Comments

why tails? April 17, 2014 1:51 PM

OpenBSD would have been a better choice, IMHO. Nothing stops you from installing it on a USB drive, setting up Tor and anything you think will be useful to achieve anonymity.

QnJ1Y2U April 17, 2014 2:12 PM

@why tails
What’s the degree of difficulty behind setting up OpenBSD in stateless mode? It looks like Tails works that way by default, not by configuration – an important factor for many (including the journalists quoted in the article).

maxCohen April 17, 2014 2:17 PM

One problem though: the safest use for Tails is via live CD. With USB sticks servers could still write mawlare, etc. to the stick. #paranoid

Andre Carmel April 17, 2014 2:24 PM

One problem though: the safest use for Tails is via live CD. With USB sticks servers could still write mawlare, etc. to the stick. #paranoid

You could circumvent this by recording a check-sum of the image or of the entire drive.

Nick P April 17, 2014 2:27 PM

Re openbsd based tails

There already was an OpenBSD anonymous distro. Link here. It never took off probably in part because it ran on OpenBSD. Another project, Gentoo-based Incognito, did get some serious use and the successor project (TAILS) simply built on what works.

I’m keeping TAILS in my toolbox both as a good tool and as a cheat sheet for building same thing on groundup secure platform without Linux.

David Sloane April 17, 2014 2:33 PM

One problem though: the safest use for Tails is via live CD. With USB sticks servers could still write mawlare, etc. to the stick. #paranoid

Plenty of USB sticks have read/read-write hardware switches.

Dave April 17, 2014 2:51 PM

OpenBSD is actually easy to set up in a stateless mode. Run it from a locked SD card and save nothing to it.

maxCohen April 17, 2014 3:04 PM

You could circumvent this by recording a check-sum of the image or of the entire drive.

Would this still work if there is no hard drive though?

maxCohen April 17, 2014 3:38 PM

You could circumvent this by recording a check-sum of the image or of the entire drive.

Also, would that be possible through the TOR network?

sparkygsx April 17, 2014 3:48 PM

@David Sloane, Dave: I’m not quite sure, but I recall those “hardware switches” don’t actually prevent writes in some (most?) cases, but only signal the users desire to prevent writing, and can only be enforced in software, instead of electrically disconnecting the “write strobe” from the memory chip.

Also I haven’t seen a write-protect switch on USB memory sticks in ages, the last one I had with a switch was probably 256MB…

What I don’t really understand is how such a system can be useful without any writable storage; I’d think encrypted files, keyfiles, etc. would be needed to be able to do any real work.

@Bruce: do you use additional USB memory sticks with encrypted file systems to store the files you’re working with? If so, I’d think an adversary could still infect a file with something that could exploit a file parser, or drop non-persistent malware to exfiltrate encryption keys or weaken the encryption by ruining the entropy pool or something, assuming the machine isn’t air-gapped.

Harodotus April 17, 2014 4:17 PM

@David & @sparkygsx,

A moments search turned up Kanguru-ss3 memstick. which appears to have a hardware based protection again writing.

I have to imagine that something that useful had to still exist.

DB April 17, 2014 5:36 PM

regarding write protect switches on SD cards and USB sticks:

If you search the internet a bit, you’ll find that the SD card ones, while quite common, are software switches. They do NOT prevent a “bad actor” from writing at all. But most of the USB ones are hardware switches, that cannot be overridden without physical access. However USB ones are quite rare nowadays, the market has gone toward cheapest possible, and that extra 2 cents for a switch just cuts into the profit too much with no perceived benefit to the average consumer. Only security conscious people care and have a very small niche market. You really do need to investigate a bit first though, don’t just blindly trust a switch.

Benni April 17, 2014 8:36 PM

@Yas Pub:

Either snowden is stupid, or im sorry for russia having a system where they can make snowden appear in pr stunts.

the russians have sorm: http://en.wikipedia.org/wiki/SORM

Perhaps the capabilities of this system are similar to what the european union now plans under the name “vorratsdatenspeicherung”.

