Question on securely wiping EXT3 and some questions on linux and privacy in general

Naja Melan najamelan at gmail.com
Tue Mar 25 16:04:58 UTC 2008


hi,

I accidently saved some files in /media/truecrypt1 when it wasn't mounted
yet.... so basically like in so many cases one could be in need of secure
wipe...

As in many cases, the filenames are more sensitive than the data. And no, im
not trying to hide my porn from my mom, in which case *rm* would have
satisfied nicely...

I have been reading around and it seems shred is the more advanced tool
compared with the alternative dd... Apart from that just some tools that
offer to wipe free space and swap...


*As we all know, EXT3 is a journalling file system, which stores at default
level meta data about hard disk access... Im quite certain that shred and dd
don't wipe that, and what about some master file table...?

*Does anyone know if there are tools to get secure delete of a file on EXT3
that takes care of everypart of data including metadata, file names etc...





Further more, i would like to inform about people's opinions on privacy in
linux, and specifically ubuntu...

Remember the times when we were all  blaming microsoft for not respecting
our privacy, and all sorts of conspiracy theories where being made up. I was
a windows user in that time. Now im trying to see if linux is a viable
alternative. So far, i've been very dissapointed with the privacy department
of ubuntu (linux). I would have suspected with all the politicos being so
fond of linux, that at least privacy would be well respected. Now, lets
compare my experience so far.

*On windows we have:*


   1. IE
   -> but use firefox instead
   2. ntfs
   -> but have eraser which will deal with everything, including the $logfile
   (journal)
   3. indexer service                                               ->
   but it is easily turned off in the GUI if it's on by default, which im not
   even sure anymore
   4. recent files list in software and the os      -> software is
   individual on this, and on OS level, it requires a registry tweak, not very
   userfriendly.
   5. sending crash reports, etc...                       -> windows has
   always politely asked me whether to send these...



*On ubuntu we have (what i have discovered so far, all enabled by default
against my choice with no notification of it, nor centralised documentation
on how to turn it off):*


   1. recent documents                      -> setting the permissions to
   it couldn't be written anymore didn't do the trick for me. So far i havent
   been able to turn it off.
   2. locate indexer                              -> you can turn this of
   from the GUI
   3. nautilus history                            -> despite the
   preferences window, and searching internet, no way to turn it off
   4. ext3                                                -> see question
   above - can't find a way to be sure with the journalling
   5. apport sending crash reports  -> Im not entirely sure, but i have
   the impression that this is sending stuff without asking me... knotify
   hasn't because it has always crashed when it popped up...lol
   6. automatic updates                     -> this has been enabled by
   default, but i havn't worried about it, and have not tried yet to turn it
   off...



now without a doubt im forgettin lots of stuff here, but so far i must say
that contrary to my beliefs when switching towards linux, i feel more
confortable on a windows computer to *limit* ( i don't feel entirely safe at
all ) the traces i leave behind. I really thought that switching to linux
would free me from crap like recent documents and other histories, and
indexers indexing the contents of my files. Not only is it hard or
impossible to find how to turn certain things off, since all the nice
privacy violating features are on by default, you have to remember to turn
them off every time you install ubuntu again. That is error prone, and easy
to forget something.

*Am I the only one thinking all that? Am i condemned to using something like
Security Enchanced Linux, which is being provided by the nice and privacy
minded likes of NSA... Operating systems which will have the focus on
security, which will then probably have even worse usability than ubuntu?

*if you disagree that ubuntu is not very userfriendly, well, standards
differ, but i don't mind writing down the first few hassles that spring to
my mind... But let me tell you that in the few months i have been using
ubuntu, i have spend many more hours running to the internet trying to find
out how to solve bugs, and how to get things done than in the past ten years
of using windows...

as a few examples,

   1. the installer of ubuntu has an advanced button in the end for grub
   settings. It provides wonderful explanation in the sense of: "grub help goes
   here", after which it installs a faulty menu.lst for grub unless you
   install it on the first hdd. This leads to a system that doesn't boot and
   you need to know about grub to rectify the settings before you can boot...
   wow great for the average user...!
   2. no playing mp3's or closed formats without internet support and too
   much time on your hands to solve it, by the way, after several hours now i
   still can't get xmms to play flac, even with all plugins installed... ( just
   as a side note )
   3. standard archiver comes without drag and drop support
   4. I've had to use tons of command line, which has to be given that it
   is powerful if you have the right person tell you what commands to use, but
   if you are home without internet, it's very user unfriendly.
   5. I've had tons of apps crashing, freezing, i've had the OS freezing,
   crashing, not booting, I've had gdm not starting after setting settings in
   the GUI, i've had tons of annoyances to keep it short

That are just a few examples...does it look like i want to step to an OS
that is more secure but even less usable? NO!

Am I really the only one having all this problems, or should we try to solve
all this somehow? well, HOW????? My experience in OS development is,
well...'\0'...

Experience in debugging OS is building up though...I don't usually report
ubuntu bugs, because I would have to report one everyday. That would lead to
2 things: wasting more of my time every day, and also it would feel like
taking the piss, because with a system that crippled, we need to solve the
bugs, not report them, innit?

greets,
naja

solutions welcome...
*
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080325/b63905f4/attachment.html>


More information about the ubuntu-users mailing list