Online threats and security

From OLPC
Revision as of 10:34, 2 April 2008 by 68.244.37.37 (talk) (Online predators and criminals)
Jump to: navigation, search

OLPC is aware of online threats for its child owners, and takes these matters seriously. There is no one magic solution to all these problems, and no system can ever be perfectly protected, so continued work will always be necessary. However, certain decisions at the root of the OLPC design make these dangers less than they would be with other computers. An XO laptop is naturally far safer for a child's use than a standard Windows machine with antivirus installed.

The threats can be divided into 3 basic categories: malicious programs or "malware" (viruses, trojans, worms, spyware, spambots, etc.); online child predators or other individual criminals; and online vices such as violent pornography. Still, it is important to remember that in the real world both threats and defenses, though they concentrate in one or the other of these areas, tend to overlap somewhat into the other two. This is good news, as it means that combining effective defenses has a multiplicative effect.

Malware protection, aka "Antivirus"

OLPC is based on a revolutionary security paradigm called Bitfrost. Unlike traditional antivirus, which scans the computer for an ever-growing list of known threats, Bitfrost relies on preventing any program at all from doing the harmful things a virus would do. Programs cannot access private data: the only files that they can "see" at all are their internal configuration files and files that the user has explicitly opened. (To accomplish this, the "open file" dialog, which can see all the users files, is managed by the OS, not by the application). Programs cannot start themselves without the user specifically deciding when that should happen. Programs can copy themselves, but they cannot give the breath of life to that copy, so it becomes merely a file on the disk. Programs which use the camera or microphone are prohibited from using the internet or mesh, unless specifically enabled to by the user. The result is that a "virus", even if one existed, could find very little damage to do.

As an additional privacy guard, a light turns on whenever the microphone or camera are enabled. This is governed by hardware, and cannot be disabled by any program, even the OS.

All of these revolutionary security measures are in addition to the proven security record of the underlying Linux OS, a record considerably better than that of any version of Windows and comparable to that of MacOS. The result is a platform which, even in the hands of a child, is probably more secure than anything other general-purpose computer not administered by a security expert.

Online predators and criminals

Although there is no doubt that this issue is often overblown in the media, it is something that OLPC takes seriously. There is no official OLPC position on this issue, but certain principles apply:

- The best protections will always be education and a trusting relationship with reliable adults.

- There are often tradeoffs between protection and freedom, and if the laptop is to be useful, freedom must have a higher overall priority, though there may be appropriate exceptions.

- A predator who is physically nearby, in the mesh, will be visible to all users, and there are various possibilities for detecting the activities of such a person. Anyone who continued such activity would probably be risking physical capture, which would have dangerous consequences for them anywhere in the world.

- As mentioned above, the strong malware security of the OLPC does grant some protection against these threats too.

- OLPC is interested in solutions to these problems. If you have any ideas, share them with us, or, better yet, help us to implement them!

-"You can invite anyone to come over after school," "Will you call his, Mom?" Two Laptops Per Child? Parent hears tone, and can can check MESH on Parental computer, anytime anyone socializes with child? Therefore (so), OLPC *renames* itself, TLPC. Parents world wide rejoice? Seek to color coordinate their laptops with their child's? At risk students' parents REQUIRED to be listening in and checking boxes every hour?

?>*:\ ...//2008:04:02:10:14: Perhaps software and hardware considerations for the Parental Computer would facilitate parent to parent, and parent to teacher communionication as well as Child to Parent and Parent to Child? DOES the reach of the MESH cover sufficient area to include [...] the parent(s)? Should parents be required by law to come IN [crk] to school and monitor the MESH one day each per parent per number of students cycle?

"This is your first grade cell phone, only your teacher and parents and the President of Urguway can call you on it, but you will be able to use it some of your class and homework assignments," Costs of cell phones are down around $10/each. Could they interface with the MeSH and provide integrated voice interactive supplement [whump]?

Could Parental CELL phones that can call the OLPC laptop and would give socializing tones and enough MESH map on a cellphone screen to be One Laptop Per Child and Two Cell Phones Per Family solution? How safe would the parents be from third party intrusion as to their cell phone use via the MESH? What parental protections from porn and hate would be needed and doable? 10:23

Online vices (Pornography, hate sites)

The first large-scale in-country deployment of XO's is using Dansguardian to filter the web at the server. This is content-based, not blacklist-based, so it is a more secure solution than many filters. (see Ivan krstic's blog for more details). However, it can not be ironclad, as some children will be able to access the internet by attaching directly to a nearby private wireless router instead of the government-provided servers. It is also not available to purchasers of G1G1 machines in the first world.

Also, in general, most of the same principles apply as with online predators, above.

Related Pages

See Safe XO use and What links here.