Re: [Tracker] Assigning URIs to Resources



On 31/05/13 11:05, אנטולי קרסנר wrote:
Hello Ivan,

Hello Tom,

I read your response, thanks for your help. But a new question arises
from your words:

I haven't started working on the Semantic Desktop integration yet, but I
think there may be a privacy problem here: Imagine a user has a private
todo list (for example, "TODO buy condoms" or something like that), and
it's stored in Tracker's database. Then any program aware of the
ontology I use for tasks, can easily fetch the task and publish it on
the web.

Yep, that's true.

This is true for many other kinds of data, including plain text, but
when all the metadata and short data is stored in one central semantic
database, it may be necessary for some apps to be able to stored
encrypted data. For example, some diary apps allow specifying a
password. Back-up tools do that too. Archive formats can be encrypted
too.

So the question is: If I use Tracker on Gnome 3 as a database for my
app, e.g. to store tasks, including very private ones, is there a way to
store them encrypted in such a way that only apps which are given
permissions from the user (e.g. by having the user give them the
password) can understand the data?

You could store encrypted values, but that defeats the point of using Tracker :) you couldn't search, or sort very well for example.

This problem is not mentioned when talking about Semantic Web, but when
it comes to Semantic Desktop, it's natural to hide your resources unless
some of the are specifically public.

Note: Maybe SELinux can help with that, but I don't think it can block
partial access to Tracker (just block entirely, which is not what I
want), and anyway SELinux is currently not even enabled on many distros
(although it does exist on them, as part of the kernel).

To be fair, we've intentionally (until now) avoided implementing security in the database because it complicates things.

The way Nokia added security was to police WHO has access to the database file on the disk. So only some applications could read and some write. It went a bit further than just that, but you get the idea. To do this they used Aegis.

I actually know very little about SELinux, but if you could use prohibit access to the database file to a few *certified* applications, that's the way to do it in the short term.

The problem, clearly, is that once you have access, that's it, there is no tiered access control. The question is, is that enough?

I personally think if you can't trust applications running on your own devices, you have bigger problems, but not everyone shares that sentiment perhaps :) It also depends on if you're installing 3rd party applications, then the responsibility shifts a bit.

--
Regards,
Martyn

Founder and CEO of Lanedo GmbH.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]