When I get my Maemo 5 device, I imagine I will want to show it off to other people, and let other people try it out for themselves, as it looks like it will be very 'touchable' and nice and easy to use. I would like to do this because of being proud of the device, and this also might encourage other people to get one.

However, there may be some content on the device (pictures, to-do items, documents, emails, etc.) that I would rather not show to the person to which I'm handing the device. I would like to brainstorm ways of keeping such things private.

Note that I realise that if someone was determined and had long enough, they could bypass security in any number of ways and this Brainstorm idea isn't about that. This idea is about very short term (a few minutes probably) lending of the device to guests, where I will usually be present beside them, and is only designed to cover preventation of casual or accidental snooping of private stuff.

Please vote for and suggest solutions at http://maemo.org/community/brainstorm/view/protecting_private_content_when_loaning_device/ and discuss below.

When I get my Maemo 5 device, I imagine I will want to show it off to other people, and let other people try it out for themselves, as it looks like it will be very 'touchable' and nice and easy to use. I would like to do this because of being proud of the device, and this also might encourage other people to get one.

However, there may be some content on the device (pictures, to-do items, documents, emails, etc.) that I would rather not show to the person to which I'm handing the device. I would like to brainstorm ways of keeping such things private.

Note that I realise that if someone was determined and had long enough, they could bypass security in any number of ways and this Brainstorm idea isn't about that. This idea is about very short term (a few minutes probably) lending of the device to guests, where I will usually be present beside them, and is only designed to cover preventation of casual or accidental snooping of private stuff.

Please vote for and suggest solutions at http://maemo.org/community/brainstorm/view/protecting_private_content_when_loaning_device/ and discuss below.

Put all your to-be-protected data in a folder and password-protect it. An app like Toucan should do it well. But I don't know if this app is available for N900!!

Given that maemo is a proper multi-user Linux OS, couldn't this be implemented by having more than one user, including a guest user for loan periods?

Use one of the free Norton Ghost clones for Linux. They're open source, but I don't know if they work on ARM because some are used on Live CDs. There is also 'cloning' which is popular on Nokia N800. I think something similar should be possible on N900 by using MicroSD card.

It'd work like this: one would make an image, give it loan, let them fiddle and play with it. After loan, rewrite image back and nothing has changed. Not even any of owner's settings as it is a 1:1 copy. After this, one can re-loan the device again, or continue to use it themselves.

Alternatively, it could boot from the MicroSD card instead of rewriting the image from MicroSD to flash. Then, it would not touch flash. The other way around takes more work to restore but image on MicroSD you can keep with you; flash not so, so they could access the flash (by mistake or intended). You could also make several images, put them on MicroSD, and have these several images booted depending on user who its loaned out. Saves rewriting images whole time.

All this only works if you trust those you loan the device to though for theoretically speaking once someone has physical access to your hardware they could compromise it for example by installing a bug, cold boot vector, copying your SD card, ...

Put all your to-be-protected data in a folder and password-protect it. An app like Toucan should do it well. But I don't know if this app is available for N900!!

I like this idea. After all you don't want others seeing pics of you or your girlfriend in compromising positions etc !

I would think something like a protected folder would have to be viewed in an Explorer type window that asks for a password to access. when viewing, icons clicked etc to open in the default associated programs. There's no point having pictures appear up in the photo viewer with a description saying "wife naked" and a locked icon, as that will still cause inquiring minds.

Or perhaps, when the picture/video/music/etc is opened from the protected folder, it shows only the protected files available in the player, or perhaps *all* of the files on the device are accessible.

I like this idea. After all you don't want others seeing pics of you or your girlfriend in compromising positions etc !

I would think something like a protected folder would have to be viewed in an Explorer type window that asks for a password to access. when viewing, icons clicked etc to open in the default associated programs. There's no point having pictures appear up in the photo viewer with a description saying "wife naked" and a locked icon, as that will still cause inquiring minds.

Or perhaps, when the picture/video/music/etc is opened from the protected folder, it shows only the protected files available in the player, or perhaps *all* of the files on the device are accessible.

Can I borrow your device :p

Ok jokes apart, I see your point.
It should not only protect the folder but the files in it. I guess, it might be possible to achieve this.

For ex, lets take a simple photo viewer app!
Assuming the photo viewer app only views files ending with an extension jpg/jpeg/bmp/png/raw/etc. To avoid protected data from being viewable in the photo viewer app, the extensions of those picture files in the to-be-protected folder can be changed to something other what the photo viewer app would understand (say, xyz). And the protector app will remember all these temporary mappings.

This app can be protected from being run by a password.

Thanks for the comments so far. Please remember to vote for solutions at http://maemo.org/community/brainstorm/view/protecting_private_content_when_loaning_device/ and add new solutions for password-protecting certain files or folders, and for ghosting (although the use case described in the Brainstorm idea was really for short term lending of the device, e.g. while in a pub, so ghosting would be a bit tricky and possibly overkill!). If you don't want to add them yourself, I can do it, but I believe you get maemo.org karma if you add them yourself.

To dormant, please note that multiple Linux user profiles and Ubuntu-style Guest Sessions are already listed as possible solutions. Feel free to vote for them.

That's a good question: I make a point of never carrying sensitive data on a mobile device (I work for the NHS, so data protection is a bit of an issue). It will mean entering passwords for things like groupwise every time I open it, but that's ok. My diary never carries full names or addresses on principle.

Mind, I doubt anyone would want my collection of teddy bear porn pics... ;)

I like this idea. After all you don't want others seeing pics of you or your girlfriend in compromising positions etc !

I would think something like a protected folder would have to be viewed in an Explorer type window that asks for a password to access. when viewing, icons clicked etc to open in the default associated programs. There's no point having pictures appear up in the photo viewer with a description saying "wife naked" and a locked icon, as that will still cause inquiring minds.

Or perhaps, when the picture/video/music/etc is opened from the protected folder, it shows only the protected files available in the player, or perhaps *all* of the files on the device are accessible.This discussion very much overlaps with t.m.o thread Data Privacy whilst Traveling with Mobile Computer (http://talk.maemo.org/showthread.php?t=33178).

However, the above has the very vector I already asserted: if someone has physical access to your device they can tamper with it. In your example, even on software layer. What may only be required is root access. If there is an encrypted image they may be interested in it precisely for the very reason it is encrypted. If you use a specific directory instead of whole homedir (or whole disk encryption) there will also be metadata such as .bash_history, locate.updatedb, and cached thumbnails which must be taken into account. The solutions are simple: either do not host such data on your device, do not lend your device if it contains such data, or keep in mind metadata leaking and make sure does not happen. Good luck with the last option, for many won't understand or be able to do that, and it does not take into account 3rd party applications.

BTW, Nokia's DRM framework on Maemo 6 may be interesting for this purpose although you don't have your own private key so it would not stop Nokia or those who are able to force Nokia (ie., The Law) accessing the data.

Can I borrow your device :p

Ok jokes apart, I see your point.
It should not only protect the folder but the files in it. I guess, it might be possible to achieve this.

For ex, lets take a simple photo viewer app!
Assuming the photo viewer app only views files ending with an extension jpg/jpeg/bmp/png/raw/etc. To avoid protected data from being viewable in the photo viewer app, the extensions of those picture files in the to-be-protected folder can be changed to something other what the photo viewer app would understand (say, xyz). And the protector app will remember all these temporary mappings.

This app can be protected from being run by a password.

Good idea! A simple solution - for my own use - would be to change the extension as you say, as long as there is a "right-click" way to "open with" a program without creating a permanent association. That would at least keep away the photos, videos, documents, music etc that you woulnd't want someone to see when you are demonstrating the capabilities of the n900 to friends and work colleagues.

This discussion very much overlaps with t.m.o thread Data Privacy whilst Traveling with Mobile Computer (http://talk.maemo.org/showthread.php?t=33178).
Thanks. I was trying to keep this Brainstorm away from the wider problem of 'proper' data security, and more what to do about casual or accidental leakage of data when you just quickly hand you device to someone to show them a picture or so they can make a phone call, or when you just want to show off your new device.

Well solutions like the one above seem like a kludge to me. What happens when you have installed another photo app that doesn't care about the file names? The best way to handle this is to access the device as a different user, but that means each user is going to need their own settings folders etc. The "much wider problem of 'proper' data security" needs to be solved before this can be handle in any reasonable way. At least in my opinion.

However how about locking the person you are loaning the phone to out of certain applications? This could be done with a chown that can be reversed with the entering of a password. Not elegant by any means but...

Well solutions like the one above seem like a kludge to me. What happens when you have installed another photo app that doesn't care about the file names? The best way to handle this is to access the device as a different user, but that means each user is going to need their own settings folders etc. The "much wider problem of 'proper' data security" needs to be solved before this can be handle in any reasonable way. At least in my opinion.

However how about locking the person you are loaning the phone to out of certain applications? This could be done with a chown that can be reversed with the entering of a password. Not elegant by any means but...

One thing to remember is that you are lending this device to a friend or a person whom you already KNOW. And extremely securing stuff might not be needed! But if you loose the device to anyone else, thats a different story. For such cases, you don't want the other guy to see ANY of your data. So, in that case, you should try locking him out.

Btw, I am interested to know about any photo viewer app that tries to open/read a .XYZ extension file? Any video app that tries to open/read a .789 extension and so on? I don't know of any. Please share if there any apps out there that do it. That would be interesting.

If there really are apps that do the above, I think, I might have another solution for that too. But for now, let's keep this as simple as possible!!

