Project

General

Profile

Bug #8447

Persistent data is not erased when persistence features are disabled

Added by sajolida almost 3 years ago. Updated 3 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Persistence
Target version:
Start date:
12/16/2014
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

When you deactivate a persistence feature, the corresponding data is not erased from the persistent volume. This is nothing new, but I'm realizing that this is not made clear to the user and this is a problem:

  • People might believe that this data has been deleted when it is not.
  • People might have bad surprises as Tails autoconnecting to networks that they had configured in the past but disabled since then.

First we should discuss whether we think that this is a problem, and its gravity. Then we can move on to proposing solutions: wiping disabled features by default, prompting the user to choose whether wiping or not, mentioning this in the documentation only, etc.

History

#1 Updated by sajolida almost 3 years ago

  • Description updated (diff)

#2 Updated by intrigeri almost 3 years ago

sajolida wrote:

  • People might have bad surprises as Tails autoconnecting to networks that they had configured in the past but disabled since then.

Just to be clear: this shouldn't happen for networks that were individually disabled, but only when one has disabled the Network Connections persistence preset entirely, right?

First we should discuss whether we think that this is a problem, and its gravity.

Looks like a normal priority problem to me.

Then we can move on to proposing solutions: wiping disabled features by default, prompting the user to choose whether wiping or not, mentioning this in the documentation only, etc.

Wiping by default seems to be out-of-question to me without a prompt. With a prompt, well, maybe that would be a fine place to draw the line, yeah.

Code-wise, I see only one obvious way to do it given how the codebase is opiniated. It would happen in the persistence-setup Git repo.

One would add what is called a "step" to the code, e.g. Tails::Persistence::Step::Clean, that takes some of its code as parameters from Tails::Persistence::Setup (what?! oh crap I wrote it). Learn the basics of Moose if needed, and see examples in the Tails::Persistence::Step:: namespace. The interaction with the data model would happen in Tails::Persistence::Configuration (saving the initial configuration, looking for removed atoms or lines — pick the best layer of abstraction, enjoy — between them). Plugging it all together would be done in Tails::Persistence::Setup.

Maybe an "Easy" code ticket?

Don't be discouraged, at least another person (kurono) has already successfully patched it in non-trivial ways. Maybe he would be interested playing with it again :)

#3 Updated by BitingBird almost 3 years ago

  • Type of work changed from Discuss to Code

+1 for the prompt.

#4 Updated by sajolida almost 3 years ago

I think that this prompt should suggest that deleting data as the default option. It would be more like a confirmation prompt than a scary warning prompt.

It could be something like:

You are about to disable the following persistent features:

* Pidgin
* GnuPG

Do you want to securely delete the data associated with those features?

[Keep]                 [Delete]

#5 Updated by intrigeri almost 3 years ago

I think that this prompt should suggest that deleting data as the default option.
It would be more like a confirmation prompt than a scary warning prompt.

Perfect, thanks!

#6 Updated by sajolida almost 3 years ago

This has also been added to the agenda for the January meeting. We could use it to validate the current proposal but it seems like we have already reached a consensus here as the type of work has been changed from Discuss to Code.

#7 Updated by sajolida almost 3 years ago

During the January meeting, we said that:

  • We acknowledged the proposal from comment 4.
  • We can't really say "securely delete" on flash media. So that needs rephrasing.

https://tails.boum.org/contribute/meetings/201501/

#8 Updated by u 6 months ago

  • Target version set to Hole in the Roof

#9 Updated by nodens 3 months ago

  • Assignee set to nodens

Tentatively assigning this to myself, will look into it at the very least.

Also available in: Atom PDF