I agree with you, not being able to trust the applications is a problem. Personally, I use a major distro and install only through the package manager, or I install a known development library/tool from source. So I trust my packages.
But for other people, it may not be so simple. We have two major threats to our privacy: 1. Privacy-abusing corporations offering very popular services, like Google and Facebook (unfortunately it's already been shown they don't exactly care about users' private data... I don't like it, but its these companies' choice and their fault) 2. Many people install 3rd party proprietary apps on many platforms, especially proprietary ones When it comes to Free Software which actually cares about you - no problem. I'm not worried. But since I'm still in the phase of requirement specification and starting design, I have a chance to make choices now to ensure better privacy. I guess a good choice is to let Tracker manage privacy because Tracker is in charge of the database. If Tracker develops an authentication system, all apps should use it, instead of implementing ugly custom features which don't integrate. Encryption without desktop integration would make searching impossible, so a temporary solution may indeed be using SELinux. Of course, the best solution is to use a system you trust :) Anatoly On ו', 2013-05-31 at 11:44 +0100, Martyn Russell wrote: > On 31/05/13 11:05, אנטולי קרסנר wrote: > > Hello Ivan, > > Hello Tom, > > > I read your response, thanks for your help. But a new question arises > > from your words: > > > > I haven't started working on the Semantic Desktop integration yet, but I > > think there may be a privacy problem here: Imagine a user has a private > > todo list (for example, "TODO buy condoms" or something like that), and > > it's stored in Tracker's database. Then any program aware of the > > ontology I use for tasks, can easily fetch the task and publish it on > > the web. > > Yep, that's true. > > > This is true for many other kinds of data, including plain text, but > > when all the metadata and short data is stored in one central semantic > > database, it may be necessary for some apps to be able to stored > > encrypted data. For example, some diary apps allow specifying a > > password. Back-up tools do that too. Archive formats can be encrypted > > too. > > > > So the question is: If I use Tracker on Gnome 3 as a database for my > > app, e.g. to store tasks, including very private ones, is there a way to > > store them encrypted in such a way that only apps which are given > > permissions from the user (e.g. by having the user give them the > > password) can understand the data? > > You could store encrypted values, but that defeats the point of using > Tracker :) you couldn't search, or sort very well for example. > > > This problem is not mentioned when talking about Semantic Web, but when > > it comes to Semantic Desktop, it's natural to hide your resources unless > > some of the are specifically public. > > > > Note: Maybe SELinux can help with that, but I don't think it can block > > partial access to Tracker (just block entirely, which is not what I > > want), and anyway SELinux is currently not even enabled on many distros > > (although it does exist on them, as part of the kernel). > > To be fair, we've intentionally (until now) avoided implementing > security in the database because it complicates things. > > The way Nokia added security was to police WHO has access to the > database file on the disk. So only some applications could read and some > write. It went a bit further than just that, but you get the idea. To do > this they used Aegis. > > I actually know very little about SELinux, but if you could use prohibit > access to the database file to a few *certified* applications, that's > the way to do it in the short term. > > The problem, clearly, is that once you have access, that's it, there is > no tiered access control. The question is, is that enough? > > I personally think if you can't trust applications running on your own > devices, you have bigger problems, but not everyone shares that > sentiment perhaps :) It also depends on if you're installing 3rd party > applications, then the responsibility shifts a bit. > _______________________________________________ tracker-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/tracker-list