So, the russians certainly do some form of bulk surveillance. Nevertheless, that they do this can be somehow justified, as they are under a much more intense terrorism threat than the us, with bombings from idiots coming rrom chechnya happening almost every week.

Renej April 17, 2014 11:11 PM

IMO The first order of business before connecting to a network with Tails is to remove the package ‘Whisperback’ and the directory and contents of:

/etc/whisperback

Next L00k At:

/usr/local/sbin/autotest_remote_shell.py
/usr/local/sbin/do_not_ever_run_me

A shill may be quick to defend Tails, it seems wherever you talk about Tails and mention anything important, it is contradicted within one working day if not hours. IMO There’s a reason why their public mailing list is not archived for public access. IMO Essentially only posts favorable to Tails could be relayed to other public list subscribers as they have ultimate control.

This file is interesting t00:

/usr/local/sbin/tails-debugging-info

And This 0ne:

/etc/sudoers.d/zzz_tails-debugging-info

And there are others… Laughable so many report back files about your entire system for a distro rolled for sensitive uses and as of version 0.23, the logging in /var/log/tor/log is very, very loud IMO. Previously on one of their mailing lists they had been discussing the possibility of installing the popularity contest package, (http://popcon.debian.org/) LOL!

OpenBSD? Yes, but how many people have the patience and knowledge to maintain it?

The current or beta TBB on a minimal Linux LiveCD without any hard drive plugged in is another choice, if you tighten up iptables and customize it before burning the LiveCD by removing as many packages as you can, including non essential codecs, fonts, languages, etc. and tweaking TorBrowser to disable javascript and a few other options beforehand.

IMO Tails is too bloated and all multimedia, cups, avahi, and many other questionable packages should be optional to install, not installed by default.

Before you decide what to use, please consider:

Tom April 17, 2014 11:15 PM

I was wondering why downloads have shot through the roof. I’ve seen 2TB of traffic in the past couple of days. Normally I see 3TB for a whole month – and I’m one of 25 mirrors.

Winter April 18, 2014 3:49 AM

@Renej
“IMO Tails is too bloated and all multimedia, cups, avahi, and many other questionable packages should be optional to install, not installed by default.”

That depends on the target audience. If you want to reach journalists and activists, you might want to offer them the tools they need to do their work. Security researchers and spies will run their own distro’s anyway.

why tails? April 18, 2014 4:01 AM

Plenty of USB sticks have read/read-write hardware switches.

@David Sloane: sadly it is no longer true. This useful feature was lost years ago and, honestly, I cannot understand why.

OpenBSD is actually easy to set up in a stateless mode. Run it from a locked SD card and save nothing to it.

@David: SD card locks are not a “hardware” feature; I can easily write on a locked SD card on my ThinkPad X40 running OpenBSD-current. It seems each SD card reader has a choice to honor, or not, the physical switch on the cards. Lockable USB sticks were a better alternative, but last one I got is an old 256MB one.

why tails? April 18, 2014 4:20 AM

@DB

I have just read your description of the hardware versus software switches in USB sticks and SD cards. My last post was written before reading your message. I agree, this one is the point.

However any serious USB sticks manufacturer should have no problems selling a hardware switch as a valuable feature these days. Just think on the Windows malware-ready world. A hardware switch is the best way to share files through USB sticks without the risk of getting malware.

why tails? April 18, 2014 4:33 AM

What I do not like at all is that projects like Tails get public attention from comments like the ones broadcasted by journalists in the last days, while other ones, like the OpenBSD project, whose members work really hard to truly improve security remain on the shadows. It is unfair.

Czerno April 18, 2014 6:13 AM

Re : Read-only switch on hardware devices (USB sticks for instance).

Such switch in most (all?) cases will NOT physically impede the write logic and mechanism, instead it only controls a bit which a compliant driver is supposed to obey.

A rogue driver on the other hand could and would write to the device even if the “please do not write to me!” bit was set !

Providing a switch that would physicall prevent the write logic from functionning would be more expensive and sadly as far as I am aware no manufacturer will care – at least in products destined for the mass market.

