Integrate a mat2 plugin into Files to protect users from accidental metadata leakage? #1030
Comments
4jNsY6fCVqZv
changed the title
4jNsY6fCVqZv
changed the title
|
I am not familiar with this package but it looks like it could also be used via the existing contractor plugin if a suitable contractor file were supplied. However, this package does not appear in the elementary (or ubuntu) repository afaict which is a problem. |
|
Information on how to install it and an example of a suitable contractor file could be added to the Files wiki as a first step. |
|
It's already part of Disco. |
|
Can you guide me on my way to a mat2 plugin for Files? I really want to get involved in contributing code and not just raise issues ;-) |
|
mat2's author here, which is currently packaged in Debian. |
|
@jvoisin @4jNsY6fCVqZv If you envisage elementary shipping mat2 by default either as a dependency of Files (with a new core plugin) or as a contractor (using the existing contractor plugin) then you need to open a discussion with the elementary project leader (Daniel Foré) first. You could also develop a third-party package to be added to the elementary AppCenter (as either a free or paid-for app). See https://developer.elementary.io/ for more information. This could supply either an add-on plugin or a contractor file together with the mat2 application itself. You should probably put together a specification for the UX before deciding on the technical details. If you can open a Files project you could do it there. Elementary is currently based on Bionic LTS |
|
@jeremypw @jvoisin When mat2 becomes an integral part of the elementary OS security concept, I would say: Outstanding! What are the differences between the possible implementation paths in terms of difficulty or amount of work? How can we open a discussion with Daniel Foré on this question? The idea for the graphical user interface can be based on the mat2 Nautilus plugin, right? Otherwise it can be based on the other existing plugins for Files? |
|
@4jNsY6fCVqZv I am not currently familiar with the existing mat2 plugin but any new plugin would have to use the existing Files plugin architecture and comply with the HIG https://elementary.io/docs/human-interface-guidelines#human-interface-guidelines. Using a contractor file is by far the simplest solution but this just adds a context menu item which launches the mat2 app with the selected file(s) as commandline parameters. If a more complex UX is required then a custom plugin would have to be supplied and installed in the Files plugin directory. There is only one optional plugin at the moment - for dropbox - and this has not been worked on for some time so the code is old (still in C) and so not an ideal example (see https://github.com/elementary/files/tree/dropbox-plugin). A new plugin would need to be written in Vala and built with meson. It should be based on the abstract plugin class (https://github.com/elementary/files/blob/master/libcore/Plugin.vala). I'll bring this to Dan's attention. |
|
Looking at the mat2 homepage, it looks like a simple contractor file (just a few lines) would be enough to perform a default metadata removal from the selected file(s). It would not allow the user to e.g. select complete or partial removal however. What functionality does the Nautilus plugin provide? |
|
This seems pretty niche to me and the potential for users to accidentally lose data without understanding what they're doing seems high. My inclination is that editing metadata falls outside the scope of Files and should be left more to specific library implementations like Photos, Music, etc. We have to be careful to tightly scope Files so that it doesn't become a junk drawer of every feature of every app. My guess would be that if upstream is okay with it, shipping a contractor file there would be the simplest way to add a blanket metadata stripping feature to all of our apps (including Files) in way that makes sure users know what's happening (because they installed it intentionally). |
|
Hi Daniel, thank you for your supportive thoughts! To the topic of not cluttering Files: I'm all with you on this one. I also like the idea via Contractor and the accessibility of the tool for all of elementary's apps!
How exactly are you technically imagining this? Do you think it makes sense to integrate such a function into the Switchboard Security & Privacy Plug? If users create new files in photos, music, files, etc., they might want metadata to be deleted directly by default. Similarly, if you don't want a history to be saved or no location to be made public or an automatic housekeeping takes place after x days. Of course, users must also be able to learn how to deal with this. Maybe the new Onboarding app would be a good help for such a project? You write " the potential for users to accidentally lose data without understanding what they're doing seems high." Still, with the new installer you're going a way that wants to make full disk encryption the standard, aren't you? I think this will be the first time for many users to set it up manually. I don't know how big the risk is that non-technical people there will lose access to their data. Today this is such an important feature for a safe handling of computers, isn't it? For important features, isn't the question of how to explain it to your users and introduce the feature simply the answer? That is perhaps a different perspective (->"installed it intentionally"), because it also makes users sensitive and empowered, who would otherwise never have asked, because they never thought about the problem of metadata. What next steps do you suggest? |
|
As I understand it, mat2 creates a new file stripped of metadata and retains the original file - is that right? If so, accidental loss of data is not such a problem. Still, the contractor is the quickest and simplest way to make this available now. |
|
I would say the next step is for a package be put in the AppCenter that supplies mat2 and the necessary contractor file. Otherwise it means waiting for a release of elementary that is based on Disco and even then that package would have to detect elementary and install a contractor file. |
|
More info on writing contractor files can be found here: https://github.com/elementary/contractor in the README |
|
Yup, the original file is kept, precisely because mistakes can (and will) happen. |
|
@jeremypw Thank you for your productive suggestion! How can a package that supports mat2 be added to the current AppCenter? Or do you think it makes more sense to wait for elementary OS to work with Disco or later versions? |
|
@4jNsY6fCVqZv Getting an app into AppCenter is fairly straightforward (I have added an app I created). The instructions are available online here |
|
https://github.com/elementary/houston/wiki/Before-You-Publish#technical-requirements -> As I understood, mat2 is not a front-end app, but rather a library. Does a submission make sense anyway? You're probably right. Waiting for the next LTS will take a long time. |
|
There are already libraries showing up in AppCenter (e.g. libnxt) so I don't see why not. |
|
mat2 is a library, but a command line interface is provided, as well as a File (nautilus) extension. I don't plan on writing a contractor any time soon, or maybe even at all, since I don't use elementary, but I'll be more than happy to help anyone who wants to do it. |
|
@jvoisin Writing a contractor file is very simple - its just a few lines - I can help with that if required. It will need to be shipped with a mat2 package for elementaryos though. Whether that is done through AppCenter or otherwise is up to you. |
|
I suppose, it if came to it, I, or someone else, could fork mat2 and do the whole thing. |
|
Something like this ? |
|
Yes, that's a mininal contractor entry.
