Re: [Tracker] Assigning URIs to Resources

[Martyn Russell <martyn lanedo com>]

On 31/05/13 11:05, אנטולי קרסנר wrote:
> Hello Ivan,

Hello Tom,

> I read your response, thanks for your help. But a new question arises
> from your words:
>
> I haven't started working on the Semantic Desktop integration yet, but I
> think there may be a privacy problem here: Imagine a user has a private
> todo list (for example, "TODO buy condoms" or something like that), and
> it's stored in Tracker's database. Then any program aware of the
> ontology I use for tasks, can easily fetch the task and publish it on
> the web.

Yep, that's true.

> This is true for many other kinds of data, including plain text, but
> when all the metadata and short data is stored in one central semantic
> database, it may be necessary for some apps to be able to stored
> encrypted data. For example, some diary apps allow specifying a
> password. Back-up tools do that too. Archive formats can be encrypted
> too.
>
> So the question is: If I use Tracker on Gnome 3 as a database for my
> app, e.g. to store tasks, including very private ones, is there a way to
> store them encrypted in such a way that only apps which are given
> permissions from the user (e.g. by having the user give them the
> password) can understand the data?

You could store encrypted values, but that defeats the point of using 
Tracker :) you couldn't search, or sort very well for example.

> This problem is not mentioned when talking about Semantic Web, but when
> it comes to Semantic Desktop, it's natural to hide your resources unless
> some of the are specifically public.
>
> Note: Maybe SELinux can help with that, but I don't think it can block
> partial access to Tracker (just block entirely, which is not what I
> want), and anyway SELinux is currently not even enabled on many distros
> (although it does exist on them, as part of the kernel).

To be fair, we've intentionally (until now) avoided implementing 
security in the database because it complicates things.

The way Nokia added security was to police WHO has access to the 
database file on the disk. So only some applications could read and some 
write. It went a bit further than just that, but you get the idea. To do 
this they used Aegis.

I actually know very little about SELinux, but if you could use prohibit 
access to the database file to a few *certified* applications, that's 
the way to do it in the short term.

The problem, clearly, is that once you have access, that's it, there is 
no tiered access control. The question is, is that enough?

I personally think if you can't trust applications running on your own 
devices, you have bigger problems, but not everyone shares that 
sentiment perhaps :) It also depends on if you're installing 3rd party 
applications, then the responsibility shifts a bit.

--
Regards,
Martyn

Founder and CEO of Lanedo GmbH.