-mean)
-    - [What do I need to get a username?](#what-do-i-need-to-get-a-username)
-    - [Why can't I see anyone's ENS username?](#why-cant-i-see-anyones-ens-username)
-  - [Wallet](#wallet)
-    - [Can I import a private key?](#can-i-import-a-private-key)
-    - [I restored from my seed phrase, but can't see any of the funds in my wallet, and the address is different.  My beta account was created before March 2018.](#i-restored-from-my-seed-phrase-but-cant-see-any-of-the-funds-in-my-wallet-and-the-address-is-different-my-beta-account-was-created-before-march-2018)
-  - [Chat Rooms](#chat-rooms)
-    - [How can I make a chat room?](#how-can-i-make-a-chat-room)
-    - [Where are private group chats?](#where-are-private-group-chats)
-    - [Can Status or anyone else see my messages?](#can-status-or-anyone-else-see-my-messages)
-  - [Misc](#misc)
-    - [How can I import my contacts?](#how-can-i-import-my-contacts)
-    - [Why am I not getting push notifications?](#why-am-i-not-getting-push-notifications)
-    - [I was auto-updated on android, I don't have my seedphrase from beta, and I can't access my account now.  What do I do?](#i-was-auto-updated-on-android-i-dont-have-my-seedphrase-from-beta-and-i-cant-access-my-account-now-what-do-i-do)
-  - [When Dark-mode?](#when-dark-mode)
-
 # Frequently Asked Questions
+- [[#ENS Names|ENS Names]]
+	- [[#What does "intrisic gas too low" mean?|What does "intrisic gas too low" mean?]]
+	- [[#What do I need to get a username?|What do I need to get a username?]]
+	- [[#Why can't I see someone's ENS username?|Why can't I see someone's ENS username?]]
+- [[#Wallet|Wallet]]
+	- [[#Can I import a private key?|Can I import a private key?]]
+	- [[#I restored from my seed phrase, but can't see any of the funds in my wallet, and the address is different.  My beta account was created before March 2018.|I restored from my seed phrase, but can't see any of the funds in my wallet, and the address is different.  My beta account was created before March 2018.]]
+- [[#Chat Rooms|Chat Rooms]]
+	- [[#How can I make a chat room?|How can I make a chat room?]]
+	- [[#Where are private group chats?|Where are private group chats?]]
+	- [[#Can Status or anyone else see my messages?|Can Status or anyone else see my messages?]]
+- [[#Misc|Misc]]
+	- [[#How can I import my contacts?|How can I import my contacts?]]
+	- [[#I was auto-updated on android, I don't have my seedphrase from beta, and I can't access my account now.  What do I do?|I was auto-updated on android, I don't have my seedphrase from beta, and I can't access my account now.  What do I do?]]
+

 ## ENS Names

@ -31,19 +28,17 @@ The name will be unique and yours until you decide to let it go, upon which you

 You can get SNT and ETH in a myriad of ways [LINK HERE]

-### Why can't I see anyone's ENS username?
-If you are not seeing ENS Usernames from people, then that probably means you upgraded from beta or a Release Candidate without deleting the application first.  
+### Why can't I see someone's ENS username?
+A user's registered ENS name takes a while to propagate throughout the network. This propogation has to happen everytime a user updates their name. A change constitutes a user registering a new name, or assigning one of the names a user owns. Currently, a user can own as many ENS usernames as they like, but only broadcast a single ENS username at a given time. 

-There is a bug with the migration, and you will need to delete the application totally, and do a clean install from the app store.  MAKE SURE TO BACK UP YOUR SEED PHRASE FIRST IF YOU HAVEN'T YET.
-
-In order to maintain the current information in your app (profile, contacts, chat history, etc), we recommend loading the account on another phone, and [syncing the devices](LINK HERE) before deleting the application and doing a clean install.  Otehrwise, you'll have to start over with finding your contacts and chats you would like to be in. 
-
-Your funds and ENS registrations will be safe if you have your seed phrase backed up. 
+In most cases, waiting a little while will fix the issue. 

 ## Wallet

 ### Can I import a private key?
-No, that feature is not available yet.  Currently, you can only start an account from a seed phrase.  You can bring a seed phrase to Status, or you can generate your own within the app.  
+Yes. You can import accounts from other wallets within Status. Simply navigate to the Status wallet, scroll right on the accounts section and tap the `Add an account` option. From there, you'll have the option to import accounts via a seed phrase or a private key. 
+
+Note that when importing accounts into Status, those accounts are NOT backed up by your initial account seed phrase and will not be regenerated. This means you need to be sure to maintain those secrets to back them up. 

