Privacy weakness in Trisquel
Hey everyone.
I'm in a hurry now, but I will give more details later if needed.
Basically, when you allow the system to show "hidden files" and such, you will notice in your home directory a couple of folders appear, I believe these are used by various programs like gimp and openshot, to keep configuration files and temporary files and such. Well, problem is, you will notice one folder called ".dvdcss" which contains folders with the names of the DVDs you have watched in your system! =S It means that if anyone gets access to my computer even for only 30 seconds, he will be able to know which DVDs I have played!
Also, I have tried running Bleachbit as root, and picked all options (less "free space clean", because it really takes a lot of time and it won't do anything to existing files) and it didn't clean them! It did clean a lot of trash in my system, but it didn't clean those files.
It's a privacy issue, how can we work this out to be more "secure"? Please don't say that "not allowing people near the computer" is a solution. I mean from a technical point of view.
THANKS
You could make .dvdcss require root access to write to. That would be pretty easy. I don't know if that would break libdvdcss, though.
See:
https://en.wikipedia.org/wiki/Content_Scramble_System
https://en.wikipedia.org/wiki/Libdvdcss.
Your DVDs contain DRM. Unfortunately, I'm not sure if removing it will keep you from playing your DVDs, but it might.
And file a bug with the program. It isn't even in Trisquel's repositories
The decryption key for the DVD needs to be stored somewhere. Besides: if someone has physical access to your computer then you have much bigger problems than them knowing what you've watched because they have access to your whole computer and everything on it. Instead, use full disk encryption and lock the computer when you're away.
Yeah, ultimately, the only way to make your files secure in the event of theft is to encrypt your hard drive.
Hello all.
Thanks to everyone who replied to my post.
Well, I understand most things that were said, but here are some key facts:
1. I don't store anything in my computer (no files nor anything personal).
2. I clean the system regularly with BleachBit.
3. I don't use autosave passwords options.
4. If anyone gets access to my computer, one of the few things they could learn was actually what DVDs I have watched. I actually watch very few DVDs, I have a small collection, but, I just don't like that people can know what I have watched.
So, yeah, I really want to get a way to clean it. I could delete it manually, but I actually wanted to have it in a more "automatic" way.
As for the concerns over DRM and such... I bought these DVDs, I have the right to watch them, I am not even copying them, I am merely watching them... Your point was?? I don't support DRM, but I don't mind that they exist in the context that they don't really affect me (I am against piracy as I have stated, and in most countries DVD is not patented). So, I am not against watching DVDs. I am against being spied =P
The problem with DRM is that some laws, namely those that implement the WIPO copyright treaty (such as the DMCA in the United States), forbid circumventing it. DeCSS has been expressly ruled to be illegal, in violation of the DMCA. libdvdcss hasn't, but it probably would be if it was brought to court. It uses a brute-force method to crack the encryption.
It's not wrong to break the handcuffs. The law is wrong when breaking the handcuffs is illegal. But you shouldn't just accept it, and ideally you should refuse to give your money to people and corporations who insist on putting handcuffs on you, even if you do possess a method to break them (and if you don't possess a method to break the handcuffs, you should never accept the thing that comes with digital handcuffs at all, even as a gift).
If a bad guy has access to your files, then he either found your username and password and connected to your system by SSH (assuming you run this service) or he somehow obtained root privileges. For the first case: you only need a long password (three short words is good) to be safe. In the latter case, the bad guy can install whatever he wants. For instance a key-logger to get your passwords. In the end, you are the only one annoyed by your security precautions!
"If anyone gets access to my computer, one of the few things they could learn was actually what DVDs I have watched."
And this underscores what I said earlier: Use full disk encryption and lock the computer when you're away. Matter solved. It also saves you time by not needing to use BleachBit, since the data's encrypted already although you still could.
You never write a document and safe it?
I don't know; if someone gets access to my pc, he's in my apartment and can see what books I read and can check out my personal scripts on my desk.
And honestly, that's ok. I want to be somehow "existent" in this world and for me, the risk of someone having access to my pc from my apartment is a price I'm willing to pay.
I don't think real danger comes from "this direction".
But how do you manage this? Do you keep your room also free of personal data?
Or is your computer a notebook and your traveling a lot?
When I go traveling with my notebook (it not very frequently) I remove the harddisk and use a trisquel live cd.
So I can be sure nothing gets stored and a thief don't has any of my data.
Thanks to everyone who replied.
However, no one actually suggested a way to get what I needed. I know encryption is good, and I know not letting strangers in my apartment is good, and I know that if a bad guy gets access to my computer he can do many nasty things.... I just don't know how to automatically delete the folder I mentioned from my system! That was my question, and I would welcome some suggestions on that.
For the time being, I deleted the folder manually (the one inside with the name of the DVD, not the entire one) and keep using BleachBit to clean the system. I actually think it's a software to be used even if you use encryption. It cleans a lot of trash in the system.
I would just add 'rm -rf ~/.dvdcss' to the "startup programs". In this way, the directory is removed whenever you log into your desktop session.
Well, that's a solution!
Thank you so much! =)
You might probably have interest in the content of this file
~/.local/share/recently-used.xbel
which is used to store a list of the most recently used files. GTK applications use it to build recents histories lists.
You might as well add 'rm -rf ~/.local/share/recently-used.xbel' to the "startup programs".
THANK YOU VERY MUCH! =)
I will check that out, but it was very good to know about that!
Keep us informed if you discover anything else important like this ;)
THANKS!
The solution is still to encrypt the drive rather than hope you find every single little thing. You won't.
I know I won't, Even if, there shouldn't be much to find ;)
And of course, full encryption is still needed. But I want to make Trisquel cleaner and safer by totally cleaning all traces of what I have done before.
But I agree with you ;)