Hulio April 18, 2014 7:36 AM

Not sure why there is so much discussion about the ability to block modifications to your USB image from people within the information security community. This problem has already been solved by the digital forensics community. Hardware based USB write blockers (with and without a toggle write block on/off switch) are available. Forensic pro’s use high end $300 write blockers, but I found an instructables article that claims to build one for $20, reviewing the build I think the claim is totally valid and the lack of a toggle switch was just lack of imagination on part of the author.

So I would say this solves that problem for a security savvy user, and journalists smart enough to consult a decent security professional before entrusting they’re lives/careers to a public project that claims it will keep them safe.

But is malware persistence really an issue? If you had massive surveillance capability, can this OS be fingerprinted at a network level? Can a man in the middle attack then be used to target the static/likely outdated software? Goal: place a temporary malware instance in RAM designed to reveal the location/current activity of given user. I understand that this solution doesn’t sound very scale-able but if the global Tails user base is small enough; Does it need to be?

Benni April 18, 2014 7:53 AM

Now snowden says why he questioned Putin

http://www.theguardian.com/commentisfree/2014/apr/18/vladimir-putin-s
urveillance-us-leaders-snowden

I asked Russia’s president, Vladimir Putin, a question that cannot
credibly be answered in the negative by any leader who runs a modern,
intrusive surveillance program: “Does [your country] intercept,
analyse or store millions of individuals’ communications?”

I went on to challenge whether, even if such a mass surveillance
program were effective and technically legal, it could ever be
morally justified.

In his response, Putin denied the first part of the question and
dodged on the latter. There are serious inconsistencies in his denial
– and we’ll get to them soon….

He just wanted some answer on Putin by which Putin later could be measured.

Apparently, Snowden works harldy to get extracted to germany.

Because of this what will apparently be coming, he should make it in some time to the german embassy, which can then coordinate an exfill with the BND’s own airoplane:

http://de.wikipedia.org/wiki/Bundesnachrichtendienst#Sonstiges
whose traveling plans can be seen here:

http://de.wikipedia.org/wiki/Bundesnachrichtendienst#Sonstiges

Fourth Party Collection is the nsa calling it when its collecting data that came from surveillance of secret services that the nsa has not partnered with. Russia is a top priority on the national sigint priority list. And since there are plenty of real terrorists there, the nsa probably can not withstand to break into the russian surveillance system sorm.

And snowden can be expected to have the slides on the nsa’s look of russian surveillance.

If this comes out, Snowden has to fear for his life in russia.

Alexander Litwinenko first claimed that russian FSB would make false flag operations by placing bombs in houses, for blaming chechnyan terrorists later on. Afterwards he claimed that putin was a pedophile, and then he received his deadly dose of polonium:

http://de.wikipedia.org/wiki/Alexander_Walterowitsch_Litwinenko#Spren
gstoffanschl.C3.A4ge_auf_Wohnh.C3.A4user_1999

Putin does not like it to be openly critisised, or to be revealed as a liar in public. When the time comes, Snowden should really arrange an exfill.

kronos April 18, 2014 7:54 AM

I have used a USB-to-SD adapter for several years to carry my malware/antivirus tools on an SD card. I assumed flipping the write-protect switch on the SD card would prevent malware from contaminating my cleanup tools, and so far have had no problems.

But after reading the posts here I may be ordering something like this from Amazon:

http://www.amazon.com/Kanguru-Flash-Physical-Protect-switch/dp/B008OGNM8E/ref=sr_1_1?ie=UTF8&qid=1397825071&sr=8-1&keywords=USB+stick+with+write-protect+switch

z April 18, 2014 8:38 AM

@ why tails?

“What I do not like at all is that projects like Tails get public attention from comments like the ones broadcasted by journalists in the last days, while other ones, like the OpenBSD project, whose members work really hard to truly improve security remain on the shadows. It is unfair.”

OpenBSD and TAILS have different roles. OpenBSD is not about anonymity. TAILS is pretty much all about anonymity. OpenBSD is designed to give you absolutely nothing but the bare minimum so you can install what you need from there; TAILS comes with everything you need for a variety of tasks.

And while it is certainly unfair that OpenBSD does not get more recognition, especially after Snowden, imagine getting a journalist excited about some white text on a black background with no desktop. OpenBSD is a very good OS that is utterly uninteresting to the public. TAILS has a sexy interface and looks good. Plus, it’s hard to explain to people why less software pre-installed is generally more secure. They want flashy anti-virus stuff, Tor buttons everywhere, powerful MAC tools like SELinux, etc. None of that is bad per se, but it’s a different philosophy than OpenBSD and more interesting to a journalist, especially one whose readers would be more interested in that stuff.

AlexT April 18, 2014 9:39 AM

Did anyone notice the flurry of mentions of tails recently. Just google “the Operating System Edward Snowden Used to Evade the NSA”. Most sites did not even bother to re-phrase the obvious PR campaign. Don’t know who did it or why but it is somewhat suspect, to say the least…

No April 18, 2014 10:23 AM

I prefer Whonix through a physically isolated gateway.

For the most part i feel the same as @Renej about TAILS

Nick P April 18, 2014 12:05 PM

@ why tails

re attention project gets

Fair? Are you kidding me? There’s no fairness in IT industry period. People pick what they like for whatever reason. No guarantee of usefulness, quality, technical superiority, etc. Far as TAILS vs OpenBSD, it’s one of few cases where it is fair. TAILS markets itself, responds to feature requests, and tries to help newcomers much as possible. Compare that to what Theo said of OpenBSD in an interview:

“The first thing to recognize about OpenBSD is that there are about 80 developers and we do OpenBSD for ourselves only. Lots of other people use OpenBSD, but we use it for ourselves. It�s just for ourselves�and that means I want OpenBSD to run on everything I�ve got. I want OpenBSD to work no matter what things come along in the future. This means that we have to have an outside community that will help us with supporting new devices and new technologies. We can�t be too �fringe.� So that means we have to have a user community. But we have a user community only because it benefits us, ourselves.”

Comes off as quite self centered and cocky. So does their response to newcomers and feature requests. So, if they have little popularity, it’s well-deserved. They also make high quality stuff. So, you get the good and the bad. Reminds me a tad of DEC’s model: a company of engineers run by engineers that built high quality products for themselves, then made a profit by selling it to others. Management made them go downhill, but I’d like to see more of that strategy in the marketplace. Google is closest thing to it right off my head.

@ Vem

Thanks for the link. That’s interesting. A long time ago Clive and I worked out details of high assurance inline media encryptor. NSA has one that’s pretty awesome and became the requirements list for mine. I think it might be best to build an open IME that also has write-protect switch or assured software write-protect. Two birds with one stone. My previous effort intended to reuse Truecrypt whole disk encryption code for early prototype.

I also recall there was another product, maybe Australian, that put security into the hard disk level. It had authentication, per partition protections, a semi-trusted path, and so on. I could see including per partition protections in the IME so you could individually encrypt, write-protect, etc various partitions. System partition, for example, would require authentication to change while the data partition would not. Another possibility is integrating such a system with virtual machines and I/O protection to protect HD data against malicious code in a VM. Air Force Lab’s HAVEN system did something along those lines.

Note: There was also a Honeywell product that provided an external HD enclosure that encrypted data. The smart thing about it was that it had a trusted path in form of LCD and small keypad for PIN entry or configuration.

Nick P April 18, 2014 5:35 PM

@ Alex

Decent for antimalware or blocking accidental leaks between VMs. However, it’s not designed for anonymity through and through. We’d probably have to do a similar amount of effort on it to whats already done with TAILs.

Merp April 18, 2014 8:43 PM

OpenBSD can easily be customized to clone Tails exactly if you wanted for whatever reasons. The entire Tails design document is there, just look at what they’ve done and configure your OpenBSD live CD to do the same. Anonym.OS was heavily used but the author was immediately snapped up by a security company and signed a non-competition agreement so that’s why it died, not because nobody used it.

Liberte Linux probably the same thing has happened to Max, he abandoned that too most likely because he’s being paid to do the same thing somewhere else.

