Reply
Thread Tools
pelago's Avatar
Posts: 2,121 | Thanked: 1,540 times | Joined on Mar 2008 @ Oxford, UK
#1
When I get my Maemo 5 device, I imagine I will want to show it off to other people, and let other people try it out for themselves, as it looks like it will be very 'touchable' and nice and easy to use. I would like to do this because of being proud of the device, and this also might encourage other people to get one.

However, there may be some content on the device (pictures, to-do items, documents, emails, etc.) that I would rather not show to the person to which I'm handing the device. I would like to brainstorm ways of keeping such things private.

Note that I realise that if someone was determined and had long enough, they could bypass security in any number of ways and this Brainstorm idea isn't about that. This idea is about very short term (a few minutes probably) lending of the device to guests, where I will usually be present beside them, and is only designed to cover preventation of casual or accidental snooping of private stuff.

Please vote for and suggest solutions at http://maemo.org/community/brainstor...oaning_device/ and discuss below.

Last edited by pelago; 2009-10-24 at 14:02.
 

The Following User Says Thank You to pelago For This Useful Post:
vkv.raju's Avatar
Posts: 402 | Thanked: 451 times | Joined on Dec 2007 @ India
#2
Originally Posted by pelago View Post
When I get my Maemo 5 device, I imagine I will want to show it off to other people, and let other people try it out for themselves, as it looks like it will be very 'touchable' and nice and easy to use. I would like to do this because of being proud of the device, and this also might encourage other people to get one.

However, there may be some content on the device (pictures, to-do items, documents, emails, etc.) that I would rather not show to the person to which I'm handing the device. I would like to brainstorm ways of keeping such things private.

Note that I realise that if someone was determined and had long enough, they could bypass security in any number of ways and this Brainstorm idea isn't about that. This idea is about very short term (a few minutes probably) lending of the device to guests, where I will usually be present beside them, and is only designed to cover preventation of casual or accidental snooping of private stuff.

Please vote for and suggest solutions at http://maemo.org/community/brainstor...oaning_device/ and discuss below.
Put all your to-be-protected data in a folder and password-protect it. An app like Toucan should do it well. But I don't know if this app is available for N900!!

Last edited by vkv.raju; 2009-10-24 at 14:15.
 

The Following User Says Thank You to vkv.raju For This Useful Post:
dormant's Avatar
Posts: 332 | Thanked: 76 times | Joined on Oct 2007 @ St. Augustine, Trinidad and Tobago
#3
Given that maemo is a proper multi-user Linux OS, couldn't this be implemented by having more than one user, including a guest user for loan periods?
__________________
  • N900
  • N800
  • LD-3W
  • two magic OTG USB adapters
  • crossed fingers
 

The Following 4 Users Say Thank You to dormant For This Useful Post:
allnameswereout's Avatar
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#4
Use one of the free Norton Ghost clones for Linux. They're open source, but I don't know if they work on ARM because some are used on Live CDs. There is also 'cloning' which is popular on Nokia N800. I think something similar should be possible on N900 by using MicroSD card.

It'd work like this: one would make an image, give it loan, let them fiddle and play with it. After loan, rewrite image back and nothing has changed. Not even any of owner's settings as it is a 1:1 copy. After this, one can re-loan the device again, or continue to use it themselves.

Alternatively, it could boot from the MicroSD card instead of rewriting the image from MicroSD to flash. Then, it would not touch flash. The other way around takes more work to restore but image on MicroSD you can keep with you; flash not so, so they could access the flash (by mistake or intended). You could also make several images, put them on MicroSD, and have these several images booted depending on user who its loaned out. Saves rewriting images whole time.

All this only works if you trust those you loan the device to though for theoretically speaking once someone has physical access to your hardware they could compromise it for example by installing a bug, cold boot vector, copying your SD card, ...
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
 
Posts: 488 | Thanked: 107 times | Joined on Sep 2009 @ Asgard / Midgard / London
#5
Originally Posted by vkv.raju View Post
Put all your to-be-protected data in a folder and password-protect it. An app like Toucan should do it well. But I don't know if this app is available for N900!!
I like this idea. After all you don't want others seeing pics of you or your girlfriend in compromising positions etc !

I would think something like a protected folder would have to be viewed in an Explorer type window that asks for a password to access. when viewing, icons clicked etc to open in the default associated programs. There's no point having pictures appear up in the photo viewer with a description saying "wife naked" and a locked icon, as that will still cause inquiring minds.

Or perhaps, when the picture/video/music/etc is opened from the protected folder, it shows only the protected files available in the player, or perhaps *all* of the files on the device are accessible.

Last edited by Thor; 2009-10-24 at 15:28.
 

The Following User Says Thank You to Thor For This Useful Post:
vkv.raju's Avatar
Posts: 402 | Thanked: 451 times | Joined on Dec 2007 @ India
#6
Originally Posted by Thor View Post
I like this idea. After all you don't want others seeing pics of you or your girlfriend in compromising positions etc !

