On Saturday, 2012-01-14, Dan Armbrust wrote: > On Fri, Jan 13, 2012 at 11:06 AM, Kevin Krammer <kevin.krammer@xxxxxx> wrote: > > When introducing a new party to a converstation, in this case the KDE > > user mailinglist, it is usually very helpful to provide context to said > > new party. > > > > When the discussion has happened on one mailinglist so far, a good way to > > do that is to provide a link to the discussion start in the original > > mailinglist's archive. > > Apologies, I thought I included the kde list in the initial posts, > which had the summary info. It must not have gone through. Ah, I see. Thanks for the links. > In short,if you: > > Download a PDF. Fill in personal information. Print it. Close it. > Never once even hitting save... > > Okular dumps every bit of data that you typed into a clear text file > in a hidden directory. At a minimum, its really bad behavior. At > worst, on say, a library terminal, it is opening up every unsuspecting > user to having their information stolen. Hmm. Most software with autocompletion support does that. E.g. browsers, email programs. So my guess is that the completion data is not stored in kwallet, like e.g. for Konqueror? > There is no warning, notice, or any such clue within ocular that it is > doing this. > > Its a pretty basic user-interface paradigm that you shouldn't store > data like that without the users permission. Well, I've to admit I've never seen any program doing that. When I fill in forms in e.g. Firefox or Konqueror, it doesn't say anything along those lines either, but when I am filling in the same form later again, it somehow can propose reasonable values for certain fields. So my guess is it also stores my previous input somewhere. Hopefullly locally like Okular and not uploading to the server! > Especially in an application that handles PDF files, which are used > for private and personal stuff all the time. See above. At least most of my online bookings contain personal data. How do you handle those cases? Anyway, I agree that the completion data should probably be saved in an encrypted file, e.g. KWallet, instead of plain text to mitigate the exposing data in case the security of the user's local storage is compromised. However I don't see any facts supporting the claim of "virus like behavior". IMHO that sounds a bit like trying to trigger an emotional rather than an rational response in readers of that posting, which ultimately tends to hurt the cause more than it helps. E.g. other supportes of the cause might find out they have been tricked and withdraw their support inspite of still being concerned about core issues. I would recommend lobbying for secure storage of form completion data like other form completing programs do. Cheers, Kevin -- Kevin Krammer, KDE developer, xdg-utils developer KDE user support, developer mentoring
Attachment:
signature.asc
Description: This is a digitally signed message part.
___________________________________________________ This message is from the kde mailing list. Account management: https://mail.kde.org/mailman/listinfo/kde. Archives: http://lists.kde.org/. More info: http://www.kde.org/faq.html.
