Love Tails, but I haven't used it in ten years. I have had Tails and Qubes disposable VMs on my mind though.
I switched off of Qubes last year to my own Alpine chroot with a hand crafted kernel and initrd that lives only in memory. I find turning off the computer when I'm finished and having it forget everything to be a very peaceful way to compute. I owe the internet a write up.
I feel like ramfs for root filesystems is an underused pattern more broadly. "Want to upgrade? Just reboot. Fallback? Pick a different root squashfs in the grub menu"
I would definitely be interested in reading more about this.
I love the idea of being able to prevent an application from writing all over my disk to random places. If I can't prevent it, I can at least remedy it by having all those changes go away with a reboot.
One of the things I love about Docker containers is that they can be ephemeral or persistent, short or long term, have full network access or no access, allowed to write to the host system or stuck writing to its own file system only.
Ages ago, I tried out Puppy Linux, that ran from a burned CD. If I made updates, it wrote another filesystem extent to the disc, and I think the loading process just used those to over-write files as needed until the boot completed.
I was thinking of it for a home firewall at the time, but in any case, it made for a very ephemeral system.
Same here. Dont understand why not more ppl switched to alpine on the desktop. It is my daily driver. Plus LXD for stuff I must do (typically spawn ubuntu, etc.)
my whole PDE (Personal Developer Environment) is within a container. Need python? Shell into (via dmenu) python container. All with complete neovim setup. Need a GUI? No problem. Spawn a container. My lxd profile is set up for this. Use chezmoi for heavy automated stuff.
I also use alpine as the main/root environment. But I rarely use any applications from alpine. For that I have Arch, Fedora and Debian rootfs dirs into which I pivot_root with the help of bubblewrap (bwrap) in shell scripts. There is no overhead and the GPU can be easily attached. You can also dynamically attach ro/rw CWD and target paths (`for arg in "$@"`).
Everything that I care about just works and I get a separation of concerns. Use of network namespaces allows further flexibility. For example, I have a netns that is forced through a Tor gateway such that any traffic originating in it can only go through Tor.
This type of setup is not hardened against kernel vulnerabilities, the kernel treats applications running in namespaces as if they are isolated from other namespaces but those applications can still interact with broad surfaces of the kernel and therefore potentially exploit it.
For kernel safety applications must be denied direct access to the host kernel, this is usually achieved with virtual machines.
> Dont understand why not more ppl switched to alpine on the desktop.
Same. When I was looking for a minimalistic distro, while unorthodox it seemed better than the alternatives. My next choice would be Void but I ran into some issues with it, and Alpine worked much more flawlessly.
Do you have a separate neovim instance (config and all) in every container? Or a single neovim instance on the host which can access all container volumes? What about shell instances?
I'm so sick of this claim. Nix allows you to keep old versions of things installed, but you certainly don't have to.
When I switched from Debian to NixOS a few years ago, I installed it on a separate subvolume, and it ended up taking almost exactly as much space as Debian did (about 12 GiB with gnome and everything else). And really, what would you expect? It's nearly all the same code, just organized differently in the filesystem.
P.S., you can check the store usage of the current system profile with `nix path-info -Sh /run/current-system`.
I have multiple flakes and a lotta CUDA drivers. In fairness though, this is after a few months of no manual GC. I think nix-collect-garbage could bring it down to ~120-150gb.
It's totally worth the stability, but maybe not the best choice for the storage-constrained.
EDIT: According to nix-tree my current generation is only 45gb right now.
How do Tails and Qubes relate, any reuse of functionality?
(Tried Qubes as written up in [1] but eventually gave up as it won't allow me to create virtualbox images, and some other caveats, as well as being pretty resource hungry)
I've been needing to create virtualbox images for use in some courses (teaching data science and the like) at my previous work. This usecase has popped up often enough that I feel O need to be able to do this on my main laptop.
I treat my web browser like this, and similarly have a docker container for all my development stuff. I like the idea of making the computer (almost) completely stateless.
How do you deal with stuff you want to store in /home? (Like source code checkouts, ssh keys, etc.)
Tails has a very specific use case, very few people need anti-forensics.
I suggest looking into Whonix[1] if you want something that you can truly use for privacy. It is also much more secure than Tails by design, and does not have any limitations like locking down the root user account.
