[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Automatic downloading of non-free software by stuff in main

> I guess you haven't read news about leaks happening once in a short while?
> It seems as if in most cases the govt is interested mostly not in what was
> leaked, but in who leaked it, so they can make an example of the
> whistleblower.

The arguments against this seem to center on an attacker being on your
running and decrypted computer as the targeted user. There are bigger
fires. Maybe this is worse for some theoretical leaker, but the fact a
sensitive document was leaked is something that's easy to track down.
Servers keep logs, too.

I still don't understand why for the regular user, the URL you got a
document from is worse than the ability for an attacker to read the
document itself.

I'm really having a hard time caring about an xattr specifying a URI
where it was downloaded from being worse than an attacker being able
to read the "sensitive" document off your drive. It's just not a
threat model I can comprehend.

Is this worse for a leaker? Maybe. So is the fact they print documents
using their ID badges, or email reporters from their work email. I
can't stop that. Everything you do on a computer leaves a trace.

What's worse is normal users getting owned because macros run on a
file they downloaded after having it emailed to them. I don't know
that we can optimize an operating system for a leaker and expect sane
behavior for our users.

I *guess* it'd be a problem if a user downloaded something that had an
API key in the URL? Sure, maybe that's not great. Other than that, I
really can't imagine why reading the url attributes of the file is
worse than reading the file itself.

Out of the list of privacy concerns, this isn't even on my top 10 -
out of my imagined steps to harden the OS against stupid attacks, this
is in my top 10 :)

Maybe someone can send a patch to LibreOffice to disable macros on
documents with this set? That'd be a nice productive thing to come out
of this thread :)


Reply to: