On 29 October 2012 22:05, Alan Bell <alanbell@xxxxxxxxxx
<mailto:alanbell@xxxxxxxxxx>> wrote:
Hi Alan,
I don't have any particular comment on the implementation of the
"privacy" as I haven't been involved in that - but there's a
technical tidbit I do have something to attach to:
SNIP This leads on to the thought that an evil genius could write
a lens/scope that is invisible, and presents no results, but
listens to the global search query change event and sends every
keystroke out to the internet, regardless of the privacy
preference setting. This is bad. I don't see any valid use-case
for a lens to set the visible property to false.
Firstly - if you can run a process under a given user, that user is
basically screwed for all intents and purposes. That is - at least
until Ubuntu implements a rigorous apparmor sandboxing of *all*
processes. Which is a huge task, that I don't know the state of (if it
even has a "state" :-)). IOW - hiding a lens in order to log global
search keystrokes is the *least* of your worries.