Biggest problem with Tails is it is based on Debian, which is well known for having the worst crypto engineering record of any operating system. I also don’t know how anybody can remain sane tracking literally hundreds of package updates to make sure they don’t break the Tails design document. I would not want to have the job of a Tails maintainer. Debian also doesn’t even have a GrSec patched kernel, and the Tails devs do not want to patch the kernel themselves so no PaX/GrSec.

There’s an Arch linux wiki that will tell you exactly, step by step, how to make a live CD, patch with Grsec/Pax, include whatever programs you want such as the official Tor bundle distro, how to configure Pax flags for said programs, and then just follow the Tails design document implementing other things they have done like randomizing MAC, using kexec to load memtest memory wipe upon shutdown, IPTABLES settings to torrify everything, and how to configure and set every program like Email or Chat so they don’t leak identifying data. You could do this in a weekend easily.

You can also buy the book “Absolute OpenBSD” and do the same thing in OpenBSD but with added benefit of not needing to constantly update software and trying to figure out what dozens of new package updates are doing everyday. You could also run it in SecureLevel2 preventing any writing to system files

Nick P April 18, 2014 9:52 PM

@ Merp

“Anonym.OS was heavily used but the author was immediately snapped up by a security company and signed a non-competition agreement so that’s why it died, not because nobody used it.”

Didn’t know that. Thanks for the info. “non-competition” from an anonymous Tor LiveCD… What company did he or she end up working for that needed such an agreement?

karl April 19, 2014 12:53 PM

Sort of strange for a security expert and a person of interest, to publicly announce where he bought his hardware – it is an information leak that would help them mount an attack – connected or not.

Dave April 19, 2014 5:11 PM

It is possible to obtain SD card reader/writers that honor the write-protect tab.

From my testing I was able to get almost 50% of them to write to an SD card, regardless of the lock being set or not.

A good reader/writer will block the write command from the kernel without any trouble.

secret team - secret public ML = fail April 19, 2014 10:40 PM

@Merp • April 18, 2014 8:43 PM
RE – Arch Linux Wiki page

Could you please post the link here? TIA

@Tails Users

BTW you should rename, move, or remove the package dmidecode as at least one of the debugging scripts, if run, would send an insane amount of information about your machine to Tails.

Amusing if you think about it:

Heads you win! Tails you lose.
Tails – being tailed by someone

etc.

I’m unhappy with the project as is and imo they appear resistant to much outsider changes, referring users in their now disabled former public web/wiki forums time and again to wiki page(s) where users are told to contribute or shown where to re-roll the distro for themselves and/or contribute.

Figureitout April 20, 2014 1:56 AM

secret team – secret public ML = fail
–I’ve really wondered about how reliable software is (it has to be..) when probing hardware to identify what’s there. Locally, getting this information is good for security but it’s the remote “finger-printing” that is a problem w/ which one can customize a deep attack.

From a 0.18 second google search: Beware that DMI data have proven to be too unreliable to be blindly trusted. Dmidecode does not scan your hardware, it only reports what the BIOS told it to.

So if one wants to get “dirty” and tweak a BIOS, not sure how w/o ruining the BIOS itself, to send back false data.

http://www.nongnu.org/dmidecode/

Nouaman April 20, 2014 3:31 AM

@ Figureitout:

Try it (dmidecode collection script in Tails) yourself. The file(s) in question have been outed. The common user without tricking out anything in BIOS or elsewhere is what I’m concerned with – not someone who is tech savvy and has spotted and evades this. The average user, running Whisperback (and/or other debug script), probably doesn’t understand all of the system data he is sending.

Dmidecode isn’t the end of it, either. If I remember to … I’ll try and post these files to a pastebin for review sometime this week.

Clive Robinson April 20, 2014 5:37 AM

@ Nouaman,

As I’ve said quite a few times in the past technology is agnostic to it’s use.

Another thing I keep pointing out is the danger of test harnesses etc.

Design engineers build in test harnesses for good and proper reasons and thy are often left in for good and proper engineering reasons.

Security engineers know however that one thing test harnesses do is by pass security mechanisms at inappropriate times. They also know that without test harnesses at the appropriate time designs would not move forward, nor could they do their job of securing systems.

