On Wed, Dec 19, 2012 at 12:35 AM, Federico Mena Quintero <feder...@gnome.org> wrote: > On Wed, 2012-12-12 at 23:19 -0500, Karen Sandler wrote: > >> The marketing team agreed that this time a privacy/security campaign would >> be great for a friends of GNOME drive. After Jacob Applebaum's talk at >> GUADEC, we heard a lot of people discussing how important these issues are >> and how we'd like to do more at GNOME. >> >> Are there areas of GNOME that you think could be improved from this >> perspective? > > Jacob mentioned that Pidgin/libpurple badly needs a security audit (and > since Empathy's machinery is in libpurple, this would have a direct > benefit for Gnome). Maybe we could fundraise with that in mind. > > Some random ideas: > > * What would it take to have a Tor-ified session right from GDM? > > * Should we have a desktop-wide "incognito mode"?
While we're throwing wild ideas around that might actually make a difference in the world, let me share a half-backed idea that came to mind last night (coincidence I'm reading this thread the following morning !)... bear with me, the idea is a bit vague and I don't see the crystal clear path to implementing it, but I'm sure it's quite doable (and much less complex than implementing Tor). Simply put the idea is "Identity Sharing". What if I had multiple identities when I logged into my desktop which I would use for different purposes ? The key point here is that I envision some infrastructure that allows one to tie all access to internet services with a given identity which can then in turn be shared (and when I thought of this, I was thinking that GNOME Online Accounts was a great place to start out on this sort of thing) For instance, I would log in to hack on GNOME stuff and I would use some kind of "official appearance" identity... using my "Tristan Van Berkom" pseudonym. Then I would not share this particular identity because I may risk sharing GNOME private stuff (like GNOME commit access)... But I may at other times rather to use a shared identity. Sharing an identity would mean that others would have access to all the facebook/google/youtube/skype/whatever services which were subscribed to by the original creator of that identity. The idea is to counteract malicious attempts to tie an identity to a single person and then profile, track and spy on them. This would work better of course when coupled with something like Tor. I recall in Jacob's talk on Tor at GUADEC he mentioned some obvious pitfalls where Tor could not always protect your anonymity online... i.e. when you log into a site with your user information... like Skype for instance... they might not know your location and IP, but your data is being pushed through their site and is also attached to the "personal information" you used to create that Skype account in the first place, which means that they can still spy on you and associate your conversations with your identity (even without an IP). Identity Sharing, by way of lessening/removing the overall value of an internet identity, by way of dissociating the identity with the person; seems to me to be a small but significant step towards protecting users from spyware. Anyway... a friends of GNOME campaign might not be the right time and place for such a venture, but I thought it was worth while to share the idea while on the topic of security. Best Regards, -Tristan _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list