search

onionoino / klee

GNU General Public License v3.0
2 stars 2 forks source link

Encryption #89

Closed onionoino closed 1 year ago

onionoino commented 1 year ago

Description

All data stored in the POD should be enrypted to mitigate the negative affect of leakage

Why

POD could be self-hosted or commercial services. These services could be attacked.

Close Criteria

Other Details

Current contents:

solid@ecosyslnet:~/server/kayon-toga/klee/survey$ cat 20230322085115\$.ttl 
<https://solid.ecosysl.net/kayon-toga/profile/card#me> <http://xmlns.com/foaf/0.1/device> "";
    <http://xmlns.com/foaf/0.1/systolic> "101";
    <http://xmlns.com/foaf/0.1/obTime> "20230322085115";
    <http://xmlns.com/foaf/0.1/heartRate> "75";
    <http://xmlns.com/foaf/0.1/isSoreThroat> "No";
    <http://xmlns.com/foaf/0.1/temperature> "36.7";
    <http://xmlns.com/foaf/0.1/isCough> "No";
    <http://xmlns.com/foaf/0.1/diastolic> "85".

shoud be the following after this issue

solid@ecosyslnet:~/server/kayon-toga/klee/survey$ cat ENCRYPTED NAME\$.ttl 
<https://solid.ecosysl.net/kayon-toga/profile/card#me> <http://xmlns.com/foaf/0.1/encrypted attr> "";
    <http://xmlns.com/foaf/0.1/encrypted attr> "encrypted string";
    <http://xmlns.com/foaf/0.1/encrypted attr> "encrypted string";
    <http://xmlns.com/foaf/0.1/encrypted attr> "encrypted string";
    <http://xmlns.com/foaf/0.1/encrypted attr> "encrypted string";
    <http://xmlns.com/foaf/0.1/encrypted attr> "encrypted string";
    <http://xmlns.com/foaf/0.1/encrypted attr> "encrypted string";
    <http://xmlns.com/foaf/0.1/encrypted attr> "encrypted string".
gjwgit commented 1 year ago

An alternative could be to encrypt the whole file. Encrypting the individual values provides information about what data is being collected which could leak private information. Encrypting the whole file and retaining the date/time for the file name also leaks some information, about when data is being collected which may indicate certain private patterns! It gets tricky.

Something to think about.

onionoino commented 1 year ago

How about encrypting everything? But it would be very difficult for users to view their data through a pod browser

gjwgit commented 1 year ago

Good point. I would suggest we encrypt everything and (another project) extend the POD browser to handle encrypted data.

onionoino commented 1 year ago

Image

gjwgit commented 1 year ago

What is the encryption key?

onionoino commented 1 year ago

Image

It is here, if this is what you are looking for?

gjwgit commented 1 year ago

Close this as completed and meeting the close criteria. Add new issue to consider encrypting the whole file.