Seemingly a Catch-22 situation…

There is also a less talked about issue which is “stability” hardware designs have long been known to suffer from a problem that is a system that is –supposadly– stable becomes unstable when you remove or change parts of it. What is less well known is that software can suffer from the same issue.

The issue is generaly not the test harnesses themselves but how they connect to the system under test via the hook up points. In a physical system it’s not difficult to see why such a connection point might add damping or phase shifting thus act as stabalising components. With software however it’s a lot harder and thus a lot more difficult to test, thus not just the testpoints remain but the test harnesses as well.

Which is the issue you have raised with dmidecode.

However just removing what is in effect the test harness will not remove the connecting/hookup points. These will remain a security threat just waiting to be exploited (See Greek Olympics and mobile phones for a real world example).

So the issue becomes one of what to do with the test hookup points? The solution to the problem is either remove them entirely –possibly causing instability– or to make a virtue out of a failing. Basicaly the first step in either case is to reduce complexity by making individual system blocks smaller and move the hook up points out of the blocks and put them at the clearly defined interfaces between blocks where they won’t effect stability if removed. Then in the case of making it virtuous, turn what was a test harness into a hypervisor which stops a system when an out of specification event occures at an interface. However you do have to take significant care with how you implement such hypervisors to prevent them leaking information…

From what you say the TAILS developers have taken the best choice from the design perspective, which is also probably the worst option from the security perspective. Now I won’t comment on the developers reasoning, but I will say that removing the test harness will only close one vector, you need to also remove the hookup points as well, and that may not be either easy or possible.

Rufo guerreschi April 20, 2014 9:07 AM

So Tails appears to be used by Snowden and Schneier as their main secure desktop platform.

It’s definitely a major step ahead respect to everything else. But, aside from its poor usability and availability only for PC, does it provide nearly enough privacy and security after what has come out in the last year?!

I see major potential critical vulnerabilities (to scalable remote exploitation coming) from:
-way too large OS and apps, even if severely stripped down and hardened
-not enough expert verification per quantity of code
-no public background checks on contributors and lead developers and architects (which are anonymous)
-users ‘firmware
-users’ hardware
-Tor network vulnerabilities due to: traffic analysis, bug in poorly verified floss code (such as OpenSSL), low number of expected non-malicious and competently-managed nodes.

I imagine Snowden and Schneier protect from these through setups and configurations, rules of behavior,  .. But such tricks require very high skills, shared by your communications interlocutor, and they drive usability even lower.

We at the no-profit Open Media Cluster believe to have identified a solution to such vulnerabilities and usability problems of Tails (and similar), that could cost under 8M€ of R&D to build and test, and be made affordable and usable by any Western citizen, as a parallel environment forsecure computing.

It involves modifying Tails by:
-stripping it down to very basic features
-embedding it in a barebone 3mm touch screen device with hdmi out (to display on your desktop monitor) and bluetooth (to go on the Net via your phone), that can be attached to the back of any phone via a hard case.
-adding very very thorough (relative to quantity of code) and open verification to all software and firmware
-add manufacturing process oversight exceeding in user-verifiability the US DoD “Trusted Foundry Program”
-improve Tor security and performance through traffic spoofing techniques, direct incentives for non-malicious and properly configured nodes, and very extensive Tor code review
-a few more tricks

See more at the User Verifiable Social Telematics project.

Dave April 21, 2014 2:42 PM

@secret team It is supposed to be: “Heads THEY win, tails you lose.”

I knew about dmdidecode, but I dodn’t know they included it with Tails. That’s pretty bad.

They just started randomizing the MAC addresses too, which is also bad. I mean, randomizing your MAC before you connect to an untrusted WiFi network (for example) is basic security.

Scully 2 April 29, 2014 9:38 PM

Nothing new here. The DOD has been doing this for years, won lots of awards. Google “LPS Lightweight Portable Security” or “DISA Bootable Media”

Tails Linux version 1.0 released May 1, 2014 11:13 AM

Tails Linux version 1.0 released: a Debian-based distribution known for its strong privacy features and pre-configured for anonymous web browsing

After nearly five years of development, Tails[1], a Debian-based distribution known for its strong privacy features and pre-configured for anonymous web browsing, has reached version 1.0: “Tails, The Amnesic Incognito Live System, version 1.0, is out. Version 1.0 is often an important milestone that denotes the maturity of a free software project. The first public version of what would become Tails was released on June 23 2009, when it was called Amnesia. That was almost five years ago.