I would think something like a protected folder would have to be viewed in an Explorer type window that asks for a password to access. when viewing, icons clicked etc to open in the default associated programs. There's no point having pictures appear up in the photo viewer with a description saying "wife naked" and a locked icon, as that will still cause inquiring minds.

Or perhaps, when the picture/video/music/etc is opened from the protected folder, it shows only the protected files available in the player, or perhaps *all* of the files on the device are accessible.
Can I borrow your device

Ok jokes apart, I see your point.
It should not only protect the folder but the files in it. I guess, it might be possible to achieve this.

For ex, lets take a simple photo viewer app!
Assuming the photo viewer app only views files ending with an extension jpg/jpeg/bmp/png/raw/etc. To avoid protected data from being viewable in the photo viewer app, the extensions of those picture files in the to-be-protected folder can be changed to something other what the photo viewer app would understand (say, xyz). And the protector app will remember all these temporary mappings.

This app can be protected from being run by a password.
 

The Following User Says Thank You to vkv.raju For This Useful Post:
pelago's Avatar
Posts: 2,121 | Thanked: 1,540 times | Joined on Mar 2008 @ Oxford, UK
#7
Thanks for the comments so far. Please remember to vote for solutions at http://maemo.org/community/brainstor...oaning_device/ and add new solutions for password-protecting certain files or folders, and for ghosting (although the use case described in the Brainstorm idea was really for short term lending of the device, e.g. while in a pub, so ghosting would be a bit tricky and possibly overkill!). If you don't want to add them yourself, I can do it, but I believe you get maemo.org karma if you add them yourself.

To dormant, please note that multiple Linux user profiles and Ubuntu-style Guest Sessions are already listed as possible solutions. Feel free to vote for them.
 
RevdKathy's Avatar
Posts: 2,173 | Thanked: 2,678 times | Joined on Oct 2009 @ Cornwall, UK
#8
That's a good question: I make a point of never carrying sensitive data on a mobile device (I work for the NHS, so data protection is a bit of an issue). It will mean entering passwords for things like groupwise every time I open it, but that's ok. My diary never carries full names or addresses on principle.

Mind, I doubt anyone would want my collection of teddy bear porn pics...
__________________
Hi! I'm Kathy and I'm a Maemo Greeter! Welcome.
Useful links for newcomers: New members say hello , New users start here, Community subforum, Beginners' wiki page, Maemo5 101, Frequently Asked Questions (FAQ)
Did you know Meego.com has forums too?
 
allnameswereout's Avatar
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#9
Originally Posted by Thor View Post
I like this idea. After all you don't want others seeing pics of you or your girlfriend in compromising positions etc !

I would think something like a protected folder would have to be viewed in an Explorer type window that asks for a password to access. when viewing, icons clicked etc to open in the default associated programs. There's no point having pictures appear up in the photo viewer with a description saying "wife naked" and a locked icon, as that will still cause inquiring minds.

Or perhaps, when the picture/video/music/etc is opened from the protected folder, it shows only the protected files available in the player, or perhaps *all* of the files on the device are accessible.
This discussion very much overlaps with t.m.o thread Data Privacy whilst Traveling with Mobile Computer.

However, the above has the very vector I already asserted: if someone has physical access to your device they can tamper with it. In your example, even on software layer. What may only be required is root access. If there is an encrypted image they may be interested in it precisely for the very reason it is encrypted. If you use a specific directory instead of whole homedir (or whole disk encryption) there will also be metadata such as .bash_history, locate.updatedb, and cached thumbnails which must be taken into account. The solutions are simple: either do not host such data on your device, do not lend your device if it contains such data, or keep in mind metadata leaking and make sure does not happen. Good luck with the last option, for many won't understand or be able to do that, and it does not take into account 3rd party applications.

BTW, Nokia's DRM framework on Maemo 6 may be interesting for this purpose although you don't have your own private key so it would not stop Nokia or those who are able to force Nokia (ie., The Law) accessing the data.
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
 
Posts: 488 | Thanked: 107 times | Joined on Sep 2009 @ Asgard / Midgard / London
#10
Originally Posted by vkv.raju View Post
Can I borrow your device

Ok jokes apart, I see your point.
It should not only protect the folder but the files in it. I guess, it might be possible to achieve this.

For ex, lets take a simple photo viewer app!
Assuming the photo viewer app only views files ending with an extension jpg/jpeg/bmp/png/raw/etc. To avoid protected data from being viewable in the photo viewer app, the extensions of those picture files in the to-be-protected folder can be changed to something other what the photo viewer app would understand (say, xyz). And the protector app will remember all these temporary mappings.

This app can be protected from being run by a password.
Good idea! A simple solution - for my own use - would be to change the extension as you say, as long as there is a "right-click" way to "open with" a program without creating a permanent association. That would at least keep away the photos, videos, documents, music etc that you woulnd't want someone to see when you are demonstrating the capabilities of the n900 to friends and work colleagues.
 
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 13:44.