Comment 2 for bug 94230
Revision history for this message
| Ian Jackson (ijackson) wrote Re: [Bug 94230] Re: thumbnails privacy violation hazard | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Sebastien Bacher writes ("[Bug 94230] Re: thumbnails privacy violation hazard"):
> That's a tricky bug, regenerating thumbnails again every time you browse
> a directory would not be a nice user experience, asking user if they
> want to store them every time you open a directory would not be usuable.
> Any idea on what could be changed?
Possibiltiies which occur to me include:
* Store the thumbnails in a tmpfs. If we had encrypted swap (which we
really ought to have anyway) then that would pretty much solve the
privacy problem with not too much loss of performance.
* Store the thumbnails in the same directory as the images themselves
(and automatically prune old thumbnails). This has much better
privacy properties but it may not be trivial to do on non-sane
filesystems. Another problem is that removeable flash media (often
used for image storage) tend to be rather slow and also wear out
faster if you make `unnecessary' writes.
* Encrypt each thumbnail with a key derived from the full file
contents. This would need some careful design (of both crypto and
surrounding machinery).
Ian.