Re: [Tails-ux] Hide internal drives when no admin password h…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: Tails user experience & user interface design
Subject: Re: [Tails-ux] Hide internal drives when no admin password has been entered
Hi,

Peter N. Glaskowsky wrote (12 Jun 2015 19:45:09 GMT) :
> From a UX perspective, I am curious what the reasoning is behind the policy of
> associating access to local storage devices with the entry of an arbitrary
> admin password.


The goal here is to implement the "leave no trace on the computer you
are using unless you ask it explicitly" promise we make to users.
If internal drives were accessible transparently *by default*, just as
e.g. a removable flash storage device, IMO:

* it would be too easy for users to mistakenly write stuff there;
* it would be too easy for an exploited application to read/write
stuff from/to there.

I think that the good old https://labs.riseup.net/code/issues/5918 has
other ideas in this area, by the way.

> In reality, there is no particular connection there. We can presume someone somewhere
> has the legal or moral authority to access the internal drives, but we have no basis
> to conclude that the current user is or is not authorized.


I agree with your reasoning wrt. legal or moral authority, but I don't
think that it's the problem that this policy is trying to address:
I'm assuming that for all practical matters, someone who is able to
boot Tails on a given computer will be able to access internal hard
drives somehow. So we're past the legal and moral topic here, and
instead fully in Tails' security one.

> I’m also curious whether internal storage devices are truly locked out if the current
> user didn’t enter an admin password. Is it just that we don’t auto-mount the
> filesystems, or is it more secure than that?


Without admin credentials, one simply cannot mount internal drives.

Cheers,
--
intrigeri