I noticed some files ~/.local/share/gvfs-metadata/ files. Those files are not text, they are some binary proprietary format. However, using a binary viewer (GHex) I could view some plain ascii strings in those files. I noticed that these strings contained sensitive information such as the locations of password key files.
In order to turn off this sensitive information collection "feature" I took the following steps:
- Installed Thunar (an alternative file system broswer)
- Disabled
/use/bin/nautilusby removing executing permission (chmod -x /use/bin/nautilus) - deleting the files ~
/.local/share/gvfs-metadata/*
After rebooting I could confirm that (at least not over the course of a single day) the sensitive information was no longer being recorded in ~/.local/share/gvfs-metadata/*.
However, an unfortunate side effect of disabling nautilus is that the desktop background picture ceases to function and the desktop background remains black. Returning the execution permissions on /usr/bin/nautilus results in a return of the desktop background (but also in a return of the unwanted accumulation of sensitive information).
My question is:
- Why does the background function depend upon nautilus (considering that file-browsing and desktop background are not naturally related)?
not to mention
- How can I make background work again without enabling nautilus?
edit: I had previously noticed a similar security problem with the data files accumulated under the ~/.local/share/zeitgeist folder. I also found that using the clear zeitgeist history function didn't actually remove the sensitive information from the data files under the ~/.local/share/zeitgeist folder. I addressed that problem by removing the execute permissions from the zeitgeist service binaries "zeitgeist-*". Perhaps this is related to the problem, e.g., maybe the sensitive information is written to ~/.local/share/gvfs-metadata/... because it could not be written to ~/.local/share/zeitgeist/... ?
