On 20.3.2014 11:28, Carsten Haitzler (The Rasterman) wrote:
but that still is not the same level of security for OPENING the car door and
starting the car. ivi does not require the same level of security as the
potential damage of someone who is SITTING in your care and using the ivi system
(hey are trusted enough to sit in your car), vs someone outside of your car, at
3am when you are asleep trying to break in to steal the car. vastly different
level of consequences due to a security breach, thus likely need vastly
different amounts of attention security-wise.
It needs more security, because the consequences of someone stealing
your information can be much more severe than someone stealing your car.
Insurance covers stolen car, but usually not stolen information. If you
access your company email from the car IVI system for example (or mobile
device for that matter)...
You already get set of requirements if you want to certify your device
for MS Exchange access (policy enforcement etc).
Each user still needs to be authenticated properly, especially if they
have their Google Wallet or Facebook credit card accessible behind the
authentication system.
At least here for example taxis are just ordinary cars, usually
something like Skoda Superb or Mercedes E-class. Same goes for driving
school cars, those tend to be ordinary stuff like Skoda Octavia.
not if data has been backed up. as most peolpe just hand their data to google
etc. all their emails are there. all their facebook messages are there. their
I wonder how many corporations would allow their emails stored there.
And "most ordinary non-privacy aware private persons" is not enough to
steer platform requirements. What if the device is used by government
officials or company CEO?
contacts are synced to gmail. they already gave their private info away for
free and they just get it back. :) ok - i lose my call log and sms's - not used
that much anymore. :)
I don't think platform should be designed based on requirements of
least-security aware users.
quick survey of me and 2 other engineers next to me. 0% use encrypted
filesystems. i can tel you no one in my family uses them either. sol add a few
more there. i actually personally know no one who uses this feature on their
phones (that has in any way indicated they do - they may or may not use it, but
they haven't said so), so my really quick survey of ENGINEERS around me says...
this is not commonly used. you're likely not in the majority. :)
Or they don't know, because it is just silently enforced by the Exchange
account policy?
Again, majority in which category and geography?
"Almost 40 percent in our survey didn’t take even minimal security measures,
such as using a screen lock, backing up data, or installing an app to locate a
missing phone or remotely erase data from it."
Some will only learn the hard way when their device is lost or stolen.
network access as higher importance than privacy. MOSt people are not you. you
of course are different, but most people seem to disagree. :)
I don't care so much about what "most" think. I care about those who
expect privacy and security. I would expect Tizen to be better in this
area than any of the competition on the market, including BlackBerry.
i would argue.. they shouldn't be able to steal your car to begin with! :) if
you've protected the ivi system and google wallet which maybe can cause them to
lose $1000 before the account is blocked, OR you cause them to lose their
$80,000 dollar car... because security was focused on for ivi but left lax for
the door/ignition access... i'd say priorities are wrong. :)
Insurance would pay for the car, but not for what ever immaterial loss
has happened as side effect. You would get new car and forget about the
incident. But you would continue to wonder what people will do with all
your private files/messages/emails/photos/videos/etc.
_______________________________________________
Dev mailing list
Dev@lists.tizen.org
https://lists.tizen.org/listinfo/dev
