From: Alan Horkan (horkana@maths.tcd.ie)
Date: Sat Aug 16 2003 - 14:11:01 EDT
http://www.schneier.com/crypto-gram-0308.html#8
"someone who is even a little bit clever can recover the text, with
embarrassing or even damaging results"
The classic one I remember is Microsoft releasing accounts that were last
edited on a Macintosh.
I dont think abiword has fallen into any of these traps yet, although a
closer look at the built in revisioning system might be advisable for
those who like me have a paranoid streak. The tradeoff between usability
and security intrigues me too of course, better user feedback would help
users to decide what information they do want in their documents.
It might be useful to suggest metadata such as the adding $USERNAME as the
document author. This could be done in a more considerate way by only
suggesting if the user goes to changes the document properties or
something along those lines. $USERNAME and other system data might be
useful as document Fields. (I'll file a bug on this and list the Fields
that MSword 97 supports that abiword does not yet support if you want me
to).
If I need another excuse for posting this then perhaps one of the
developers might use Abiword/WvWare to bring to life Bruce Schneiers
suggestion of a Scrubber, to help users avoid the privacy pitfalls of
msword documents and their ilk.
I expect someone will take the high moral ground and point out that if you
know what you are doing you can easily avoid these kind of accidents by
educating yourself and making a little effort.
Dont underestimate the willingness of people to pay for a tool that merely
simplifies a manual task, the old maxim 'do one thing well' applies and if
users are willing to pay for that convienence go for it.
Sincerely
Alan Horkan
http://advogato.org/person/AlanHorkan/
This archive was generated by hypermail 2.1.4 : Sat Aug 16 2003 - 14:23:15 EDT