There are some more complete examples here:
https://github.com/elementary/contractor including ones with and icon
key/value
…On Wed, 28 Aug 2019 at 16:39, jvoisin ***@***.***> wrote:
Something like this <https://0xacab.org/jvoisin/mat2/merge_requests/58> ?
How do I add an icon?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1030?email_source=notifications&email_token=ACQG3NDDFZMNH7XDBDCPWHLQG2L25A5CNFSM4IMOZYF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5LRTKI#issuecomment-525801897>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACQG3NAMHVMES7AT76YECFLQG2L25ANCNFSM4IMOZYFQ>
.
|
|
Do you need anything else form my side? |
|
@jvoisin Are you interested in creating and submitting a suitable package for the elementary AppCenter? If not, it may be that a 3rd party may be willing to fork mat2 and do so. |
|
Since I'm not using elementary at all, I'm not sure that I'll be the best person to maintain a package there… |
|
You would need a partition or VM running elementary to check the package installs and Files picks up and runs the contractor file OK. You wouldn't need to use elementary to build the package, Elementary is based on Debian/Ubuntu so knowledge of any such distro would suffice. |
|
How much work is involved after release depends on how often new releases are required. |
@jvoisin Have you figured out how to add an icon yet? |
|
Here is the contractor: [Contractor Entry]
Name=mat2
MimeType=application/epub+zip,application/pdf,application/vnd.oasis.opendocument.chart,application/vnd.oasis.opendocument.formula,application/vnd.oasis.opendocument.graphics,application/vnd.oasis.opendocument.image,application/vnd.oasis.opendocument.presentation,application/vnd.oasis.opendocument.spreadsheet,application/vnd.oasis.opendocument.text,application/vnd.openxmlformats-officedocument.presentationml.presentation,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,application/vnd.openxmlformats-officedocument.wordprocessingml.document,application/x-bittorrent,application/x-dtbncx+xml,application/x-tar,application/xhtml+xml,application/zip,audio/flac,audio/mpeg,audio/ogg,image/gif,image/jpeg,image/png,image/svg+xml,image/tiff,image/x-ms-bmp,text/css,text/html,text/plain,video/mp4,video/x-ms-wmv,video/x-msvideo
Description=Remove metadata from files
Exec=mat2 %f
Icon=mat2.pngBut, again, I'll be happy to help anyone who wants to put this into elementary, but won't do it myself, because since I'm not using elementary, I don't want to maintain a package in it. |
|
Aren't the packages for Debian/Ubuntu the same as a package for elementary OS? Because then there is no additional effort, is there? |
|
@4jNsY6fCVqZv While many Debian/Ubuntu packages will install and run OK on elementary, if you want to integrate with the elementary desktop (pantheon), window manager (gala) or one of the elementary apps (e.g. Files) then a modified package would be required. In this case the package would just have to include the contractor file and install it in the right place, so the modifications are fairly small. It would be possible to have a hybrid package that detects which OS it is being installed on and act accordingly but either way a certain amount of extra maintenance work is required. |
|
@jvoisin Elementary Juno is based on Ubuntu 18.04 so the repository contains |
|
It seems that mat2 is packaged in Ubuntu (it should be, since it's packaged in debian ) |
|
@jvoisin Which version of Ubuntu? |
|
Everything is in the first link, versions of Ubuntu, versions of mat2, dates of the updates, … |
I think your idea is very good! @jeremypw and I are however a little irritated because we can't find mat2 in the package sources. Do you have an idea how we can realize your idea together? |
|
I am working on a simple contractor for removing metadata here: https://github.com/jeremypw/mat-wrapper. This is a wrapper for the |
MAT in version 1, for example, is a fixed component of Tails.
https://tails.boum.org/blueprint/doc/mat/
The development of mat2 takes place here
https://0xacab.org/jvoisin/mat2
Since I see the motivation of elementary OS to protect its users in the best possible way, I want to put this integration up for discussion.
And if there is already a Nautilus extension, doesn't it also make sense to integrate mat2 into Files in the sense of a secure handling of data as well?
The text was updated successfully, but these errors were encountered: