SI3BENHUND3RTZ3HN
SI3BENHUND3RTZ3HN
Thanks for the quick reply! Acknowledged re: safeStorage (not keytar) — I’ve updated the wording on my side. The core problem remains: secrets persisted in Electron safeStorage survive uninstall, so...
I already **purged the Windows Credential Manager entries** on this machine to secure it, so I can’t attach screenshots from *before* the cleanup. Prior to deletion there were multiple `element.io/...`...
Understood re: `safeStorage` lacking a delete API — but the auto-login I’m seeing is caused by **legacy keytar/DPAPI entries** in the **Windows Credential Manager**, not by safeStorage. That means you...
Appreciate the engagement — but I want to stress how **spooky** this feels from a user’s perspective. Multiple users flagged this to me independently, and I reproduced it myself: after...
New finding after further testing: The root cause of my “auto-login after reinstall” was that I **did not log out** before uninstalling. If the user explicitly **logs out** first, Element...
Thanks for the follow-up — a few clarifications and concrete proposals that don’t rely on keytar or a delete API. > “They always got migrated already, they were just kept...
Thanks for the details — replying point by point: > Uninstall auto-logout via Squirrel hooks isn’t feasible Understood. If uninstall hooks can’t reliably clear secrets, we can still close the...
Thanks for the quick response :) Totally understand: - keytar is legacy and no longer shipped, - `safeStorage` has no delete API, - Squirrel hooks limit what can be done...
Thanks for the clarification ... I understand: - legacy keytar creds were always migrated and only kept for rollback, - keytar isn’t shipped anymore (so uninstall can’t delete them), -...