thumbnails privacy violation hazard
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libgnomeui |
New
|
Undecided
|
Unassigned | ||
libgnomeui (Ubuntu) |
Confirmed
|
Medium
|
Ubuntu Desktop Bugs |
Bug Description
Binary package hint: eog
Using a fresh feisty beta 20070302.1 desktop install, I did the following:
1. Took a photo with my digital camera using an otherwise empty memory card
2. Removed the memory card from the camera and inserted it (via a USB flash adaptor) into one of the USB slots on the computer.
3. When offered the choice whether to "import" the photos, declined saying "ignore".
4. Browsed the contents of the memory card using the Nautilus file manager
5. Observed the image thumbnail which was visible in Nautilus
6. Opened the image in eog
7. Closed eog and the relevant nautilus windows
8. Selected "unmount volume"
9. Rebooted with the "Restart" option from the top-right-hand Quit button
10. While the computer was rebooting, removed the flash card
11. Observed that when the computer was rebooted and I had logged in, .thumbnails/
Note that the computer here has silently made a record of what was on the flash card. Knowledgeable users can easily find this information and this poses a hazard to naive users of digital cameras.
Arrangements should be made for these thumbnails to be in encrypted swap. Failing that, the thumbnail cache should be disabled or frequently cleared.
tags: | added: privacy |
That's a tricky bug, regenerating thumbnails again every time you browse a directory would not be a nice user experience, asking user if they want to store them every time you open a directory would not be usuable. Any idea on what could be changed?