Proposal: Personal Data Encryption (maybe SoC?)

Tim Newsom cephdon at gmail.com
Tue Mar 20 15:33:20 CET 2007


On Tue, 20 Mar 2007 2:08, Jim McDonald wrote:
> Tim Newsom wrote:
>> The best part is that if you don't want it, you don't use it.  And 
>> those that do want it, can use it and its all completley transparent 
>> to the applications.
> But not at all transparent to the end user.  Again assuming that there 
> is some sort of key caching going on, what is the real consumer benefit 
> to having multiple ways of categorising data to different levels of 
> security versus having a simple "protect my data against unauthorised 
> access" checkbox somewhere that blanket-enables encryption?
>
> (Alternatively there could be some way in which these configuration 
> settings are pluggable and people with the more complex requirements 
> could download the advanced settings plugin and leave normal users with 
> a simple yes/no choice.)
>> --Tim
>
> Cheers,
> Jim.
>

I don't think you want security which is transparent to the user.. If 
the user does not know it exists then they won't know they are using 
it.. And then they might do something which causes problems later on.  
The user should have full knowledge of what they are doing.  That 
doesn't mean it has to be difficult or have 200 commands at the prompt 
to set up.  It can be easy and guided.. And possibly just an advanced 
menu somewhere which contains the necessary jump points into the 
security configs.

Remember, most users (the average mom and dad) will not use the security 
features anyway.  Some because they don't know how, some because they 
don't think of it and some because they just can't be bothered to set it 
up.

Now, the ones that don't know how may at some point try to learn, so it 
needs to be able to help them through it.  More advanced configs don't 
have to be set up by the average person either.  Its the flexibility 
that is desired.  Maybe it ships with password / gesture providers by 
default and someone can 'load new security providers' where it connects 
to a trusted source for signed openmoko security engin plugins 
(providers being easier to say).

Once connected they could read descriptions of available providers, 
install them and during the install it asks some questions about how 
they want it initially configured.  If they have not set up any security 
before, maybe it asks them the 'first time questions'...

It can educate them on potential dangers without spreading FUD and open 
their eyes to the awesome potential that is the openmoko platform.

Lets also not forget that openmoko is not just for phones.. But also 
other devices.  This scheme could be used by anything... From a laptop 
with someones fingerprint reader and using a fingerprint security 
provider or some not thought of security mechanism to the next hand held 
multimedia player device (though why you would want security on it is 
your guess... Maybe security camera videos of a sensitive nature?)..

Lets think universal and try to apply what we are creating to a larger 
set of devices.

--Tim

--Tim




More information about the community mailing list