Re: [Tracker] Assigning URIs to Resources



I agree with you, not being able to trust the applications is a problem.

Personally, I use a major distro and install only through the package
manager, or I install a known development library/tool from source. So I
trust my packages.

But for other people, it may not be so simple. We have two major threats
to our privacy:

1. Privacy-abusing corporations offering very popular services, like
Google and Facebook (unfortunately it's already been shown they don't
exactly care about users' private data... I don't like it, but its these
companies' choice and their fault)

2. Many people install 3rd party proprietary apps on many platforms,
especially proprietary ones


When it comes to Free Software which actually cares about you - no
problem. I'm not worried. But since I'm still in the phase of
requirement specification and starting design, I have a chance to make
choices now to ensure better privacy.

I guess a good choice is to let Tracker manage privacy because Tracker
is in charge of the database. If Tracker develops an authentication
system, all apps should use it, instead of implementing ugly custom
features which don't integrate.

Encryption without desktop integration would make searching impossible,
so a temporary solution may indeed be using SELinux. Of course, the best
solution is to use a system you trust :)

Anatoly

On ו', 2013-05-31 at 11:44 +0100, Martyn Russell wrote:
On 31/05/13 11:05, אנטולי קרסנר wrote:
Hello Ivan,

Hello Tom,

I read your response, thanks for your help. But a new question arises
from your words:

I haven't started working on the Semantic Desktop integration yet, but I
think there may be a privacy problem here: Imagine a user has a private
todo list (for example, "TODO buy condoms" or something like that), and
it's stored in Tracker's database. Then any program aware of the
ontology I use for tasks, can easily fetch the task and publish it on
the web.

Yep, that's true.

This is true for many other kinds of data, including plain text, but
when all the metadata and short data is stored in one central semantic
database, it may be necessary for some apps to be able to stored
encrypted data. For example, some diary apps allow specifying a
password. Back-up tools do that too. Archive formats can be encrypted
too.

So the question is: If I use Tracker on Gnome 3 as a database for my
app, e.g. to store tasks, including very private ones, is there a way to
store them encrypted in such a way that only apps which are given
permissions from the user (e.g. by having the user give them the
password) can understand the data?

You could store encrypted values, but that defeats the point of using 
Tracker :) you couldn't search, or sort very well for example.

This problem is not mentioned when talking about Semantic Web, but when
it comes to Semantic Desktop, it's natural to hide your resources unless
some of the are specifically public.

Note: Maybe SELinux can help with that, but I don't think it can block
partial access to Tracker (just block entirely, which is not what I
want), and anyway SELinux is currently not even enabled on many distros
(although it does exist on them, as part of the kernel).

To be fair, we've intentionally (until now) avoided implementing 
security in the database because it complicates things.

The way Nokia added security was to police WHO has access to the 
database file on the disk. So only some applications could read and some 
write. It went a bit further than just that, but you get the idea. To do 
this they used Aegis.

I actually know very little about SELinux, but if you could use prohibit 
access to the database file to a few *certified* applications, that's 
the way to do it in the short term.

The problem, clearly, is that once you have access, that's it, there is 
no tiered access control. The question is, is that enough?

I personally think if you can't trust applications running on your own 
devices, you have bigger problems, but not everyone shares that 
sentiment perhaps :) It also depends on if you're installing 3rd party 
applications, then the responsibility shifts a bit.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]