Proposal: Personal Data Encryption (maybe SoC?)
Tim Newsom
cephdon at gmail.com
Tue Mar 20 15:33:20 CET 2007
On Tue, 20 Mar 2007 2:08, Jim McDonald wrote:
> Tim Newsom wrote:
>> The best part is that if you don't want it, you don't use it. And
>> those that do want it, can use it and its all completley transparent
>> to the applications.
> But not at all transparent to the end user. Again assuming that there
> is some sort of key caching going on, what is the real consumer benefit
> to having multiple ways of categorising data to different levels of
> security versus having a simple "protect my data against unauthorised
> access" checkbox somewhere that blanket-enables encryption?
>
> (Alternatively there could be some way in which these configuration
> settings are pluggable and people with the more complex requirements
> could download the advanced settings plugin and leave normal users with
> a simple yes/no choice.)
>> --Tim
>
> Cheers,
> Jim.
>
I don't think you want security which is transparent to the user.. If
the user does not know it exists then they won't know they are using
it.. And then they might do something which causes problems later on.
The user should have full knowledge of what they are doing. That
doesn't mean it has to be difficult or have 200 commands at the prompt
to set up. It can be easy and guided.. And possibly just an advanced
menu somewhere which contains the necessary jump points into the
security configs.
Remember, most users (the average mom and dad) will not use the security
features anyway. Some because they don't know how, some because they
don't think of it and some because they just can't be bothered to set it
up.
Now, the ones that don't know how may at some point try to learn, so it
needs to be able to help them through it. More advanced configs don't
have to be set up by the average person either. Its the flexibility
that is desired. Maybe it ships with password / gesture providers by
default and someone can 'load new security providers' where it connects
to a trusted source for signed openmoko security engin plugins
(providers being easier to say).
Once connected they could read descriptions of available providers,
install them and during the install it asks some questions about how
they want it initially configured. If they have not set up any security
before, maybe it asks them the 'first time questions'...
It can educate them on potential dangers without spreading FUD and open
their eyes to the awesome potential that is the openmoko platform.
Lets also not forget that openmoko is not just for phones.. But also
other devices. This scheme could be used by anything... From a laptop
with someones fingerprint reader and using a fingerprint security
provider or some not thought of security mechanism to the next hand held
multimedia player device (though why you would want security on it is
your guess... Maybe security camera videos of a sensitive nature?)..
Lets think universal and try to apply what we are creating to a larger
set of devices.
--Tim
--Tim
More information about the community
mailing list