On Friday 30 July 2010 04:29:54 pm Matthew Toseland wrote: > > 1. Offer to turn on encrypted swap in the installer. Keep encrypting > everything. Warn users about saving files out, and media files, and work > towards playing media files in an embedded (e.g. java) player that doesn't > use plaintext temp files.
Offering to reconfigure swap to be encrypted is out of scope. And not possible on Windows > 2. Give up on encrypting anything on disk, and > offer to install TrueCrypt if it isn't already installed. Offering TrueCrypt is out of scope I see a third option: 3. Realize that most users have a real LOAD of stuff on their hard disks which could get them screwed. Get rid of physical security. Encrypting the Freenet stuff does not help because they will use browsers which cache dangerous stuff and do downloads of dangerous stuff etc. The really paranoid ones will use TrueCrypt anyway. And encryption makes stuff slow. I mean it IS nice that we have a physical security level but I wouldn't have offered that feature from the beginning on. If you want to be safe when your computer gets seized you absolutely have to do full disk encryption, something will ALWAYS leak out otherwise. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20100731/d188a378/attachment.pgp>