Summary from GitHub:
"Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP."
Tails uses a less secure model because it relies on the system firewall to block any non-Tor connections. This means that any user to root vulnerability will leave you naked, deanonymized. Additionally, protocol leaks, or unintentional leaks are more likely to happen. Both of which have happened in the past and are not mere speculation.
I've commented in this thread that at one point, such a vulnerability was left unpatched in Tails for years despite being documented and a PoC existing.
Whonix on the other uses two VMs, one of which runs Tor and the other applications, and connects via an internal network. This means that non-Tor connections are impossible, as the VM where you run software is completely unaware of the real, external IP.
This raises the level of exploit needed substantially, from user to root, to remote kernel exploits or hypervisor escapes.
Hi. We're building The Nose (https://thenose.cc), a safe haven for training data that can't be taken down with DMCA. Since this involves copyright infringement, strong anonymity is a requirement.
The reason Tails isn't an option is because, as others have mentioned, there have been Tor browser exploits which reveal the IP address of the Tails user. While this is unlikely for our case, it's important to approach security from first principles with threat modeling. An attack from the FBI may seem unlikely today, but both Silk Road and one of its successors were taken down by mistakes they made when setting up their site. Learning from history, if you're not careful early, you're in for a surprise later.
Case in point: When I started Whonix Workstation to post this comment, the Whonix Gateway VM failed to boot. So when I tried to start Tor Browser and go to https://news.ycombinator.com, all I saw was a connection error. This kind of layered defense is essential if you're serious about staying out of jail.
Realistically, you'll likely dox yourself through some other means: sending Bitcoin to your pseudonym from your real identity, admitting to someone you know that you control your pseudonym (this work gets lonely, so this is a real temptation), or even accidentally signing off an email with "Thanks, [your real name]". And once you make a single mistake, you can never recover.
Day to day browsing is a pain. I use a VNC client to remote into our server, which is running a desktop environment with a regular browser. That way you can use apps (gmail, discord, etc) from outside the Tor network. But since you're tunneling through Tor, this is painfully slow. You'll likely want to type out long messages in Whonix, then copy-paste into your remote session. Each keystroke can sometimes take a full second to appear when animations are heavy.
Transferring large amounts of data is also painful. If you try to start Litecoin Core on Whonix, you'll need to sync more than 30 GB, which can take a very long time.
Patience is your weapon. You have all the time in the world not to make a mistake, and moments to make a fatal one. Think carefully about everything you do.
Stylometry scares me. AI can help here: run an assistant locally, and ask it to reword everything you write. You won't be able to use ChatGPT for this, obviously because OpenAI retains a history of everything you submit, but also because they require a real phone number to sign up. And you can't get a real number through any means I've found so far.
Payment is also a pain. I'm hoping to ask the community to donate Vanilla gift cards so that I can sign up for Tarsnap or spin up a droplet.
By applying the discipline normally found in aeronautics, I think it's possible to do this safely. But you'll still be risking jail time, and the intersection of people who want to do something for altruistic reasons and willing to risk prison is pretty small. I'll be documenting everything I do so that you can learn from my example, or perhaps from my mistakes.
I like the way you describe your process. As the person who made the stylometry thing that made the rounds a while back, I would say the best thing you can do on that front is to either get a "paraphraser" like ChatGPT/translators or just write less. Also, there's a site called smspva.com and a lot of sites like it where you can rent "real" phone numbers and they take every payment method under the sun. Depending on the country a phone number to receive an OpenAI confirmation code is about $0.50, most less popular services are like $0.10-$0.20.
llama.cpp runs LLaMa 2 7B on common hardware like a MacBook Pro. Haven't tried it yet on my RTX 3070 (Mobile) but there's no reason why it shouldn't work.
A 7B LLM has a huge quantity of knowledge about the world. You don't need that just to reword sentences. You can use a translation model with English input and English output, or other Text2Text model such as one for textual style transfer. A purpose-built model for rewording into a fixed style different from the input could be easily be 10M parameters or fewer (that's already big enough for translating between two languages, afterall) but you can readily find models in the 100M range for text style transfer.
Are you currently hosted on Shinjiru now? I'm thinking about using them as a reverse proxy in front of a site that might suffer false DMCA attacks. I don't want my web host to ban me just because they can't deal with the hassle, so I'm thinking about proxying all the requests.
