[ubuntu-studio-devel] US Wiki/ help regarding data protection
set at ubuntustudio.org
Mon Jun 20 19:47:37 UTC 2016
On 2016-06-20 21:08, lukefromdc at hushmail.com wrote:
> Here is a short, simple overview that could be used as a starting
> point by nearly anyone able to boot US live:
> Due to the growth even in open source of applications that "phone
> home," when it is necessary for privacy or security reasons to be
> able to deny having produced a media item, it should be done on a
> computer that is not connected to the Internet. The finished media
> can be moved by a new flash drive to another computer in another
> location for publication.
> When even more security is needed, UbuntuStudio can be run from the
> live DVD or flash drive, and the raw media clips can be kept on
> removable media and editing applications set to put their temporary
> files on the same media. When the job is done the media containing
> the raw material (USB 3 flash drive or the original camera card) can
> simply be destroyed. A USB 3 flash drive will give far better
> performance when running "live" than a DVD or a USB 2 flash drive
> UbuntuStudio is almost opposite say, Windows 10 when it comes to
> security. No automatic backup to cloud servers, no automatic sharing
> of encryption keys with Microsoft, no "unique advertising ID," and so
> on. UbuntuStudio is not financed by selling your personal information
> to advertisers.
> On the other hand, even things like automatic checks for updates
> can reveal the existance not only of a computer but a computer with
> a media editing program consistant with what adversaries believe the
> media in question was produced on. Automatic crash reports can do
> the same. All of these generate server logs that can be accessed by
> authorities or just plain stolen by hostile hackers. A computer
> that is not connected to the Internet can't connect to cloud servers
> nor be listened in on over the network.
Thank you Luke, it is well formulated and benevolent. You have some very
good points, but i would like to avoid handing out "general/good
practices". I'd rather issue a firm warning and link to some trusted and
well furbished documentation source: Handing out good-practices would
require us to be very detailed and i think it is out of Ubuntu Studio's
scope. It could also render us responsible for failed attempts to remain
invisible. If not in the public eye, in the eyes of a victimized user.
How about this?:
> Because Ubuntu Studio is open, cares for freedom, strives for
> transparency, and is not financed by selling your personal
> information to advertisers, it's true that Ubuntu Studio offers
> better control over your privacy than proprietary operating systems
> usually do. Ubuntu Studio does not include software for encryption
> and/or anonymity, but you can and are free to install such tools.
> However, even when you use tools known to grant the strongest
> available privacy, there are still pitfalls.
> As soon as a computer is connected to the Internet, user errors and
> misunderstandings, can render even the strongest protections useless:
> Third parties not necessarily need to do something manipulative; a
> user's lack of knowledge can easily make sensitive information
> public, usage-patterns can easily make the origin of sensitive
> information identifiable and once such data is stored on the
> Internet, there's no way to control it.
> Journalists, activists or anybody else working with sensitive
> information should consider never connecting computers containing
> such information to the Internet. To learn more about how to
> transfer sensitive information to Internet securely, read [link to
> some guide] or (preferably) ask someone tech-savvy close to you who
> you that you trust deeply.
Set Hallstrom aka sakrecoer
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the ubuntu-studio-devel