Tails 1.0 marks the 36th stable release since then. Since then we have been working on the many features we think are essential both in terms of security and usability: USB installer; automatic upgrades; persistence; support for Tor bridges and other special Tor configuration; MAC address spoofing; extensive and translated documentation.” Read the rest of the release announcement[2] for a full changelog and a note on future plans. Download[3] from here[4]: tails-i386-1.0.iso (909MB, torrent[5]).

[1] http://distrowatch.com/tails
[2] https://tails.boum.org/news/version_1.0/index.en.html
[3] https://tails.boum.org/download/index.en.html
[4] http://dl.amnesia.boum.org/tails/stable/tails-i386-1.0/tails-i386-1.0.iso
[5] https://tails.boum.org/torrents/files/tails-i386-1.0.torrent

scruffy May 9, 2014 6:49 PM

@Scully 2

“Nothing new here.”

Actually there is.

“The DOD has been doing this for years, won lots of awards. Google “LPS Lightweight Portable Security” or “DISA Bootable Media””

Yea sure like we’re going to use DOD Live media for privacy and security.

Viewer May 20, 2014 12:41 AM

“Initially I would boot my regular computer with Tails on a USB stick,”

I was rather shocked to read this.

I would have thought that anyone as expert as Bruce Schneier would have been well aware of the existence of numerous potential hardware and firmware vulnerabilities and would have therefore kept a separate, dedicated, non-networked box all along for working with highly sensitive documents.

James Gould April 7, 2015 2:52 PM

The big question for smart non-experts is whether to use Tails or Whonix.

For online-safety-conscious types who genuinely don’t have the time to make it their main concern/expertise – but are nevertheless prepared to put in some serious work – there really are only two practical options: two quite different approaches to staying safe online.

Broadly speaking, Tails is focused on super-anonymity while Whonix is focused on super-security. Yes, the browser in Tails is hardened with various security bolt-ons – protecting for example against malicious script and cookies. But if you use Tails properly, i.e. not just out-of-the-box but with all the good security practices urged by its developers, the chances of a targeted attack on your systems being feasible (let alone successful) are small enough. It’d be like clay pigeon shooting in the dark.

Sure, the NSA has a really, really big gun – but what use is that if it can’t see? Not quite the need for super-security.

Conversely using Whonix you can be confident you are sat behind a near-impenetrable security blockade. Sure, the NSA has a really, really big gun – but you have a really, really big tank. Not quite the need for super-anonymity, then.

Anyway, slightly off-topic comment. Some of us just don’t have the next five years to spend learning how to code, ya know?!

pterodactyl August 7, 2015 4:06 AM

@James Gould:

Tails isn’t more anonymous than Whonix. With Tails if you get infected by malware or through some browser exploit, you will get your IP leaked. With Whonix this won’t happen unless the malware also has VM exploits, which aren’t that uncommon.

Basically neither are super-secure nor super-anonymous. Instead you should build your own hardware and write your own drivers and controllers. Then you will really be super-secure.

Mike Mardi Gras March 14, 2016 4:01 PM

Nick P wrote April 18, 2014 12:05 PM:

Compare that to what Theo said of OpenBSD in an interview: “… we do OpenBSD for ourselves only.” Comes off as quite self centered and cocky. So does their response to newcomers and feature requests.

I don’t think that’s really true. The most talented artists and musicians produce their best work because they made it for themselves. It is this kind of attitude that produces high-quality, original work, as opposed to some cheap copy.

And while it’s true that newcomers get a lot of pepper for asking stupid questions, it’s usually because these questions have already been answered in the FAQ. Ie. “Why might I want to use OpenBSD?” (http://www.openbsd.org/faq/faq1.html#WhyUse) and “Why is/isn’t ProductX included?” (http://www.openbsd.org/faq/faq1.html#HowAbout).

Mike

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.