[Bug 94230] thumbnails privacy violation hazard
Ian Jackson
iwj at ubuntu.com
Tue Mar 20 20:46:04 UTC 2007
Public bug reported:
Binary package hint: eog
Using a fresh feisty beta 20070302.1 desktop install, I did the following:
1. Took a photo with my digital camera using an otherwise empty memory card
2. Removed the memory card from the camera and inserted it (via a USB flash adaptor) into one of the USB slots on the computer.
3. When offered the choice whether to "import" the photos, declined saying "ignore".
4. Browsed the contents of the memory card using the Nautilus file manager
5. Observed the image thumbnail which was visible in Nautilus
6. Opened the image in eog
7. Closed eog and the relevant nautilus windows
8. Selected "unmount volume"
9. Rebooted with the "Restart" option from the top-right-hand Quit button
10. While the computer was rebooting, removed the flash card
11. Observed that when the computer was rebooted and I had logged in, .thumbnails/normal/<long string of hex>.png was a thumbnail of my image.
Note that the computer here has silently made a record of what was on
the flash card. Knowledgeable users can easily find this information
and this poses a hazard to naive users of digital cameras.
Arrangements should be made for these thumbnails to be in encrypted
swap. Failing that, the thumbnail cache should be disabled or
frequently cleared.
** Affects: eog (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
thumbnails privacy violation hazard
https://launchpad.net/bugs/94230
More information about the desktop-bugs
mailing list