The N900 can store data securely, but it is not inherently secure against whoever physically has the phone.

However, if you store data as only readable by root, change the root password, and keep it on the internal eMMC's ext3 partition, then they couldn't get at it easily.

That said, I'd be more worried about an apparently neo-Luddite hostel.

And if you use TrueCrypt to crypt the microSD-card, then maybe your data will keep on being private.
http://talk.maemo.org/showthread.php?p=560257

There may be bugs how security locked N900 can be opened without the security key. Hopefully those bugs are fixed at once if they are found.

Then there is the known weaknes in DEB-based software packages, which currently would allow Trojans rather easily by providing DEB-file out of repositories and lure people to wget and install it with dpkg.

yeah i dont know about the law where you are, but in the uk i'm sure even the police need a court order to sell confiscated items. i cant see your college prof having that power. and i'm sure the data protection act is international so breaking into ur phone would quite likely be a sackable offence for any teacher in the IT department, but rather than gling down that route i find that wearing an angry expression and carrying a large stick is enough to keep all my possessions secure.

And how is that hostel called, Dachau? And which parent made you go there? Why are you putting up with that, even in North Korea you'd have more liberties, and you know what they say about people that would easily trade their liberties...

Not to mention that while some place might ban some equipment, they cannot confiscate it permanently, nor could they sell it on an auction, and especially they cannot fiddle with it, in almost any country in the world. Please tell us that you live in North Korea?

On to the topic, once somebody has a physical access to the device, most protections will fail, especially top level ones (e.g. locked screen and such). You can store files as root on ext3fs with 600 flag which will stop anyone from reading them without a root password, and you can encrypt files with Blowfish/AES, but those are not bullet-proof methods. The best option would be to keep really secret files on some cloud, encrypted with big keys, so if you have something special to hide (i.e. info how to escape from that concentration camp ) that's the way you should go with.

Physicall access + time alone means cracked device, always. This is the first rule of information security.

I suggest adding http://www.schneier.com/ to your RSS feeds.

I have some ideas for better security on N900 (probably they have holes in them, I'm not Bruce Schneier...) but in general encryption too will only slow the attacker down as long as the master private key is on the device (most encryption systems use session keys as well so in case a key for single file is cracked not all files are lost, there are many good reasons for this but lecture on cryptoanalysis would make this post very long).

The master key is important since if you have weak password protecting the master key then it's quickly cracked (cracking the actual encryption is infeasible as long as the implementation is sane).

And it does not neccessary mean a long time alone, I guess no-one has yet made "evil maid attack" for the N900 but flashing a custom bootloader and/or kernel will take less than a minute.

And once the low-level is compromised everything on top of it is too (great way to get those good long passwords for your encryption keys and/or read the master key directly from memory when it's used to encrypt the session key)

Linux does has some secured defalts. but like every OS it is just as secured as the user. If you use a locked code which could be easily guessed or a dictionary word not even freebsd would be able to save you. If the way you locked the device is by using the default nokia lock system which is just allows 5 characters which must all me numbers. then that is defo not hard to crack.

Dear friends... I reckon that the most important issue here is not the vulnerability or not of our beloved n900... But instead, is what actually happened... Where the HELL is someone justified to confiscate any item and then even have it auctioned...? Moreover I cannot believe that this incident took place inside a campus! Despite the fact that I am an outsider and I cannot do anything about it I am furious!!!

And afterall forbidding such devices is based on what grounds...? Maybe they should also prohibit reading books... Dear God...

jada jada jada. So how this is possible? Any bug reports about this?

I'd bet it's connected to religion in some way.