[Bugs] #75 MAJO: Internet based backup and recovery of user files

[SugarLabs Bugs]

#75: Internet based backup and recovery of user files
------------------------+---------------------------------------------------
  Reporter:  CarolineM  |       Owner:  Bernie
      Type:  defect     |      Status:  new   
  Priority:  major      |   Component:  SoaS  
Resolution:             |    Keywords:        
------------------------+---------------------------------------------------

Comment(by mungewell):

 I may be misunderstanding what you wrote; did you mean 'turn off access
 _for_ that stick' ie. de-auth a particular stick to prevent access to
 school server?

 If not, please read on....

 Turning off access to the user's files stored the on the USB stick is both
 difficult and subject to abuse/attack.

 At present the files are stored as a datastore within whatever persistence
 file/partition the LiveCD/USB uses. Often this is simply an ext2/3
 filesystem within a file, which is overlaid on the CD filesystem. A simple
 'mount' command will mount this file to make the datastore accessible
 (even if the names of individual journal items are garbled).

 If the LiveUSB is used on a PC without internet access there will be no
 method to trigger the 'lock files' action.

 If the datastore is not 'shredded' the files would still be accessible
 using another OS to access the USB drive.

 The only real way to protect the files is to use some form of encrypted
 filestore, but this would require user authentication on boot - probably
 something that a 5 year old could not handle.



 Is the protection of the user data that important? I believe that the
 security features of the real XO are more as a deterent to theft/black
 market trade of the hardware itself.

 Mungewell.

-- 
Ticket URL: <http://dev.sugarlabs.org/ticket/75#comment:1>
SugarLabs <http://dev.sugarlabs.org>
Sugar Labs bug tracking system