I just think: Friends wouldn't let friends use this feature.
Zeroing on resume is some comfort, probably reducing the persistence of this on disk.
But whilst appearing to be a convenience, at least temporarily it must write a snapshot of the user's activities since the last cold boot onto non-volatile storage. (Mostly recent, and falling off logarithmically by age). That data might stay there for months until the device is stolen, sent away for repair, sold or disposed of. It might include documents and media, session cookies, password keyrings, random excerpts of keyboard input or copies things from removable media, and probably lots of email and Internet history, even if that was transferred encrypted. And still recoverable if since deleted on-disk with a 'secure erase', or encryption products used for swap, individual files, containers or the whole disk.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Threat to dm-crypt
Date: 2013-07-03 08:07 pm (UTC)Zeroing on resume is some comfort, probably reducing the persistence of this on disk.
But whilst appearing to be a convenience, at least temporarily it must write a snapshot of the user's activities since the last cold boot onto non-volatile storage. (Mostly recent, and falling off logarithmically by age). That data might stay there for months until the device is stolen, sent away for repair, sold or disposed of. It might include documents and media, session cookies, password keyrings, random excerpts of keyboard input or copies things from removable media, and probably lots of email and Internet history, even if that was transferred encrypted. And still recoverable if since deleted on-disk with a 'secure erase', or encryption products used for swap, individual files, containers or the whole disk.