Can you tell me a little about the security of information in files created in LibreOffice and the possibility of setting the storage location to a USB drive or SD card.

Confident · April 13, 2020, 6:02am

I would like to know more about the security of personal information in LibreOffice documents. I liked Apache OO, but I understand that they lost their talent to you guys. So I want to know if my PPI will be safe in files that I make with LibreOffice, or should I only store those files in a separate storage device apart from my laptop such as an SD card? Can I do that, or am I forced to use that stupid “cloud”?

Also, please accept my apology to the AskLibO Administrator for my rude comments last night. I found your confirmation link emails in my junk email today. May I suggest that a reminder to look there for it be given whenever a person creates a user account?

Are files created in the LibreOffice suite encrypted – or can they be? I found a question similar to this on this site last night, but it said that the question had been closed because some guy had accepted a correct answer to it already. That left me totally in the dark still. HIS receiving an answer does ME absolutely no good, if you don’t tell me the answer you told him.

I think I’d like to use LibreOffice, but I need to know the answer to these questions before installing it.

mikekaganski · April 13, 2020, 7:38am

HIS receiving an answer does ME absolutely no good, if you don’t tell me the answer you told him

Heh. You seeing a question without an answer closed as answered does ME absolutely no good (to fix it, e.g. by adding comments/links there), if you don’t tell me the address of that question. ;-D

Confident · April 13, 2020, 8:02am

The web address is below.

Confident · April 13, 2020, 8:03am

Here is the message.
Closed for the following reason the question is answered, right answer was accepted by Alex Kemp
close date 2016-03-06 01:37:15.821802

mikekaganski · April 13, 2020, 9:34am

But that question has the accepted answer by @Jean-BaptisteFAURE, that is marked by a green checkmark, and highlighted with yellow background. What is unclear there? That answer was given to the OP, and was enough for them to be accepted.

It also has a number of other answers there. How “you don’t tell me the answer you told him” can be applicable to that???

Lupp · April 13, 2020, 12:25pm

(Spoken aside:
@AlexKemp was highly active here for a rather short time, and his main concern in that time [as I see it] was to accept answers to questions and to then close the questions he not was the OQer of. Imo, there were many doubtable cases, and in a few of them I even re-opened the thread. About 2000 of my “karma” points I got by his mentioned activities.)

In this specific case the accepted answer was from 2012-11-05, and facts may have changed since.
(Not every chamge necessarily was an improvement, probably.)

Confident · April 14, 2020, 7:09am

@mikekaganski: Yes, I see that, now. My screen shows no yellow highlighting. It may be because I’m using Windows dark theme. I don’t know. I wish we could get the old themes back.

Too, I had to hover the mouse pointer over the green checkmark before it would tell me that that was the correct answer. I saw no other indication on my screen.

I agree with Lupp that the answer given there is pretty old and, I think, may not be accurate for today (7+ yrs. later). It would be nice if there was a more recent answer. Thanks, guys.

MBB · April 14, 2020, 10:04pm

I think this question can/needs to be split into multiple sub questions, but if you get all the answers it would not be a bad idea to combine them all into one wiki page.

- Personal information Meta Data:
AFAIK, LO only uses the info stored under Tools>Settings>LO>User data, which is empty by default on windows… This may be different on Linux? Or maybe a username gets filled in from OS account info on corporate deployments?

It has a checkbox to (not) use this information.
If enabled, it is probably also used for comments and track changes functions. (empty by default)

As the files are XML-based, if there is any info you should be able to automatically strip it out by third-party parsing tools. (In case you want to do so on documents not created by you). (Unless they are encrypted? )

There is also an per document ‘apply user data’ checkbox under 'File>options>properties

NB: Actually your question made me look; it turns out LO automatically added a browser window title to it’s ‘TItle’ field metadata during a cut-past action from an email. This captured my mail address.

Under Options>Security>warnings, you can let LO give warnings for some PPI data, but I am not sure which.

Not sure how saving on an external drive would make a difference here.
Perhaps your OS adds user account-related metadata to your files for access restrictions? Saving on your local computer provides this info anyway.

- signing:
LO integrates with OpenPGP software, which you can use to sign your documents.
You can use this to prove who you are.
https://wiki.documentfoundation.org/Development/gpg4libre

- Encryption:
By default, LO supprorts password encrytion of files. (see other links for documentation.
As I understood it, if you have the OpenPGP suite installed then this can also be used for encryption, allowing for asymetric keys when sending documents?

You can easily set the saving directory, so you can probably set an encrypted drive as as default save location.

Cloud
LO does not need any cloud info to run. Auto-update checks can be disabled, and bug reports ask for permission.
It does allow you connections to some cloud services, with an option to remember passwords or not. (no idea how these are stored)
NB: Perhaps you can ask for Veracrypt containers to be added as ‘cloud’ login location?

There exists a cloud version of LO in devellopment by Collabora, and integrated in some Next-Cloud based hosting.
These can be hosted by yourself locally or online, or be done by a profider.
If you use a free/hosted provider, by some it does show your email address when publicly sharing files.

classified document handling
I have no idea what this is, but it showed up in search results so I thought I would include it:
“May be relevant? As LibreOffice deepens its government and corporate base, the open source office suite adds features like classified document handling”

Classified! LibreOffice 5.2 adds document access control | InfoWorld LibreOfficeWarnings.PNG

mikekaganski · April 15, 2020, 6:22am

NB: Actually your question made me look; it turns out LO automatically added a browser window title to it’s ‘TItle’ field metadata during a cut-past action from an email. This captured my mail address.

Oh! Have you reported that? Please do (and it would be nice to have an HTML or web page that could reproduce that; the actual content of the resulting field is irrelevant, but the fact of automatic field population is important).

MBB · April 16, 2020, 2:25am

@mike-kaganski Sorry, I can not replicate it in LO 6.4.4.2, perhaps it is already fixed? If I can replicate, I’ll file a report. But it may be a feature by design?
It must have happened pasting a table from a Yahoo webmail into CALC, perhaps by using the paste-special function, from either Chrome or Edge on Windows 10.
I do not feel comfortable sharing the document it happened to, but I’ll take another look at it when I have that machine at hand.

blashrkh · April 13, 2020, 6:26am

There are a few existing posts about this but the two posts located within this post should help.