 BE SURE TO ALWAYS BACK UP AND STORE THE SEED PHRASE SECURELY

@ -60,15 +55,15 @@ Please download the [key-util](https://github.com/status-im/security-utils/tree/

 ### How can I make a chat room?
 You do not need permission to create a public chat room, anyone can do it.  There are a few ways in which you can do this:
-1. Click the `+` icon in the chat screen and choose `Join public shat`.  Type in whatever chatroom name you desire.  If that room exists, you will joing it, if it doesn't, you will create it.
+1. Click the `+` icon in the chat screen and choose `Join public chat`.  Type in whatever chatroom name you desire.  If that room exists, you will joing it, if it doesn't, you will create it.
 2. Type in any chat the name of the chat room you desire with at `#` in front of it, _e.g._ `#my-chatroom-name`.  This will create a link in the chat which can be clicked to take you to that room.

 ### Where are private group chats?
-We have disabled the private group chat option that has been developed in order to fix a few usability issues first.  We want to make sure what has a certain level of security, privacy, and usability before releasing it.  
+The current version of private chat groups is derived from Open Whisper Systems' [protocol for Signal](https://signal.org/docs/), but changed for a decentralized context. In other words, it is really private and secure.

-The current version being developed is derived from Open Whisper Systems' [protocol for Signal](https://signal.org/docs/), but changed for a decentralized context. In other words, it is really private and secure.
+The current private group chat is limited to 20, due to the scaling of messages sent with group size. 

-In the meantime, a decent way to have a private conversation with a group of people is to make a public channel with the name of the channel being a shared secret. Only people who know the name of the channel can talk inside of it or read the messages if they are monitoring the network. Meaning the better the secret, the more likely no one is listening.
+If you would like to have privacy in groups larger than this, a decent workaround is to make a public channel with the name of the channel being a shared secret. Only people who know the name of the channel can talk inside of it or read the messages if they are monitoring the network. Meaning the better the secret, the more likely no one is listening.

 Of course, we can't know for sure who is or isn't in a public chat room, so we cannot provide any guarantees of privacy with this method. 

@ -77,19 +72,14 @@ Only the intended recipients can see a message sent by you.  Any infrastructure

 Even public room chats are encrypted by a symmetric key derived from the name of the chatroom, so those who don't know the name can't read the message either. 

+Private 1-1 and Group chats are additionally encrypted with the Signal protocol mentioned earlier. For more information, see the [specifications](https://github.com/status-im/specs/blob/576a7d9b287d4c13a2f9f9d0b9b4109f80133de3/docs/stable/5-secure-transport.md)
+
 ## Misc

 ### How can I import my contacts?
 If you are referring to the contacts in your phone, you can't. There is no information we use or store outside of the app that identifies who you are or who you know.  

-You will have to establish contact with anyone you wish to speak to inside the Status app. 
-
-### Why am I not getting push notifications?
-In the current application, there are no push notifications.  We do not use standard methods for push notifications because those are reliant upon either Google or Apple servers and require identifying information that goes against our privacy principles. Yell at them.
-
-In the future, we will have Android push notifications that operate by running as a service in the background of the app.  We have tested an intial implementation of this, and it only minimally impacts battery life.
-
-We have not figured out a way to do this in Apple devices yet, as they do not allow for background services.
+You will have to establish contact with anyone you wish to speak to inside the Status app. If you have multiple devices that use the same Status account, then you can sync between those devices in the advanced settings of each of the devices that you use. 

 ### I was auto-updated on android, I don't have my seedphrase from beta, and I can't access my account now.  What do I do?
 Some users were auto-upgraded via the app store and had not had the chance to backup their seedphrase or move their assets off the account if they didn't have their seed phrase.
@ -101,6 +91,3 @@ Please contact someone in #support in the Status app or security@status.im via e
 This process will not allow you to upgrade to V1.  You will have to delete the application completely and clean install from the app store when you have recovered your account.  

 BE SURE TO BACK UP YOUR SEED PHRASE THIS TIME.
-
-## When Dark-mode?
-> It’s a lot of work for me that spans hundreds of artboards for something that I don’t see that valuable in the grand scheme of things. We have a product design roadmap, it’s there and we’ll get there but I don’t want it to chase down the loudest requests in the room.
--- a/process/github-issues.md
+++ b/process/github-issues.md
@ -6,7 +6,7 @@ This document outlines the process of using Github issues to coordinate security
 they were reported and mitigated. The Discloser should have already engaged in a conversation
 with the Status Security team about appropriate methods of disclosure for a given project.
 This should be described in the SECURITY.md file within any given repository.
- If it is not, then follow the advice of this repository's README.md.
+ If it is not, then follow the advice of this repository's [README.md](../README.md).
 If the discloser is still unsure, then please request guidance at security@status.im.

 ## Process
--- a/threat-modeling/README.md
+++ b/threat-modeling/README.md
@ -41,4 +41,5 @@ You want to draw a diagram that gives an architectual overview of the product
 ### Diagram Tools
 - [Miro](https://miro.com) - paid, collaborative, excellent integration support
 - [Diagrams.net (draw.io)](https://app.diagrams.net) - free, open-source, good options and integrations, kinda-collaborative, web or desktop application
- 
+- [Draw.io Threat Modeling Examples](https://github.com/michenriksen/drawio-threatmodeling)
+- [Threat Modeling LinkTree](https://linktr.ee/threatmodel)