Re: [Usability] time stamps and privacy

[Karsten Bräckelmann <guenther rudersport de>]

On Tue, 2008-03-25 at 16:29 -0500, Shaun McCance wrote:
> On Mon, 2008-03-24 at 01:38 -0400, Caleb Marcus wrote:
> > Can you explain how the thumbnails are a privacy breach?
> 
> It's explained in the link.  Quote:
> 
>   I have some sensitive images on media. I am on the road
>   and I use a guest account on a third party’s computer to
>   access a file on that media. Thumbnails are generated and
>   left behind on the third party computer to be harvested!
>   I wonder how many users are aware of this potential
>   security risk, and if there is a way to prevent it.

You are accessing sensitive, privacy concerned data on an UNTRUSTED
system? A background process could have created a full dump of the data,
without you even noticing.

If you can't trust he who has superuser privileges, do not use the
machine for anything sensitive.


Besides, you are leaving more traces. URLs and form data in browsers,
for example. Ever used a shell? Know about ~/.bash_history?

The fact, that in this assumption an UNTRUSTED system is being used is
the privacy breach. The admin must be trusted. And a sensitive way to
deal with ALL these issues and more, seriously not limited to
thumbnails, is to entirely re-create the "guest" account blank, from
scratch, when the user leaves.

Then there are file systems (non FAT), who don't necessarily edit files
in place. So even after overwriting the original file, let alone 'rm',
the sensitive data physically remains on the disk...


Don't trust the admin? Don't use the system.

  guenther


-- 
char *t="\10pse\0r\0dtu\0  ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}