'[Bug 232925] New: Security and Privacy issues with strigi/nepomuk'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 232925] New: Security and Privacy issues with strigi/nepomuk
From:       Robin Laing <MeSat () TelusPlanet ! net>
Date:       2010-04-01 4:08:19
Message-ID: bug-232925-17878 () http ! bugs ! kde ! org/
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=232925

           Summary: Security and Privacy issues with strigi/nepomuk
                    indixing
           Product: systemsettings
           Version: unspecified
          Platform: Fedora RPMs
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: kcm_desktopsearch
        AssignedTo: sebastian@trueg.de
        ReportedBy: MeSat@TelusPlanet.net


Version:            (using KDE 4.4.1)
OS:                Linux
Installed from:    Fedora RPMs

By default with the latest updates, nepomuk/strigi are required and cannot be
removed.  Due to this, all user directories and files are configured to be
scanned.  This is a privacy and possible security risk if no indication has
been make about this service.

At home, there are files and directories I do not want indexed at any time. 
When it is installed, the default settings are for all sub directories to be
scanned.  I want to protect my privacy and I have encrypted partitions that are
only mounted as sub directories when they are needed.  These get scanned and
are now in a database.

Same thing at work.  Encrypted partitions that are mounted and unmounted as
needed.  Strigi/Nepomuk requirement and default settings may force IT to ban
KDE from the workplace.

Default settings should be scan nothing and then let the user add as required.

I had disabled nepomuk when I first ran into this problem and an update enabled
it again.

I have to learn where the files are and /dev/null them for protection until
this is fixed.

I have read where it is possible for a user to accidentally include tags which
could be a major embarrassment or legal issue.

I have not found full configuration documentation yet for either of these
applications as to where files and configuration files are for system wide,
default configuration.

I was very tempted to post this is the security bugs section.

Where are the current man/html pages?  I only see docbook pages on my system. 
I have searched for configuration pages on kde.org with no success either.

On the Documentation search I get this.

The application strigi could not be found. Please check if you entered the name
correctly, or use the navigation on the left to access the complete KDE User
Documentation.

http://docs.kde.org/stable/en/kdebase-runtime/nepomuk/index.html

Is a blank page.

I also wonder how big the database file would be for over 4TB of data and how
that would affect the users home partition and restrictions.

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic