Re: preparing for the use of the Privacy campaign funds

[Federico Mena Quintero <federico gnome org>]

On Wed, 2014-09-17 at 14:00 -0400, Jeff Fortin wrote:

> Therefore, to anyone reading this, in light of the formation of the
> Safety Team and the safety/privacy BoF session that occurred at GUADEC,
> it would help tremendously if you (as individuals and as a team) would
> start coming up with a specific action plan and make a proposal to the
> board. You are probably better positioned than us to focus on this
> particular task.

Thanks for bringing this up.  We don't have a concrete plan yet,
unfortunately.  There is some movement in individual bugs as per the
wiki [1], but there is no concerted effort yet to achieve anything in
particular.

Part of the problem is that we have many scattered ideas (sandboxing!
TLS!  UI research!  Tor!  Service APIs!), but nothing to connect them
yet.  Also I think we need to get familiar with how other platforms
attack these problems (iOS, Android, Ubuntu phone).

As such, we don't have any particular ideas for how to use the funds
from the privacy campaign.  Bounties are one possibility, but we would
need to find very self-contained items that can be solved "cheaply".
The allocated funds are not substantial enough for a big development
project.  I'm not sure if it would be better to dilute the funds into
bounties, or to bring several people together into some sort of hackfest
- even bringing in people outside of GNOME, but who are more familiar
with how privacy/sandboxing/etc. are implemented in other platforms.

I'll ask people from the safety/privacy meeting to post what they've
been doing.  I know Elad has been chasing the SSL/TLS bug around the
apps we ship.  I've been playing with cgroups and namespaces and getting
nowhere :)

[1] https://wiki.gnome.org/SafetyTeam

Sorry not to have a concrete answer for now - this is how we stand.

  Federico

-- 
GPG fingerprint - RSA 4096:
263F 590F 7E0F E1CB 3EA2  74B0 1676 37EB 6FB8 DCCE