Project

General

Profile

Feature #8447

Propose to delete data from a persistence feature when it is deactivated

Added by sajolida almost 4 years ago. Updated about 1 month ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Persistence
Target version:
Start date:
12/16/2014
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

When you deactivate a persistence feature, the corresponding data is not erased from the persistent volume. This is nothing new, but I'm realizing that this is not made clear to the user and this is a problem:

  • People might believe that this data has been deleted when it is not.
  • People might have bad surprises as Tails autoconnecting to networks that they had configured in the past but disabled since then.

First we should discuss whether we think that this is a problem, and its gravity. Then we can move on to proposing solutions: wiping disabled features by default, prompting the user to choose whether wiping or not, mentioning this in the documentation only, etc.


Related issues

Related to Tails - Feature #14544: Spend software developer time on smallish UX improvements In Progress 08/31/2018
Duplicated by Tails - Feature #12448: Propose to delete data from deactivated persistent features Duplicate 04/14/2017

History

#1 Updated by sajolida almost 4 years ago

  • Description updated (diff)

#2 Updated by intrigeri almost 4 years ago

sajolida wrote:

  • People might have bad surprises as Tails autoconnecting to networks that they had configured in the past but disabled since then.

Just to be clear: this shouldn't happen for networks that were individually disabled, but only when one has disabled the Network Connections persistence preset entirely, right?

First we should discuss whether we think that this is a problem, and its gravity.

Looks like a normal priority problem to me.

Then we can move on to proposing solutions: wiping disabled features by default, prompting the user to choose whether wiping or not, mentioning this in the documentation only, etc.

Wiping by default seems to be out-of-question to me without a prompt. With a prompt, well, maybe that would be a fine place to draw the line, yeah.

Code-wise, I see only one obvious way to do it given how the codebase is opiniated. It would happen in the persistence-setup Git repo.

One would add what is called a "step" to the code, e.g. Tails::Persistence::Step::Clean, that takes some of its code as parameters from Tails::Persistence::Setup (what?! oh crap I wrote it). Learn the basics of Moose if needed, and see examples in the Tails::Persistence::Step:: namespace. The interaction with the data model would happen in Tails::Persistence::Configuration (saving the initial configuration, looking for removed atoms or lines — pick the best layer of abstraction, enjoy — between them). Plugging it all together would be done in Tails::Persistence::Setup.

Maybe an "Easy" code ticket?

Don't be discouraged, at least another person (kurono) has already successfully patched it in non-trivial ways. Maybe he would be interested playing with it again :)

#3 Updated by BitingBird almost 4 years ago

  • Type of work changed from Discuss to Code

+1 for the prompt.

#4 Updated by sajolida almost 4 years ago

I think that this prompt should suggest that deleting data as the default option. It would be more like a confirmation prompt than a scary warning prompt.

It could be something like:

You are about to disable the following persistent features:

* Pidgin
* GnuPG

Do you want to securely delete the data associated with those features?

[Keep]                 [Delete]

#5 Updated by intrigeri almost 4 years ago

I think that this prompt should suggest that deleting data as the default option.
It would be more like a confirmation prompt than a scary warning prompt.

Perfect, thanks!

#6 Updated by sajolida over 3 years ago

This has also been added to the agenda for the January meeting. We could use it to validate the current proposal but it seems like we have already reached a consensus here as the type of work has been changed from Discuss to Code.

#7 Updated by sajolida over 3 years ago

During the January meeting, we said that:

  • We acknowledged the proposal from comment 4.
  • We can't really say "securely delete" on flash media. So that needs rephrasing.

https://tails.boum.org/contribute/meetings/201501/

#8 Updated by u about 1 year ago

  • Target version set to Hole in the Roof

#9 Updated by nodens about 1 year ago

  • Assignee set to nodens

Tentatively assigning this to myself, will look into it at the very least.

#10 Updated by u 8 months ago

@nodens: are you still willing to look into this? If yes, good! If not, you can unassign yourself or find somebody else to take care of it.

#11 Updated by u 8 months ago

  • Related to Feature #12448: Propose to delete data from deactivated persistent features added

#12 Updated by nodens 8 months ago

  • Assignee deleted (nodens)

I give up, at least for now: there is no way I'll manage to find enough time for that in the coming weeks/months

#13 Updated by sajolida 8 months ago

I give up, at least for now: there is no way I'll manage to find enough time for that in the coming weeks/months

Thanks for making that clear; and take care!

#14 Updated by sajolida 3 months ago

  • Related to Feature #14544: Spend software developer time on smallish UX improvements added

#15 Updated by u 3 months ago

  • Assignee set to Gaff

Gaff will have a look.

#16 Updated by sajolida about 1 month ago

  • Related to deleted (Feature #12448: Propose to delete data from deactivated persistent features)

#17 Updated by sajolida about 1 month ago

  • Duplicated by Feature #12448: Propose to delete data from deactivated persistent features added

#18 Updated by sajolida about 1 month ago

  • Tracker changed from Bug to Feature
  • Subject changed from Persistent data is not erased when persistence features are disabled to Propose to delete data from a persistence feature when it is deactivated

Also available in: Atom PDF