What does Shinjiru do if they receive a DMCA notice?
When I ran a huge private torrent tracker I paid a decent chunk to get a host that ignored every single request of any type that they received.
I think if you're interfacing with your server without going through Whonix, you're asking for trouble. Not only do you need to pay for the server using BTC that can't be traced back to your identity, but anything that touches the server (such as your server you're proxying with) needs to take the same precautions, which means no DigitalOcean, unless you can somehow pay them without that also being tied to your identity.
If you're not actually worried that DMCA people will follow through on their threat to sue you, or you really want to risk losing your property in the event of a lawsuit, then perhaps this might work.
Feel free to email me for more advice or to keep in touch. Your project sounds interesting.
Tails is great. I am using it for several years now.
Other related projects are whonix ( https://www.whonix.org ), which consists of two virtual machines:
A workstation to work on and a gateway, which torifies all traffic from the workstation VM.
Whonix is also integrated in Qubes OS ( https://www.qubes-os.org ), which allows you to easily work with multiple seperate whonix VMs. There is also the possibility to tunnel all internet traffic of your machine through Tor including system upgrades of the host OS itself.
Whonix/Qubes integration is excellent, and it's certainly a nice perk of Qubes.
To clarify the benefits of the "two VM" approach:
Most of the unmasking exploits against Tor users (as distinguished from unmasking Tor hidden services) involve getting a browser to ignore the proxy settings, somehow. I believe WebRTC, Flash, and various other things have been used to cause the browser to beacon out to some endpoint - you exploit the kitty picture site, and put in code to exploit the browser, which then makes a direct request to http://someip/unique_identifier - and, boom, you've got the user's IP, probable cause, the works.
This happens because a "typical" Tor install is the daemon running locally, but nothing prevents other binaries from making a direct connection out. You set the browser to use socks5://localhost:9050 or something as the proxy, but if you can either get some part of it to misbehave, or just spawn off a different process, it doesn't obey the proxy settings and goes straight out.
Whonix solves this problem by splitting the system into the workstation VM (what you interact with) and the gateway VM (that connects to Tor and "torifies" traffic). The only network port on the workstation VM is connected to the input port on the gateway VM - and everything coming in that port is routed through Tor, via the other (internet connected) port.
So, if you manage to exploit the workstation VM, the attacker still doesn't gain an IP - because they launch a shell that runs 'wget http://someip/unique_id', but that goes out through the gateway VM, and gets encapsulated into Tor before going out, so it still pops out some Tor exit node, not your home IP address.
It raises the bar rather substantially for using Tor, and avoids a lot of the various ways to get Tor to leak. Also, they ship a copy of the Tor Browser in Whonix, which disables a lot of high risk functionality and allows you to very easily disable automatic media parsing and Javascript and such.
Qubes is awesome, and the integrated Whonix stuff is just a beautiful integration.
> The steps below outline how to make all PVH DispVM's permanently fully ephemeral. All data written to the disk will be encrypted with an ephemeral encryption key only stored in RAM. The encryption and encryption key generation is handled by dom0 and is thus inaccessible to the VM.
Could any HN users speak about their experience and rationale for using Tails?
My outsiders’ perspective is that the threat model for these kinds of surveillance resistant tools is somewhat perverse: they trade indistinguishability (being lost in the crowd) for a nominally more anonymous but extremely unusual datapoint (a host/browser/etc. that basically looks like no other normal machine.)
Put another way: without a clear attacker in mind, my outsiders’ perspective is that Tails feels a bit like wearing a paper bag in public to foil public CCTV: it might work, but is far likely to provoke contact with the relevant authorities than just attempting to blend in.
You put the stick in, access forbidden web site (for example, Instagram). Take the stick out, police searches your computer, there are no traces. If you were using a regular OS, even through Tor, there are some incriminating traces left, in browser cache, in MFT, in pagefile etc. that can be recovered.
I don’t see why you couldn’t have a persistent install of something like Tails or Kali Linux as long as the OS drive is encrypted with a password of a particular length. Can we brute force 25-character passwords 20 years from now? Maybe, but the statute of limitations would elapse by then (in the US anyway). I suppose it wouldn’t be as “safe” as a live USB that doesn’t persist anything, but that’s the tradeoff- you can’t persist anything and probably have some “setup” to do each time you boot from the Live USB.
