Re: [Usability] time stamps and privacy

[Karsten Bräckelmann <guenther rudersport de>]

On Tue, 2008-03-25 at 17:47 -0400, Yuval Levy wrote:

> > On Tue, 2008-03-25 at 14:49 -0600, Kevin D. Carlson wrote:
> >> I would assume they're referring to the fact that you can (with root
> >> access) look at any image that exists in any folder that the user has
> >> loaded in Nautilus. Even if they didn't look at it, it's still there.
> 
> No, it is not only with root access. It is with user access. Permission 
> is irrelevant to the problem. Most of these removable media come 
> straight out of digital cameras that use FAT.

The FS of the source is irrelevant.

And it *is* only you or root who can access these thumbnails. Otherwise,
your $HOME's permissions are either borked or set explicitly and
knowingly.


> The problem in the first place is the creation of thumbnails in any 
> other place than the same folder (with the same permissions, if 
> applicable) as the originals.
> 
> What happens if ten users access the same images from a network drive? 
> Just another consequence...
> 
> The right design is to keep the thumbs on the same media where the 
> originals are (and if applicable with same permissions as far as 
> user/root access is concerned).

No. Random application (let's assume a default Win XP) does not know
about the location of these thumbnails. It will not care about them. It
will not remove them along with the originals. Tada -- you got your
privacy concerned images saved as thumbnails for the unforeseeable
future on the media, readable by *everyone* who gets access to that
media after the user believed the images to have been removed.

Now *this* is a privacy nightmare. My $HOME is not.

  guenther


-- 
char *t="\10pse\0r\0dtu\0  ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}