The ~/Private method of storing encrypted data is a bit darkened. If you don't know that Ubuntu has got this feature and that you have to install it, you don't realize that can do that.

My proposition: Allow encryption of any folder in ~/ clicking with left button in Nautilus. If user doesn't have the packages, he would be asked for his/her permission to install them.

Currently the Ubuntu Desktop installer does not allow the user to set up whole disk encryption (with lvm/luks). However, this is easily done though the "Guided - use entire disk and set up encrypted LVM" option in the alternate installer. This should also be possible via the desktop installer.

In short, can we provide extra security/privacy for our data despite wanting/needing to use insecure apps?

Linux permissions do a good job of automatically protecting core system files from change but data privacy/security seems to be predicated on an assumption of userspace security which is generally unrealistic. At the same time for many people losing the privacy of their data can be far worse than losing their OS install or hardware. For example in my case...

I have some applications which I love but which aren't written with security in mind. The main one I'm thinking of here is FileZilla which stores all usernames and passwords as plain text but many other apps simply assume their environment will always remain private. One of the MAIN REASONS I switched to a linux based system was to get a bit more security as since I became a web developer a few years back I have stared to accumulate LOTS of other peoples web hosting credentials. This is valuable booty to some miscreants and I guess it has been standard hacker practice to scan for unencrypted ftp/ssh credentials for time immemorial but I am troubled to hear many worms and trojans now do the same as a matter of course and I would like an extra line of defense against this.

There are lots of encryption solutions, some of which I already use such as truecrypt but these don't really hit the spot as once a volume is mounted it can be read by any user/process. This means that any intrusion into my user space (say from a browser bug) while I have a truecrypt volume mounted might trivially compromise all my most private data. I'm sure we have the technology to protect against this.

Note: Please do not reply Ubuntu is secure enough already or vote this down because 'Ubuntu does not get viruses'. *nix is only that way because developers were sensible enough to take precautions before there were widespread problems. Nothing is infallible and the one thing worse than a total lack of security is a false sense of security!

It seems that email is a very very unsafe mode of communication. Although I don't have any world domination plans as yet, I would like to keep my things private from intruding governments as well as companies.

I've been looking a bit around and it seems that there is a lot possible, but that it's just very fragmented; GPG and FireGPG together with some extra functionalities would help us get started.

What if you created one package out of Seahorse/GPA/KGPG and FireGPG which after installation had the following functionalities for for example gmail (more email programs should follow);
- The first time you start it up, a key-pair is being made for your email address. The public key is automatically uploaded to the PGP Global Directory which then verifies the email adres with a verification email.
- When you send an email it automatically looks in the Global Directory whether the person you send the email has a public key and if it finds one, it automatically encrypts and sends the message. Also it automatically signs the email using your private key.
- When you receive an encrypted message, it automatically unencrypts it and checks the signatures using the Global Directory.

Using a system like this would get many people to use it since it is not so complicated anymore and just one package. The more people post public keys, the more it gets accepted by other email programs while it doesn't interrupt the current flow of emails since you can still send normal emails as well.

If you think intruding governments are taking a bit too much away from our privacy these days, please vote UP!

Links:
http://www.getfiregpg.org/
http://www.gnome.org/projects/seahorse/
http://www.gnupg.org/gpa.html

[....]

I've looked and looked but I can't seem to find any current and simple GUI that is for LUKS/dm-crypt type encryption on Linux. I know about Truecrypt but was looking for something that uses the encryption provided natively by Linux. I feel more comfortable using encryption that comes with Linux and find that I sometimes have compatibility issues getting Truecrypt running. What I was looking for is something using GTK for example and provides a similar interface to Truecrypt. It would provide a wizard to create a file that would be used to provide OTFE (on the fly encryption) and would mount/unmount the file and create a virtual drive to /media/gtkcrypt for example. Something that would allow me to create files that I could use as virtual encrypted drives. Then I could easily move the files around and back them up etc. It would also be handy if it had the ability to mount LUKS/dm-crypt partitions and convert exiting partitions to using dm-crypt if able. I'm not a programmer myself but from what I've read it seems like all the underlying software is there is just needs someone to write a simple GUI on top of it all. Any ideas? Thanks.

Encrypting directories using ecryptfs is not intuitive or easy to maintain when reinstalling Ubuntu, using sim links to external drives, etc. Also, if a user is logged in, the mounted ecryptfs folder becomes unencrypted and viewable to other users.

The default encryption scheme in Ubuntu requires that I make a key and store it on a keyring to use... this is all well and good. However, there are times when a user will want to encrypt a file without the key being stored anywhere but his head. With the current system you need to have the decryption key saved, and even if you delete it afterwards, it's still theoretically recoverable.

From the project page:

"Obfuscated TCP is a transport layer protocol that adds opportunistic encryption. It's designed to hamper and detect large-scale wiretapping and corruption of TCP traffic on the Internet. "

It's not as good as TLS/SSL but it one step better than nothing.

This is getting more important for every day with governments starting to wiretapping the people. let us at least make them work for it ...

http://code.google.com/p/obstcp/

now is possible to use a password for encrypt a LVM ( thanks to LUKS i think )

why don' t give the possibility to use a file saved on a floppy or on external pendrive ?

...LUKS have this possibility...!

like a key for switch on the computer, a true key!

If anyone leaves their ubuntu logged in unattended it's as easy as navigating through the menus to "passwords and encryption keys" and ticking the "show password" to reveal and steal anyone's passwords.