I really have no need for encryption, and although i have some experience with Ubuntu I feel that average users would feel more comfortable with right clicking on a file or folder and having the option in the context menu to " Add Password Lock" or something similar and then proceeds to open a dialogue box or window that you type your pass into and from that point on the file is password protected until you right click on the file again and select " Remove Password Lock" and again enter the pass. Thereby unlocking it for anyone to see.

I know that you can alter the permissions of a file or folder but many " new" users dont know how , and a search of Ubuntu forums brings up mods and posters alike suggesting encryption when all the poster really wants is to keep prying eyes out.

I honestly feel that if you dont want your girlfriend , kids or friends seeing something that may be personal or possibly offensive, that encryption is over kill and messing with permisions is unelegant. I know this does not really protect anyone from a serious threat, But I feel that its merely a road block, Used primarily for people you know or people you have logged on to your session. Thereby knowing you could walk away for a minute or two and not worry about that file or folder.

Also this could be useful for file sharing on networks . So tell me what you guys think.

In short, can we provide extra security/privacy for our data despite wanting/needing to use insecure apps?

Linux permissions do a good job of automatically protecting core system files from change but data privacy/security seems to be predicated on an assumption of userspace security which is generally unrealistic. At the same time for many people losing the privacy of their data can be far worse than losing their OS install or hardware. For example in my case...

I have some applications which I love but which aren't written with security in mind. The main one I'm thinking of here is FileZilla which stores all usernames and passwords as plain text but many other apps simply assume their environment will always remain private. One of the MAIN REASONS I switched to a linux based system was to get a bit more security as since I became a web developer a few years back I have stared to accumulate LOTS of other peoples web hosting credentials. This is valuable booty to some miscreants and I guess it has been standard hacker practice to scan for unencrypted ftp/ssh credentials for time immemorial but I am troubled to hear many worms and trojans now do the same as a matter of course and I would like an extra line of defense against this.

There are lots of encryption solutions, some of which I already use such as truecrypt but these don't really hit the spot as once a volume is mounted it can be read by any user/process. This means that any intrusion into my user space (say from a browser bug) while I have a truecrypt volume mounted might trivially compromise all my most private data. I'm sure we have the technology to protect against this.

Note: Please do not reply Ubuntu is secure enough already or vote this down because 'Ubuntu does not get viruses'. *nix is only that way because developers were sensible enough to take precautions before there were widespread problems. Nothing is infallible and the one thing worse than a total lack of security is a false sense of security!

If the user performs an operation and it fails because of a lack of permissions, the error dialog should not only inform the user of this but also allow the user to Authenticate himself and retry the operation.

"Pre" authentication is already in use in ubuntu in the form of the "Unlock" button in admin dialogs.

Allowing the user to retry with more permissions will make life easier.

A scenario of how this could be used:
A user tries to delete a file(s) created by root (using nautilus), the user is then told that the operation failed on a particular file because of a lack of permissions.

The error dialog will then present the options to either "skip", "skip all", "cancel", "Authenticate" and "Authenticate All". When the authenticate options are selected, the operation could be retried with the user rights entered (can even reuse the Authenticate dialog).

"Authenticate All" option will allow the user to make use of the permissions for the rest of the files.

This will save the user time because he no longer needs to go and change the permissions manually after it failed.

Don't make the Private directory show up as an icon on my desktop (or make it an option to not display it). This just advertises the fact that I have hidden data. Also add the ability to create a private directory(ies) that are password protected instead of automatically decrypted on login. This is already possible using ecryptfs it just needs a GUI interface.