Added my solution (#4) in the brainstorm page:
http://maemo.org/community/brainstorm/view/protecting_private_content_when_loaning_device/

Put sensitive files on removable card. When lending, remove said card. Problem fixed. This does leave traces like file names remaining in 'file history' list, but this is not very dangerous without the actual files, and if you have enough brains not to name them "me&she69.jpg" or "confidential_customer_data.doc".
The problem, of course, would be that the files are not in /home/... . Maybe some clever sym-links could solve this. On my fedora box, i have /home on one partition, and several /home/xxxxxxx folders on other partitions, and it works well. Also, the ability to save on card by default for some apps (like camera) might be important
Here's how the system might work. Let's say you have several calendars under /home/calendars, and some of them are private. Have a script that moves calendars considered as private to the card and sym-links them back in /home/calendars. Apps looking there would see no difference, but the files are gone when you remove the card

Thanks, that's a pretty good idea. It's a shame that it's a little tricky to remove the card from the N900, as having to remove the back cover etc. is just a little much when you just want to quickly lend someone your device in a pub.

For ex, lets take a simple photo viewer app!
Assuming the photo viewer app only views files ending with an extension jpg/jpeg/bmp/png/raw/etc.

is this correct or is it a case that the photo viewer will only open the photos from the folder you were in. e.g. im in my pics and double tap the image it then opens the full viewer and i can scroll through the pages

wouldnt a password protect folder work in this case. My use case is similar i let people play with my phones or send texts and i have nosey friends that would happily search photos. however they are average joe and prob dumb average joe with Linux, so a password protected folder would be a brick wall for them. yes they would be curious but they would never no how to get around it

is this possible i want an N900 and its this sort of thing that i thought u could easily do being a pocket computer not a phone :P

you would be right done with lending you device and would not have to care about private data and the new user would be able to do everything if something like this http://talk.maemo.org/showthread.php?t=34563 would be implemented.

working on all things with symlinks (~/$configs) to the users data and a proper user-management would do the rest, dont you think?

I work for the NHS, so data protection is a bit of an issue

Lol a bit of an issue? I work as an IT Advisor for a similar trust to yours - it's the bane of my life!!!

(Sorry - very slow at seeing this thread!)

Would love to see something like this implemented :) (And will go votey!)

added merge solution

Could you possibly put the items in a single folder and then use a script to change the folder type to a hidden folder (with a . before the folder) so it isn't normally viewable. Such a script could request a password and could be set to run from a desktop icon. It wouldn't be very secure if anyone were to make an effort to locate the content but it should put off people just messing around with the pictures app etc.

Seeing as the default nokia tools have one bug I guess.. they won't go into /home/user from what I can tell only /home/user/MyDocs so just move things over there.

Maybe have a private mode shortcut on the desktop... something that would do:

sudo mount -o bind /home/user/MyDocs-clean /home/user/MyDocs

That way the data is there but effectively hidden from all the apps.

honestly having something like I proposed with the cryptography thing could give you a button to lockdown your device to phone only or something, or 5 seconds to switch the users to someone like guest not able to view private data but use all functions like browse or call or text... automated overwrite of the guest account data at it's logout would be a nice feature as well.

Hidden folders aren't very secure, because some apps might very well list them anyway
As script as simple as
chmod 000 *
chown root *
will hide everything from basic users, and also stop people who might somehow find permission changing, but don't know how to sudo (are there any?)
An even smarter script will back up the original permissions so the unhide script can restore them

You left out -R to do it recursilvely... but I'd couple this with a find... also still doesn't solve the problem of vfat access :)

I didn't mean for it to be used in a high level directory recursively, that would surely break things in spectacular ways. You should make a separate private folder to keep things you don't want seen. Although i guess using -R is good if you make sub-folders there
Anyway, this is nothing more than a simple hack to keep nosy tech-oblivious friends away from your more intimate pictures with the missus or the shopping list. It will do nothing to stop more advanced users. And it will not work on vfat at all (no permission/ownership support on that piece of junk)
Also, i understand most people want a tightly integrated 'secure mode', where they only have to flip a setting and enter the password. I'm afraid even if the infrastructure was there (gpg, encrypted loopback interface and all), the user would still have to do the securing (for example, pictures will have to be moves/encrypted-decrypted manually, unless the camera app is changed to take care of that, which i kind of doubt)

the user would still have to do the securing (for example, pictures will have to be moves/encrypted-decrypted manually, unless the camera app is changed to take care of that, which i kind of doubt)

which part of ln -s target linkname didnt you understand?

an initial script would do the following:
setup user-crypt-space in /home/user/
mount crypt
copy all databases and personal files and settings to crypt and replace original with symlink to crypt
adduser guest
create folderstructure and paste default setting files

maybe everytime a login script needs to fix the symlinks to point to the right target but thats also just a script to run


for your private pictures and stuff you would need to include your user-files My_Docs or have another setup for some folders,

with multi-user support I would repartition the 32GB anyway, to something like 1GB vfat for the guest user, 5GB for my private data (ext3, crypted) and the rest just vfat/ext...(even ext is mountable to windows with IFS drivers...)

eCryptfs would work great for this kind of stuff. Stacked filesystem, dont need to mess around with partitions, just mount your encrypted stuff whenever you want to use it.

It is a kernel module. Is it available on the repositories? (obviously im still waiting for my N900 to arrive :mad:)

Added my take on the issue.

I think a simpler solution could actually have a shot, rather than a complex, if better solution that is scheduled for 2015.