Much the same result can be achieved by using a portable browser stored on an encrypted volume run inside a sandbox. For example on Windows, you can use portable Librewolf stored on a veracrypt volume running iside a portable sandboxie-plus sandbox (also stored on the encrypted volume).
Tails is stronger than this approach in respect of the following threats: the $5 wrench for the veracrypt, keylogger installed on the host OS, memory scanners, the pagefile
Distrowatch is a good place to get a brief overview of pretty well every Linux distribution ever made, with links and a bit of background info on each:
I know the TOR project was started by the US navy, and that now I2Pnis the preferred method of browsing the darknet, because many people believe it has been compromised.
> and that now I2Pnis the preferred method of browsing the darknet
This is not true by any means. A "switch" to I2P never happened, and just a few months ago an exploit[1] that could deanonymize eepsites was published. Tor is still the only "method of browsing the darknet"; by most definitions.
In the same manner that parts of the NSA are interested in secure cryptography as opposed to breaking it, parts of the Navy were interested in anonymizing traffic as opposed to de-anonymizing.
The TOR software is likely no more compromised than GNU/Linux generally -- the TOR _network_ is likely compromised by flooding it with honeypot servers that can track users by monitoring origins and destinations.
I can't validate if you are wrong or not. Just bring to your attention that one of their marketing slogan is "Amnesia" and "Persistent Storage on a USB stick". https://tails.net/about/index.en.html
The 'honeypot' concern is somehow valid because full-on privacy on the internet is as hard to achieve as privacy in a public park. Only its user can determine if their online activities goes against the (legal/moral/financial) interests of the most technically-advanced nation on our planet.
The Tails team made the fantastic decision of modifying the Tor Browser, giving Tails users a unique fingerprint as opposed to regular Tor Browser users.
I think that's an incorrect oversimplification. The Internet didn't grow from ARPANET like a seed grows into a tree. ARPANET didn't become bigger and bigger until it became the Internet. The Internet was the merger of many networks and many of them never communicated with any computer in ARPANET and we're developed with absolutely zero funding from the United States government.
I guess it’s a matter of interpretation. Of course every computer connected to the internet is not government-funded. But in this context we’re talking about the origin of the technology and protocols that allowed the network to exist at all. By the time the internet got bigger than ARPANet, CSNET, and NSFNET (all government funded), the protocols were pretty much settled, and that’s what everyone else’s network used to become part of the internet. If the government hadn’t gotten it to that point, there would be no internet.
All known law enforcement attacks against Tor have involved some kind of exploit (e.g., in Tor Browser) that creates a non-Tor connection to collect the user's IP. Tails does not protect against this. Whonix provides much stronger protection against practical, real-world attacks, since the entire operating system is forced through a Tor connection.
It’s probably important to note that as I understand it, these attacks have generally been Firefox zero-day exploits that have made its way in because the Tor Browser is based on Firefox ESR with patches.
Tails includes an "Unsafe Browser" which connects in the clear. So on top of a Firefox exploit, you would need another exploit to launch that browser or an exploit to escalate to root and tamper with the firewall rules. At least one Tails user has been successfully targeted like this ("an exploit taking advantage of a flaw in Tails’ video player to reveal the real IP address of the person viewing the video").[1] With Whonix, even an attacker with root would not be able to make a non-Tor connection because the firewall runs on a separate virtual machine.
wow! that story is wild I totally missed that during the pandemic. now I'm no longer annoyed at always having to update tails the few times I boot it up.
but yeah probably going to prioritize Qubes and whonix again.
administrator/root is turned off by default, and even if the user turned it on during boot, they would still have to be tricked into approving or putting in their password again, am I missing something about the veracity of possible exploits?
There may be a security advantage to using a separate non-bypassable network appliance that puts your traffic on Tor, since then it would be much harder to break into a Tails machine and make it leak your location. However, given that it's meant to be easy to use, I think they probably picked the right balance by having the Tor redirecting occur in the same address space as the computing environment.
Tails didn't patch a non-root exploit that could leak the users real IP by bypassing the firewall without them knowing it for 3 years. I do not understand why Tails is recommended over Whonix (specifically Qubes-Whonix, thus with a trusted TCB).
