Comment 25 for bug 787868

I think I will take over this soon...

On Tue, Apr 10, 2012 at 5:22 PM, Siegfried Gevatter <email address hidden>wrote:

> What's the status of this? I think there hasn't been any activity on
> this since before the Vala port started.
>
> @jplacerda: Are you still interested in working on it?
>
> ** Changed in: zeitgeist
> Importance: Medium => Wishlist
>
> --
> You received this bug notification because you are subscribed to The
> Zeitgeist Project.
> https://bugs.launchpad.net/bugs/787868
>
> Title:
> Encryption of database
>
> Status in Zeitgeist Framework:
> In Progress
>
> Bug description:
> I think that Zeitgeist should encrypt databases in
> ~/.local/share/zeitgeist/* for anti-forensics reasons.
>
> While someone may happen to use an encrypted disk, Zeitgeist may serve
> as the ultimate accidental spyware to an unsuspecting user. One
> possible mitigation is to randomly generate a reasonable key, tie it
> into the login keychain and then use that key with something like
> http://sqlcipher.net/ rather than straight sqlite.
>
> In theory, a user will never know that this encryption/decryption is
> happening - no underlying assumptions about the disk need to be made
> to maintain any security guarantees. This should prevent anyone from
> learning the contents of the database without also learning the login
> password. Modern Ubuntu machines disallow non-root ptracing (
> https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace )
> and if the gnome keyring is locked, an attacker would have a much
> harder time grabbing meaningful Zeitgeist data without interacting
> with the user or bruteforcing the login keychain.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/zeitgeist/+bug/787868/+subscriptions
>