[OLPC Security] olpc security - wetware issues

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Fri Feb 9 20:12:36 EST 2007


Simson Garfinkel wrote:
> 
> On Feb 9, 2007, at 4:16 PM, Carl-Daniel Hailfinger wrote:
>> Thanks for the cell phone example. It illustrates perfectly what would be
>> interesting to save. "Call logs". Consider the question a parent could
>> ask: "With whom did my child chat?" Whether parental supervision is
>> always the best idea is not something I want to decide.
> 
> Excellent point.
> 
> As a parent, I would like to know the names of the websites that my
> child has visited and the people with whom she has exchanged email and
> instant messages. My daughter is 10. If she were 18 it would not be
> appropriate for me to have this information. At 15 it is appropriate. In
> US society, that is.
> 
> I can certainly see the reason to log this kind of information --- and I
> can see the reason to log it on the school server in addition to on the
> laptop itself. It's not clear to me that you need to log all of the
> content, however.

A contact list would probably be sufficient.

>> However, the
>> lack of ideas on this list what could be interesting for parents is
>> unexpected.
> 
> Well, do you think that child protection software is properly thought
> part of the security model, or should it be something else?

Difficult question. If we decide blocking of communication partners
(e.g. certain IM addresses or web sites) for child protection is a
possible feature of the laptop, we definitely should address it in the
spec. If such software gets deployed without being an (optional) part
of the Bitfrost spec, it will have undefined consequences for the
security of the complete machine. That's not something we want.

Regards,
Carl-Daniel
-- 
http://www.hailfinger.org/


More information about the Security mailing list