Endorse Tails OS #14
Comments
|
While Tails normally only makes it simple to set up a single encrypted volume, we could actually set up two -- one very small one for the master PGP keychain, and another that would hold the "neutered" keychain with only subkeys. We could tell people to only ever mount the master when specifically doing things that require working with the master key, and to never connect tails to the internet when this volume is unlocked. We could maybe even push a change upstream that would enforce this. Depends if the tails developers see key management as a valid use-case for the platform. |
|
Wow I love it. I have been having similar thoughts come to me but rather using a Truecrypt secret volume so that you could send out secret distress signals if you were kidnapped and the terrorists wanted to use you to get to the Western Media. I love what you're bringing to the party @patcon |
|
haha not sure what to make of the terrorist kidnapping scenario, but I'm glad to be part of any momentum on this project :) so hey, thank YOU |
|
The Guardian Project already has a project that fits this use-case. We should aim to leverage that. cc: @eighthave |
|
And as mentioned on Twitter, I'll start investigating this issue soon, hopefully before that video call @MrChrisJ |
|
@patcon @MrChrisJ I concur, I'm a very strong advocate of tailsOS and in light of recent revelations, http://www.engadget.com/2015/02/16/hard-drive-spyware/ , this seems more pertinent now than ever. What's more, usually the primary barrier to entry for a new user starting tails is just getting it to boot on a machine with weird boot priorities set. An in depth, but succinct set of instructions could resolve a lot of our issues with a single shot. The clean room project also seems very promising, though I'm not as familiar with it. It does seem to have our specific use case in mind from a design standpoint though. Certainly worth looking into. Either way, one of my strengths is technical documentation and I would not be opposed to drafting a introduction to booting tails/cleanroom if that's something we're looking for. Side note: I'll be in NYC this weekend, if anyone wants to grab a drink and discuss the project further, feel free to hit me up on here or twitter (@theocoyne). |
|
thanks for the shoutout, @patcon. CleanRoom has been a very slowly evolving project. Mostly its little bug fixes and reports to Tails, like this one: https://labs.riseup.net/code/issues/7208 Getting I'll be in NYC from March 3rd through some time in the summer if anyone is around. We can meet up and chat about this. We have an office in Dumbo. |
|
@eighthave I'd love to try to make it down from Toronto while you're there :) And thanks for the info Good points on the boot instructions @ZeroCool2u. I think that's a tails-wide concern, so any docs could probably get pushed up to their wiki too. Related to issue itself, seems there still isn't dependable advice on how to avoid badUSB devices, except by paying exorbitant prices for devices like those from IronKey, which I think would be too much to ask of people. From the looks of the wiki (run by team that discovered vuln), cheap SD card readers don't seem to be affected as badly: https://opensource.srlabs.de/projects/badusb/wiki/SD_card_adapters Assuming vulnerable SD cards are less of a concern (not self-evident), maybe the right approach is to encourage cheap sd cards and readers. This has the added benefit of probably being easier to get people to be cautious with them, as it won't blend in with every other USB stick in their lives. It also strikes me as a nice decoupling of the storage media (SD card) from the vulnerable usb connector smarts (the reader). Anyhow, between SD cards and USB, security of digital media seems to be terrible in general. Booooo... |
|
FYI was messing around with a Tails-based buildserver here: This could allow the trusted passport issuer to generate pre-configured USBs during the meeting, directly from their own clean Tails USB with only a private key and the git repo cloned directly. This setup would only be useful if we needed custom software on the USB, but I don't think we will -- anything we need can probably be pushed upstream to Tails. But hey, if down the road, we wanted to package simple tools for verifying other passports (or something like that), it might make sense :) |
|
TAILS seems hard to manage for a buildserver, because of the Live CD model.
Whonix might be a better bet for that use case. But maybe it makes sense to
install the build environment based on a fresh TAILS install each time,
something like how Debian packages are built in a fresh chroot using pbuilder.
|
|
You might want to look at buildbot. Very easy to setup. buildbot.net On Sat, Feb 28, 2015 at 2:15 PM, Hans-Christoph Steiner <
|
|
Thanks @osyed, but perhaps choosing "buildserver" was a misnomer on my part -- it's not for CI builds but for allowing a distributor to build a bunch of pre-configured Tails USBs to pass out :) |
and others
https://github.com/MrChrisJ/World-Citizenship#step-3
I see that step 2 mentions a tutorial on opsec and an optional system audit, but it would strike me as much more workwhile to teach them briefly how to use tails, and give them usb stick copies with persistent storage to take home with them. I'd recommend that they keep their master gpg key on its persistent storage partition, and have them copy subkeys onto their laptop drives proper.
Anyhow, just a thought! While it might be nice to send people home with PGP keys on their laptop that supposedly might represent their future identity, it's just not realistic that they'll be able to keep their laptops secure. After all, folks like me and you obsess over this stuff, and I still don't even trust my own computer :) I'm thinking that while you have eager folks in the room, we might as well teach them the last mile of privacy that journalists and the like are being encouraged to use. Tails is a little intimidating in priniciple, but it abstracts away much much much more confusing security concerns that would come into play on "regular" operating systems.
Anyhow, happy to do a hangout-on-air to discuss changes to the protocol if you're interested. I can imagine this being like a key signing party, and it would be nice to formalize the process a bit
The text was updated successfully, but these errors were encountered: