Hacker News new | past | comments | ask | show | jobs | submit login

Zeitgeist stores your information on it's datahub, where 3rd party applications can retrieve it from. Nothing prevents such applications from sending this information elsewhere, once accessed.

As this comes out-of-the-box by default, and is in fact a pain to switch off, I compare it to this new windows behavior.




All your criticisms apply to syslogd as well: it stores your information in a central location (/var/log), which 3rd party applications can read and upload to somewhere else, and lots of software expects it to be there, so it can be a pain to switch off too.

Should we compare syslogd to the new Windows behaviour?


A normal user application, i.e. firefox, should not have access /var/log/messages. The zeitgeist db can be queried by any application running with the users privilege. Although to be fair the fedora 22 installation I'm running allows me read the logs launching journalctl as a user, so there's that. I don't think zeitgeist has much to do with the Windows behaviour (or with the scopes behaviour). It's just a potential security risk, albeit a minor one.


A normal user application, i.e. firefox, should not have access /var/log/messages. The zeitgeist db can be queried by any application running with the users privilege.

Zeitgeist itself runs with the users privilege (it's not a system daemon, it's started by the user's session), so that hypothetical application could simply log the data itself. There's no leak of information to underprivileged processes.


I know that, what I meant was that there is information stored about the past, that a malicious application could not get otherwise (i.e. it can record stuff only from the moment it is installed).

On similar note, I rememember someone arguing that the baloo/nepomuk db was a security threat, I guess since it makes slightly easier to search among the files on the system for a string like "password".

Both claims are technically true, and in neither case I believe they are practically relevant, neither for security nor for privacy. I was nitpicking, I guess.


I was referring to user data, not program data/log (despite it can as well containing some user data in some way).

Syslogd can be compared to windows event logs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: