EFF Moan about libpurple logging

Richard Laager rlaager at wiktel.com
Wed Jan 4 03:50:10 EST 2012 

On Tue, 2012-01-03 at 20:05 -0800, Zachary West wrote:
> If someone physically compromises your system, does it really matter
> that there's chat logs? If someone cares, wouldn't they disable it?
> Seems like a weird thing to worry about.

+1

If we don't log by default, people who want logging are upset because
conversations were lost.

If we do log by default, people who don't want logging are upset because
they feel we violated their privacy or made it easier for someone else
to do so (by reading the logs which wouldn't otherwise exist).

Put differently, there's not a clear "least harm" option. One side says
we should err on the side of privacy protection. The other says we
should err on the side of no data loss.

If we prompt the user, I bet everyone would be upset because we're
dialog-spamming the user.

On my system, Firefox and Evolution save history and sent emails by
default. I believe this is the case with the vast majority of current
web browsers, email clients, webmail services, etc. I see no reason to
go back to being the exception.

Just like the plaintext passwords issue, if someone is concerned about
their privacy _on their local system_, they should be using disk
encryption anyway--which the EFF recognizes on the same "holiday
wishlist" page.* We already tend to assume Pidgin users are using
separate user accounts per person, so I'm not sure what other local
system concerns one would have about logs.

If we're concerned about this issue, perhaps we should show a *one-time*
system message in the first conversation window when logging is enabled.
It would read something like, "Conversations are saved by default. To
disable this behavior, see the Logging tab of the Preferences." Of
course, people would probably just ignore that. And a message for every
new conversation window is just too obtrusive, in my opinion.

* On a side note: They complain about Ubuntu not making full-disk
encryption easy, but Ubuntu makes encrypted home directories brain-dead
easy to use. If anything, they should be asking for Ubuntu to implement
encrypted swap by default. I don't know what full disk encryption buys
you over encrypted swap and ecryptfs, and it certainly has a lot of
downsides.

-- 
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://pidgin.im/pipermail/devel/attachments/20120104/b2c83aa8/attachment.sig>

More information about the Devel mailing list