[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Off-topic: Gmail Grrrr.

On 12/25/13, Reco <recoverym4n@gmail.com> wrote:
> On Tue, 24 Dec 2013 15:51:25 +0100
> Ralf Mardorf <ralf.mardorf@alice-dsl.net> wrote:
>
>> On Tue, 2013-12-24 at 15:40 +0100, Ralf Mardorf wrote:
>> > On Tue, 2013-12-24 at 18:04 +0400, Reco wrote:
>> > > I wrote "one runs two instances of firefox with different profiles

To friends stuck in proprietary land, I have suggested here and there
that they do their internet banking in a separate firefox profile from
their youtube and facebook etc.

On the rare occasion they have later swapped to GNU, one individual of
course wanted to keep using her various (she uses quite a few)
profiles, all of which she keeps in separate Truecrypt volumes!

> Tell me, which one is more KISS:
>
> 1) Appending certain 'keywords' to a link.
> 2) Parsing such link.
> 3) Relying on a custom script.
>
> Or, just:
>
> Run the link in a browser for the current user account.

When one user is running multiple "identities" be in Unix-account
logins, Firefox profiles, or something else yet, this is always going
to be more complicated to the one-identity-only problem.

I agree that separate Linux accounts appears to have some definitely
favourable options. But is the setting up of separate _user_ accounts,
for "only one user", and training that user (lets say grandma), for
the sake of some extra security, an established and easy pathway?

Rhetorical question I know. And yes, of course, training Grandma to
use multiple Firefox profiles is probably not going to be much easier.
And in both cases "banking" icon on desktop vs "family and photos"
icon on desktop is going to be the same, from grandma's perspective,
no matter what's under the hood.

I think what we need is some more software/memes/workflows to be
established for the easy (eg gui) management of multiple identities
(or "security contexts" or ...)

XFCE still doesn't have a sanctioned XFCE "user management" applet,
and those from other DE's are not designed with "automate restrictions
for banking-only firefox profile" type user-account creation idea.

Maybe an opportunity for libre-software desktop promoter-developers...

>> > The main thing is
>> >
>> > - KISS
>> > - a user has got no root privileges or assumed the user s admin too,
>> >   than it's simply nonsense to become root and too add another user.
>> >
>> > Sometimes it's useful to add another user and sometimes it's not.
>
> Hardly an issue, as adding a user is done once per OS lifetime, not
> each time browser starts.

Again, user accounts, and firefox profiles, are particular "technologies".

We probably ought think in terms of "identities" and how best to
facilitate the use-cases for the types of identities that we (or "our
Debian users") will want to manage. The particular tech under the hood
ought be secondary.

...
> - You have one user with browser profile with flash plugin enabled. Any
> damage that's done via flash plugin is limited to this account data.

> - You have a different user with browser profile with java plugin
> enabled. Again, any damage that's done via java plugin is limited to
> this account data.

> - You have a third user for Google Chrome, which has an interesting
> habit to read files in user's $HOME for unknown reasons.

> - And, you have the main account, which is allowed to run browsers with
> rights of three previous users, and stripped down (no plugins, disabled
> cookies and JS) browser for that clicked link.

> It's basic damage control, applied in advance.

This is a good type of thinking of course. Depending on the type of
online identity, an extra Firefox profile might be plenty, and in some
cases perhaps preferred.

Of course, for my "internet banking, paypal and bill payments"
identity, the stricter protection provided between Linux user accounts
appears on the surface to make a lot of sense.

Separation of ebay and amazon etc product browsing, vs using PayPal to
actually make a specific payment, and how to separate these two
browser functions into separate "personal identity security contexts"
is a more complex issue I think...

>> Sometimes it's even more useful if a family does share one account with
>> different settings. It belongs to the things they want to share or not
>> want to share.

True. People do this.

> That's wrong thing. Would somebody think of the children ;)!
> Having a different account for each family member saves one from 'who
> deleted my important file' incidents, which is invaluable.

True. This happens.

> At least in my family everyone has a different account on every host I
> have in my house. And people usually know (and children can be
> more-or-less easily taught) about usernames/passwords. It's the 'browser
> profiles' which are complete life-changing discovery for them.

Every tech has its place. Goals (as you pointed out some above) are
the real question, and many of those questions are not yet well
answered, it seems self evident.

Best regards to all,
Zenaan
Reply to: