Comment 16 for bug 787868

I agree 100% with Jacob that we need to work on these security issues. While some people might find it paranoid, we should try to minimize our attack surface.

AFAIK http://sqlcipher.net/ is cross-platform the only thing we will need to do is package it for Ubuntu. It offers protections on platforms that are hard to otherwise protect. During the generation of a NEW DB we just need to add "PRAGMA key = 'passphrase';" And then we need to copy data from the old into the new DB.

Right now anyone can do anything with our DB and the user may not even know the DB is being created.

Examples:
1) Copy the DB as it is into another physical drive
2) Any process can hook into zeitgeist and push out info

Those have to be fixed...
It won't cost us anything and people will not complain if we do it. The chances of people praising us for respecting their privacy is much bigger. AFAIK MeeGo people had a BIG issue with us being unencrypted. At UDS people told me they deinstalled Zeitgeist because of their fear of their data being exploited.
Now we cant fix both within the next 2 - 3 weeks to a much better state. But we have to start with it now.

I would like to start with the database encryption. I think we can land this as a new feature. And to be honest for that I don't care about backwards compatibility. What are the chances that:
1) People move away from Zeitgeist because it is in a way spyware
2) then people moving away after we encrypt the database because for them it will be backwards incompatible.

I am not going to get into details of the keyring stuff now. But again its a vector that risks exploitation. We will need to tackle this properly. But the sqlite cypher stuff can be done in a matter of a couple of days including packaging (using Siegfried power) :P