UI security topic: UI for private activities

Tue Jan 17 16:58:40 UTC 2012

Em Tuesday 17 January 2012, Thomas Pfeiffer escreveu:
> > -----Original Message-----
> > Hi there,
> > 
> > In the last days we had a lot of discussions about the security topic.
> > In my team we already had a look how the UI dialogs could look like and
> > in last fridays telco we talked about that as well.
> > 
> > So here my current findings presented in a flowchart regarding "private"
> 
> > (means encrypted) activities:
> http://share.basyskom.com/contour/UIDesign/flowchart_PrivateActivities.pdf
> 
> Great to have already such an advanced version already available!
> 
> > Asumptions:
> > - Mark Activity as private: toggle Button in "Create new activity" and
> > "Activity Configuration" Dialog; details see flowchart
> 
> Why ist the password needed to switch to non-private again? You can't
> access the activity without the password anyway, so you have already
> entered it when you get to the configuration screen. And once you have
> access to an activity, switching private mode off isn't so much of a
> further
> risk. If the purpose is to prevent accidental de-activation, I'd just use
> a
> confirmation, not password entry.

	Because nothing garantees the user that opened the activity is the same 
that is now changing the configuration. For example, the device owner opens a 
private activity, in that situation the activity configuration dialog is 
accessible. After some time he/she leaves the device or even give it to 
another user *without locking the screen*. Now it is another person who is 
using the device, not the owner. In this situation that other person will be 
able to disable encryption for that activity.
 
> > - Open Private Activity in switcher: after tap a pw dialog appears
> > (similar to delete dialog); see validation details again in flowchart;
> 
> I'd use either "switch" or "open" as a label, "go" seems too generic.
> 
> > 3a- after manual or automatical screen lock while private activity is
> > running: pw dialog in lockscreen is required to open the current private
> > activity. Unlock with normal activity running doesnt require any pw, it
> > behaves like Plasma Active currently does.
> > 3b- there has been the idea that after locking, PA encrypts all private
> > activities again and just shows the last "normal" activity as a
> > fallback. What I dont like here, that the last normal activity can be
> > completly random, so that for the user that wouldnt be a benefit, as he
> > has been just working on the private activity.
> > 3c- Another option would be that the uncrypted fallback is always the
> > introduction activity, which can therefore be never private and can
> > never be deleted. This would assure that we have at least one
> > "normal/not private" activity in the system we can always fallback to. I
> > dont like this option that much neither, because we would introduce some
> > kind of homescreen, that we just wanted to get rid off ;)
> 
> My order of preferences (most to least preferred): a, b, c
> 
> > - With all these passwords coming now into PA, I suggest having a
> > security tab in our settings app with these options:
> > - device pw after shut down: toggle on/off; on is default (needs then to
> > be entered in first introduction activity)
> > - edit pw for device pw
> > - device pw after lock screen: toggle on/off; off is default
> 
> I agree with Marco and Ivan on the "false sense of security" point.
> On the other hand, laptops usually have a login password as well even
> though
> this does not offer more security if it's stolen either.
> Difficult matter...
> 
> _______________________________________________
> Active mailing list
> Active at kde.org
> https://mail.kde.org/mailman/listinfo/active


-- 
Lamarque V. Souza
KDE's Network Management maintainer
http://planetkde.org/pt-br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/active/attachments/20120117/c1c329d9/attachment-0001.html>