> The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interaction
I'm wary about even Googling it because I swear I heard you are tracked in the US for even Googling it, or downloading it, or even reading on Wikipedia. It sounds laughable when I type it to be honest, but hey. I feel I have better hills to die on.
Wouldn't that be security through obscurity? Which is bad security and a good way to be exploited. I thought that having more eyes on a system made it more secure because people find the exploits.
It depends. Monocultures are also bad for computer security, since the failure mode is catastrophic.
Ideally, there would be a few tails-style projects competing with each other (there are; see sibling threads), and the internet would be more federated (for instance, if github is completely compromised right now, many people reading this will git pull malware in the next day or so).
"Many eyes" is a failed philosophy. Even if many people could, theoretically, look at the code few actually do as evidenced by the Heartbleed defect in OpenSSL. One of the most critical pieces of software, used by literally billions of consumers and basically every trillion dollar company, and they missed glaring coding errors that any basic static analyzer would automatically tag. Nobody was looking at even some of the most critical code. The first failure is that you need people actually looking, which basically requires being paid to do full-time work (as most work on Linux is these days).
In addition, even if people are looking, finding defects is really hard. A random onlooker has basically a 0% chance to find most of the critical zero-days afflicting Linux. It takes weeks to months of dedicated effort by technical experts with domain knowledge to find most such bugs. "Many eyes" is worthless to security, what you need is many trained technical experts with domain knowledge using high quality techniques and processes derived from successful high security projects.
This is not to say that "security through obscurity" is a good thing or that "open source" has no impact. Open source and development does have a large impact, it is just mostly on your ability to trust the auditing/security process as a random third-party, not the security itself. The security itself demands focused technical ability. However, the ability to trust the security claims derives from a technical evaluation by a technically competent, trusted party. The easiest way to do that if you are technically competent is to do it yourself. However, few people have that sort of time, so you farm out the work. If you are a big company or the government, you can usually get access to the source code under appropriate contractual protection, then you have your own technical staff (technically competent, trusted party) do the evaluation. If you are a smaller company, you might not have any technical staff appropriate for the task so you farm it out to a testing body (technically competent) who can probably be trusted since you are paying them.
However, if you are just some random person, you do not have the money to pay for a evaluation and you have no way of knowing if "Totally Not the NSA Certification Company" can be trusted. So, your best bet is inherent transparency and hoping that the unaffiliated lookers are, on average, not your enemy and technically competent. This is a okay option if you do not have access to better choices, and certainly better than nothing, but is a far cry from the other options where you have real control, incentive alignment, and insight into auditing processes. Only a organization incompetent at security would not use one of the better options for critical dependencys. Unfortunately, basically every large commercial IT organization, such as Google, Microsoft, Apple, Amazon, Crowdstrike, etc. is incompetent at security and none of them actually evaluate their dependencies or do any meaningful third-party certifications.
Funnily enough, this means my advice is practically useless, because the security of everybody is completely untrustworthy. Your only hope is "many eyes" because that is the only way to get any trustable audit at all. In the physical industries you have standards and certification bodies worth more than the paper they are written on, but in software everything in security is total snake oil and you should only believe what you can see for yourself. Hope that helps.
I think this is somewhat sarcastic but the article goes as far as saying "[Tor Browser Bundle] is the only reason that FireFox is a valuable target." Firefox has improved sandboxing now though I don't think it's as good as Chromium.
How can I be sure this project isn't sponsored by XYZ government secret agency and that more than 1GB of data does not contain any surveillance software?
you can't. but here are some reasons XYZ should not target Tails specifically :
- People who use Tails are not interesting data collection targets
- They have already access to people using Tails by other means
- It's just Linux. So their 0days could work with little effort in case they need it.
- The main purpose of Tor being an opensource project is plausible deniability for CIA agents using it. The main purpose of Tails (which is really a UX focused project) is more plausible deniability. They wouldn't ruin it by making a different "clean" version for their agents.
- Use Links+ with Tor/i2pd and enforcing all the connections to the proxy in the settings.
Avoid the web for news sites and use Gemini with offpunk and gemini://gemi.dev for news sources
Bookmark the news sites and sync. Then, reading the news offline it's easy. Offpunk has a command for that, 'offline', and then run 'list', it will show up your cached bookmarks.
- Use nncpgo and sneakernet (or any inet protocol on top) to share data between the machines you own.
- News are better being fetched and read online with sfeed and lynx. Ditto with email with mbsync/msmtp + Mutt. Also, Gopher and Gemini, to read all the nice sites offline. Fetch your news/posts offline and forget.
- Use keyboard locked (u)xterms with TMUX. Nsxiv and mpv for images/videos. Better if you run them under the framebuffer.
- Convert all the PDF's you have to DJVU with the highest settings, then use gzip or xz on it, with DJView as the viewer. The less code you run, the better.
I know it sounds weird, but unless you reviewed the source code AND built the binary from it, no open source software is to be trusted.
The versions ready for download may be based on code slightly different than the one in the repo -either deliberetely, or because the NSA managed to redirect the download link to its' servers.
There is always a probability that an anonymity product will be proved to be a honeypot. Even open source projects may either do as mentioned (provide a "hacked" version for downloading), or even include some code that downloads and runs a seemingly harmless module from an external source, that is not so harmless in reality.
If the CIA gives enough money to the core developers or even just the website owner, what do they have to lose? Their reputation? Not everyone cares about that.
I know these scenarios sound far-fetched and paranoid, but nothing should sound impossible after Snowden's revelations. Even for open source software.
> I know it sounds weird, but unless you reviewed the source code AND built the binary from it, no open source software is to be trusted.
That's probably true, but if you want to be really paranoid you'd also want to be sure to compile it with a machine, operating system, and compiler that they are unlikely to have tampered with. Maybe something really old or esoteric or both?
Tails is one of those tools I always keep on me physically. Added it to my key ring 6 years ago , and I get use out of it at least twice a month. Also started using it as a recovery ISO. But my main use case is when I have to use a computer but don’t have mine around . Just pop the USB in and voila all the access I need and my data stored in the persistent partition.
I also spent most of my internship long ago researching secure operating systems for the analysts of the company I worked for and Tails was the best fit with Qubes being second due to how power hungry it is. Another was subgraph but at the time it wasn’t properly developed. Overall if you need a OS that guarantees that all your traffic is anonymised via Tor and that it is ephemeral Tails is superb.
It seems like a growing number of things once referred to as Linux distributions are now referring to themselves as operating systems. If the kernel is Linux, and the user-space is GNU, what makes this a distinct operating system from, say, SUSE, or Arch?
The userspace is so diluted now that it’s basically flat out wrong to say it’s just ‘GNU’, I mean Systemd is probably an even bigger a part than GNU is now, and we’ve long had things like OpenSSH from BSD as pretty core parts of the system, and we’re not going to start calling a distribution ‘Kubuntu Linux/Systemd/GNU/BSD/KDE’ or whatever…
Basically about all something needs to be to be called an OS is a kernel and at least one userspace program that does something useful, so I’d definitely say every ‘Linux distribution’ has always counted as an operating system in itself (so ‘Linux distribution’ is just a specific subset of ‘operating systems’).
I like to thing of GNU/Linux as Linux with glibc. There’s software that only runs with glibc (eg: steam), and software that runs with various libc (eg: Firefox).
I’m not sure that it’s a widely accepted definition, but it’s often useful to describe what a software depends on. Does it require _just_ Linux, or does it also require glibc?
A distribution focuses on the distribution part (eg: a package manager, repositories, etc).
Some distributions are operating systems (eg: OpenBSD, ArchLinux, Debian). Some operating systems are not distributions (they don’t include a mechanism to pull packages. Eg: windows, macOS). Some distributions are not operating systems (eg: homebrew, Flatpak).
Tails focuses on the operating system side of things. It’s focus isn’t on package distribution and letting you install things, but on downloading a usable OS image. It’s still a distribution, but that’s more of a technicality.
I'd say the reason for that is marketing, or branding, or positioning the product, which are, as you wrote, essentially Linux distributions.
I find that even combinations that are supposed to be very similar (Linux kernel, same DE, same repos) can behave differently, and I guess this is because of how the distro maintainers set up the different parts and integrations in the system. So in this way, my MX Linux box is different from my Debian+KDE box.
I'd guess it is a matter of priorities (do you want the safest, best-tested environment, or something less tested?).
However, assuming the source is easily bootstrappable, someone should try producing an unofficial port to Arm and Risc V. I'm sure it would reveal some security holes, even if it isn't appropriate (yet) for tails' target audience.
I'm so tired of seeing this argument. Most "big" open-source projects are well funded. Usually the reason they don't support <<obvious thing>> is poor leadership, not funding.
Over the past two years Tails has received 500k USD in bitcoin alone:
where is darknet opsec and the current state of things discussed?
I used to use Dread and various DNM forums to find people to talk with and read their threads. It was usually far more complex and nuanced than what I would find on clearnet
but its been like 2-3 years since any Tor services even worked reliably with this ongoing DDOS attack.
I’d like to highlight the update process . I had a 2-3 year old installation and updated using the in-app updater. Update was a breeze and persistent storage was saved.
I recently had to dust off tails to do some dark web research on a data breach.
It’s a great “prophylactic” to protect your assets from possible malware while doing research.
How does Tails(or Qubes, or etc) provide security in a real use case full time OS system?
Say I log into Facebook, obviously I expect my identity to be exposed to Facebook, but do any of those OS have the ability to keep me private after I logged into some website ?
- QubesOS provides security by isolating components. So if your browser VM is compromised, your password manager VM is not. That does not make you anonymous at all.
- I don't know Tails, but I think that it is just not persistent. Which means that when you reboot, you know that there are no traces of your previous session (as opposed to a "normal" system that would keep cookies, for instance). Which may help you not being tracked. That does not necessarily make you anonymous: you may leak your IP. I would guess that another thing is that if you get some malware in your Tails session and reboot, then the malware is supposedly gone (could it infect the hardware, e.g. a USB webcam? Not sure).
There is no "one" security, it depends a lot on what you need (i.e. your thread model), and many tools provide many different features.
I've heard bad things about Tails over the last few years.
What with the UK planning to pass that online safety bill, I decided to try out Whonix (which involved learning curves when it came to Linux), which I think is a better way of keeping safe online.
As one of the comments mentioned below, easy for someone to get your IP with an attack on the Tor browser. (Which was actually utilized by law enforcement to catch somebody iirc.)
Anecdotal evidence, but I've heard numerous complaints from other users about telemetry settings being enabled in the browser and locked.
You can increase the number of hops to make it very difficult. Guard nodes are pinned, so they might know who uses and who doesnt use Tor (doesnt matter if you arent using a bridge).
You can also set up your own exit/guard node and configure Tor accordingly. While not a recommended setup, it works pretty reliably.
If I were wanting do do secure tor browsing, I would use a liveUSB of ubuntu, running virtualbox, running vmware, running tor. On the host ubuntu, I would run a 2nd instance of virtualbox, running vmware, running Chrome.
Networking will be set up so the Chrome inner VM can ssh to the tor VM. The tor VM can access only some whitelisted tor nodes.
Now an adversary that uses a Chrome exploit needs to break out of Windows and 2 layers of VM's before they get to my host. Breaking out of a VM is fairly doable, but breaking out of two will require lots of zero-days chained together (expensive).
It's a bit more secure if you use a proper write once DVD as well to read the live cd. It's a bit slower to boot but the best way to prevent persistence is always to make it virtually physically impossible by not having any physical storage mediums connected
Honestly, if this is a serious concern and you're already willing to go to all the other trouble, you may as well do your most sensitive Internet browsing from your car, connecting only to public WiFi in parking lots, in cities you don't actually live in, and never stay connected for more than a few hours at at time. Or take a hint from history's most secure criminals and don't do any of this yourself at all. Use paid underlings who fear you more than they fear prison and are willing to do time rather than rat you out.
Does it not become cumbersome to use the web for normal usage without persistent cookies, history, bookmarks, ...? If you save those to persistent storage (if that's even possible, I imagine Tails has safeguards against shooting yourself in the foot), you lose one of the main reasons why people use Tails.
just be careful that is does not crash when using internet enabled mode. very common problem with tails given how much memory websites use . tails only has limited ram from the portable drive.
Legit question. IIUC: On the publishing side, it allows people to say things with less fear of bad guys knowing who said them. On the audience side, it allows people to consume media with less fear of bad guys knowing they read it. Unfortunately, I don't believe it can ameliorate what most people think of as the censorship part, which is a guy with a black magic marker crossing out parts of things.
> it allows people to say things with less fear of bad guys knowing who said them
I see what you are saying, but AFAIK, the technology is neutral as far as good or bad goes. One could say it lets a person say and do things with less fear of consequences in general.
Is there anything Tails does to actively bypass censorship, or is it simply a result of the increased anonymity?
To me, it seems like it can only have limited utility in this regard. For example, Tails (and Tor) isn't going to help you avoid private sector censorship on services like X or Facebook or YouTube, right? It won't help you get a book published or reach an audience with a video.
I'm not really sure what you understand the word "bypass" to mean here?
Tor/Tails can certainly help someone who is experiencing censorship to publish a book or distribute a video in a different region where that censorship does not exist. That bypasses the censorship. For example someone experiencing censorship could contact a publisher or distributor in a different location and transmit the book or video to them.
If censorship exists on Twitter, publishing items to Twitter isn't bypassing Twitter's censorship. You may be bypassing automated censorship or some mechanism but Twitter would still be censored.
The same goes for books. There's no tool that is going to keep a book on the shelves of a library that wants to burn the book. Bypassing the library's censorship means getting the book to readers despite the library's censorship.
If you get canceled and ISPs refuse to give you service Tor is not able to somehow bypass that censorship. If the server your hidden service is hosted on is taken away in a raid. Tor doesn't help you there.
Providing limited protection from being deanonymized doesn't mean that you can no longer be censored.
Obviously! Assassination or imprisonment could also be considered censorship and tor or tails won't help. There are always edge cases. They are pretty explicit about their threat model and go into great lengths explaining it.
I love the idea of Tails. It is unfortunate that it only runs on Intel macOS.
I consider my personal setup to be pretty good, but not Tails grade privacy: 1. Avoid installing apps, use Safari with all possible privacy settings. 2. Run Lockdown mode iOS, iPadOS, and macOS. 3. Use duck duck go and ProtonMail. 4. Prefer to run in Safari private browsing tabs. 5. Become non-private when logging into Amazon to make a purchase, etc.
I would love it if people more knowledgeable than I could critique my setup, make suggestions. Thanks in advance.
I would like to mention Cory Doctorow’s excellent new book The Internet Con [1]. It carries on in the fine tradition of the books Surveillance Capitalism and Privacy is Power for the narrative that regular law abiding people also benefit from doubling down on privacy.
Being blunt: your setup doesnt protect you from Apple. Websites will and does recognize you on every visit, both those done in private tabs and the usual ones. DDG and ProtonMail i cant comment on, but they are one of the better choices for the less tech-savvy/i-want-to-spend-my-free-time-having-fun. You have a pretty nice setup in terms of security, however.
If you want better protection for websites identifying you, you should consider researching on browser fingerprinting (which is extremely hard, if not impossible to do on Safari). If you want better protection overall, ditch Apple.
Sure, but that's not what parent said. He said it only runs on "intel macOS", which is false. It works on non-Apple computers as well.
But I understand the miscommunication, parent meant to say "of the Apple computers, it only runs on Intel ones". There is a world outside of Apple, you know :-)
It's an emphasis thing. You can't tell in text where the emphasis is. In this case it was super clear that it was "intel macOS", but yea, it should have been "intel macs".
Tails works fine on IBM-PC compatible laptops and desktops with Intel compatible chips, which is nearly all laptops. I presume you meant that Tails doesn't run on ARM Macs?
If you only have an ARM Mac, it's easy to get an old IBM-compatible laptop and run Tails. What matters is a decent speed of USB stick, and today they're generally decent. I find it helpful for testing some things, I can reboot and get to a known state.
It's been around for a while, but interesting to see this and a Fireship video on it the same day. I was wondering if they did some new release or something but doesn't seem like it
I switched off of Qubes last year to my own Alpine chroot with a hand crafted kernel and initrd that lives only in memory. I find turning off the computer when I'm finished and having it forget everything to be a very peaceful way to compute. I owe the internet a write up.
I feel like ramfs for root filesystems is an underused pattern more broadly. "Want to upgrade? Just reboot. Fallback? Pick a different root squashfs in the grub menu"