ubuntu-phone team mailing list archive

[Alberto Mardegan <alberto.mardegan@xxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/12/2014 10:44 AM, Alberto Mardegan wrote:
> On 06/11/2014 09:47 PM, Ted Gould wrote:
>> I'm probably bias, but for me disk encryption is a critical 
>> feature.
> 
> It is a critical feature indeed: we are not using the GNOME keyring
> on the phone yet, so all Online Accounts passwords and OAuth token
> are stored in plain text.

Just to give some more clarification before people start to panic :-)

No matter how our passwords and token are stored, no third-party
application can access them: applications installed from click
packages are confined, and won't be able to read the accounts'
password anyway.

What the encryption story is important for is the case where your
phone is lost or stolen: without disk encryption, the new owner of the
phone could be able to find your passwords and get access to your
google and facebook accounts.
But, even with no encription, until the phone is in your hands, you
don't have to worry about your personal information being spied on or
stolen.

Still, I think that disk encryption is a critical feature, which
deserves some time to be spent on it.

Just a quick thought: could we use at least the SIM card PIN code to
encrypt the disk?
That is:
- - if no PIN code is given, disk will be unencrypted
- - if the PIN code is given, disk will get encrypted

I acknowledge that this is very simplistic and that short PIN codes
can't make your data really sacure, but if nothing else is possible,
I'd rather go for this than give up the feature altogether.

Ciao,
  Alberto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlOZZDgACgkQVLQegMXeCFI6pwCeKpgCaWo3ImfaTu71Bl66Oj1+
Y3QAnRgk7guvK+do27eNTQcr/6QCe09s
=ZLIc
-----END PGP SIGNATURE-----