<br><br><div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><span class="q"><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Are documents that are explicitly world-shared stored unencrypted? How about narrower shares - there could be a complicated system of group keys and session keys, though the benefit is limited.
</blockquote></span><div><br>Sharing is a transitive thing that is focused on the act of sharing an activity, not the resulting file output. At the end of a shared session, each user (as I understand it, mind you that I am not hacking on Sugar so I might be missing a step) participating in the share will get an entry into their Journal(datastore). They will, then, have a local copy of the file. It is not akin to read/write permissions of a file on a traditional machine.
</div></div></blockquote><div><br>Sorry if I have the wrong jargon. I mean file sharing, not activity sharing. And don't tell me there will be no such thing - how does a student hand in a paper and then receive the comments back? Not all collaboration is real-time.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><span class="q"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Why would you want your data stored regionally or globally, if you don't trust your net access?
</blockquote></span><div><br>Don't trust the network access because of a (1)Big Brother or because of (2) inconsistent access?<br><br>(1) The data is encrypted. Now, there is more to this. Encrypting the data with the default caveat that you can restore backups later (child's XO gets vaporized, need another issued to you) means that whatever token (private key, the serial number of the XO, etc) used to encrypt/decrypt the data must also be available to some teacher/administrator/government official. It is not possible (though I am happy to hear otherwise) for us to allow for data restoration without also making it possible for mean people in power to snoop on us.
</div></div></blockquote><div><br>Not true. As I state in the talk page of the wikipage that started this thread, I could give 4 pieces of key to other random laptops from the same batch, of which any 2 pieces were sufficient. I could also choose to give duplicates of those 4 pieces to up to four friends, but no laptop would accept more than 8 keypieces, all for separate keys, for storage. No central record would record who has whose key. When I had to restore, there would be a broadcast message to the whole batch: "Somebody wants so-and-so's key." This would be a low-priority but visible event to all users. The 4 laptops which had my key would allow their users to either approve or disapprove, and also tell the server who they were (so that I could track them down).
<br><br>Obviously, a committed big-brother could still twist two kids' arms and convince the rest to ignore the message. But that doesn't scale well to stealing EVERYONE's data and mining it, which is the real threat.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div>This does mean that if, say, Google was used as a backup farm for the entire world of XOs, they could not decrypt or read the data.
<br><br>A part of Bitfrost says that a child can (if not initially at launch, in the near future) assign a password, backup their private key and tell it to not be backed up to the school server, or provide some other personal token that moves the responsibility onto their shoulders for being able to restore their data from a backup but also removes the ability for prying eyes at any level to step in.
</div></div></blockquote><div><br>And what, the server just deletes the key at that moment? And then re-encrypts all the backed-up files and deletes the old copy? Hmmm...<br><br>If you want security for your key, you need to have it from day 1, you can't patch it back up later.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div>Let me know if I am being unclear here. I am happy to try again for clarity.
<br><br>(2) We are using rsync, which will let you resume interrupted downloads. Create a low-priority background process to upload to the local school server, if the network goes down, just pick up where you left off later.
</div></div></blockquote><div><br>I'm not talking about backup, I mean restore. What good is a backup to me if it will take me two weeks of dropped connections to get it back?<br><br>Or are you imagining the case where a school server is stomped? Since the ratio is 1 server per 100 laptops, most locales will have two servers, and network considerations mean that you want these physically separated anyway. Even if not, I'd rather have my secondary backup be peer-to-peer with my nearest neighbor, not in the Google Dimension. I'm personally less worried about data continuity after large natural disaster than I am about big brother.
<br> </div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>I am happy for you to CC this back to Sugar, if you like.<br><br>Cheers!
<br></div><div><span class="e" id="q_11418d44c12e478c_10"><br>-- <br>Michael Burns * Intern<br> One Laptop Per Child
</span></div></blockquote></div><br>