I agree 100% with Jacob that we need to work on these security issues.
While some people might find it paranoid, we should try to minimize our
AFAIK http://sqlcipher.net/ is cross-platform the only thing we will
need to do is package it for Ubuntu. It offers protections on platforms
that are hard to otherwise protect. During the generation of a NEW DB we
just need to add "PRAGMA key = 'passphrase';" And then we need to copy
data from the old into the new DB.
Right now anyone can do anything with our DB and the user may not even
know the DB is being created.
1) Copy the DB as it is into another physical drive
2) Any process can hook into zeitgeist and push out info
Those have to be fixed...
It won't cost us anything and people will not complain if we do it. The chances
of people praising us for respecting their privacy is much bigger. AFAIK MeeGo
people had a BIG issue with us being unencrypted. At UDS people told me they
deinstalled Zeitgeist because of their fear of their data being exploited.
Now we cant fix both within the next 2 - 3 weeks to a much better state. But we
have to start with it now.
I would like to start with the database encryption. I think we can land this as
a new feature. And to be honest for that I don't care about backwards
compatibility. What are the chances that:
1) People move away from Zeitgeist because it is in a way spyware
2) then people moving away after we encrypt the database because for them it
will be backwards incompatible.
I am not going to get into details of the keyring stuff now. But again
its a vector that risks exploitation. We will need to tackle this
properly. But the sqlite cypher stuff can be done in a matter of a
couple of days including packaging (using Siegfried power) :P
You received this bug notification because you are a member of Zeitgeist
Framework Team, which is subscribed to Zeitgeist Framework.
Encryption of database
Status in Zeitgeist Framework:
I think that Zeitgeist should encrypt databases in
~/.local/share/zeitgeist/* for anti-forensics reasons.
While someone may happen to use an encrypted disk, Zeitgeist may serve
as the ultimate accidental spyware to an unsuspecting user. One
possible mitigation is to randomly generate a reasonable key, tie it
into the login keychain and then use that key with something like
http://sqlcipher.net/ rather than straight sqlite.
In theory, a user will never know that this encryption/decryption is
happening - no underlying assumptions about the disk need to be made
to maintain any security guarantees. This should prevent anyone from
learning the contents of the database without also learning the login
password. Modern Ubuntu machines disallow non-root ptracing (
and if the gnome keyring is locked, an attacker would have a much
harder time grabbing meaningful Zeitgeist data without interacting
with the user or bruteforcing the login keychain.
Mailing list: https://launchpad.net/~zeitgeist
Post to : email@example.com
Unsubscribe : https://launchpad.net/~zeitgeist
More help : https://help.launchpad.net/ListHelp