Privacy and passwords

Andrew Sackville-West andrew at swclan.homelinux.org
Sun Mar 2 15:20:41 EST 2008 

On Sat, Mar 01, 2008 at 08:08:18PM +0000, Davey Jones wrote:
> Having done a search of the archives, I'm still not clear why there is
> is such a huge philosophical objection from the devs to implementing a
> simple password feature for Gnucash.

Because a simple password feature that is simple to implement is of no
actual benefit. If there are people in your life that *would* mess
with your data, then you need real security. The simple solution
is only security theater: sort of a "look! I have to enter a password"
while the data is still just sitting there wide open in a text based
file format. IOW, pointless. 

To provide a real security solution requires more dev time than we
currently have available. Being a volunteer project, we have to live
with what we are willing to donate. We have enough bugs to fix and
half-done enhancements to finish as it is. Adding another one to the
pile is of no real help. And security is a real thing -- a
half-implemented solution is worse than no solution. Allowing a user
to *think* they are secure is patently *wrong*. We don't have security
and you know it. That is vastly superior to you thinking we have
security when we don't. 

> 
> The alternatives mentioned by the devs, such as using pgp, are not
> particularly practical or user friendly for the majority of
> non-technical lay users.

There is no convenience in security. IN general the amount of security
is inversely proportional to the amount of convenience. 

> Even suggestions to use a separate OS user
> account for each person who uses the computer does not fit in with the
> real world usage where mom, pop, the kids and and their friends all
> use the same OS account on the computer.

Um. My children do *not* have access to my sensitive data. That is
foolhardy. If people wish to use computers they need to learn how to
use them properly. If someone has data that requires some form of
security and don't bother to take even basic measures, such as
controlling read/write permissions through simple user accounts, then
how can they ever be expected to implement real security? 

> 
> All most people want is a simple privacy feature that asks for a
> password on startup to open the data file. This would not need to be a
> complex uncrackable crytpotgraphic subroutine - just something simple
> that will discourage casual nosy parkers. Most people seeing the
> gnucash icon on the desktop and clicking it out of curiosity would see
> the request for a password and not go any further.

my computer, containing private, security sensitive data (and it
does, believe me) is not available for just "casual nosy parkers" to
use. This is basic stuff. This is the same as keeping a paper ledger
and leaving it lying on the dining room table. If it is acceptable for
you to leave your ledgers and checkbook lying around, then what is
wrong with your gnucash file being unencrypted? It is the same thing.

> 
> Sure, it wouldn't discourage any 1337 hackers, but for stopping your
> spouse or a guest from casually browsing through your personal
> financial records, this would be an more than sufficient.

> For Gnucash to become a mainstream alternative to Quicken and
> Microsoft Money, this feature is vital.

as a fringe developer on this project, I don't give a rat's ass whether
gnucash becomes mainstream or not. I work on this project because I
use this software. I like to work on it, it helps my business to
improve what I can do with it. I take care of my own security because
I understand that it is my responsibility. I *know* that there is no
security in gnucash's system. I appreciate knowing that. I don't know
that about MS Money or Quicken. All I know about them is that they ask
me for a password. Does that mean that the data is actually encrypted?
shrug. 

I don't want to sound overly harsh here, so please understand that
these statements are 1) mine alone and don't necessarily represent the
opinion of "gnucash" (whatever that is) and 2) they are meant in the
spirit of congenial discussion.

A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.gnucash.org/pipermail/gnucash-user/attachments/20080302/bfe4a108/attachment.bin

More information about the gnucash-user mailing list