[cap-talk] Music organizer example
James A. Donald
jamesd at echeque.com
Tue Jul 24 21:44:13 EDT 2007
>> Sound output, if the organizer is giving the player
>> the file to play then the organizer has a pretty much
>> direct path to the output device.
> The organizer may not have any write access to the
> music files themselves,
To rat out the user, only read access needed. To leak
information, only a backchannel to a program that
downloads music.
Player needs access to organizer, so that organized
information can be used to select music to be played.
Downloader needs access to player, so that music can be
played during download or immediately following
download. Downloader needs access to internet.
If access channels, organizer, player, and downloader
crafted by adversary, information about the user's music
library can be uploaded to adversary. Such information
has commercial value for interested parties - it can be
sold by people who want to know what music is popular,
and also sold to those who wish to sue file sharers.
Profit from such private user information is likely to
be substantial.
More information about the cap-talk
mailing list