Five years ago
(I’m completely shocked how the time flies),
we were working on Plasma Active,
and one of the ideas was to allow the user
to create private activities
in which all the data would be encrypted.
while the idea itself was solid,
there were big problems with its realization.
There was no way to force applications
to separate the configuration and other data
based on whether the user is in the encrypted activity or not.
Especially since the same application can run
in multiple activities.
For those reasons,
the idea was abandoned.
I didn’t like the fact that I spent
a lot of time on it just for it
to be thrown away,
so encryption always stayed in my mind.
Enter Plasma Vaults
If the idea to have activities encrypted
can not work because of the things
not controllable by us,
then we need to do something more obvious and transparent,
so that the user can know exactly
which data is secure, and which not.
Instead of having something as abstract as an activity encrypted,
Plasma Vaults will allow you to create
Sometimes we want to keep specific documents private.
Sometimes we are actually forced to do so
(I’ve seen enough work contracts that force you to keep
the job-related data as secure as you know how to).
And sometimes we have to share our
computer with others
while keeping our data completely private.
Plasma Vaults allow you to easily create and manage
EncFS encrypted directories
(other encryption systems might be supported in the future).
The vault creation dialogue will need more work.
While most of the text in it is important,
we’ll need to think of something
to make it less daunting to look at.
One of the things that did not survive
from the original concept
is that the encrypted drive is
tightly bound to an activity.
that does not mean there can not be
a connection between them.
The vaults are usually related
to the projects that we work on,
and one of the main use-cases of activities
is the project handling.
So, for each vault,
you can choose which activities it should be
It will not be automatically unlocked when you enter said activities,
but it will be automatically closed when you exit them.
This might be a bit annoying
if you often switch between activities,
but I’d always put security above convenience.
the UI is not as polished as it should be.
Some of the problems are in the Plasma Vault code itself,
but some are in the KF5 widgets.
This is not the only way to keep your data private.
most Linux installers allow you to create
an encrypted home partition,
or to encrypt the whole system including the swap.
But these cover a different use-case.
They cover the case when
your device gets lost while turned off.
They do not cover the possibility
that someone might access your system while it is running.
Plasma Vaults fill this void by making the
attack surface smaller –
instead of having all data unlocked at once,
you can do it piece by piece –
it is more granular.
This does not mean that using only Plasma Vaults will
make your data more secure
than encrypting the whole system,
it just covers a different set of possible attacks.
It is probably worth it to combine both
if you are doing really secret work.