anonimized run

The Amnesic Incognito Live System or Tails is a Debian based Linux distribution aimed at preserving privacy and anonymity.[1] Actually, it is the next iteration of development on the previous Gentoo based Incognito Linux distribution.[2] All its outgoing connections are forced to go through Tor,[3] and direct (non-anonymous) connections are blocked. The system is designed […]

The Amnesic Incognito Live System or Tails is a Debian based Linux distribution aimed at preserving privacy and anonymity.[1] Actually, it is the next iteration of development on the previous Gentoo based Incognito Linux distribution.[2] All its outgoing connections are forced to go through Tor,[3] and direct (non-anonymous) connections are blocked. The system is designed to be booted as a live CD or USB, and leaves no trace on the machine unless explicitly told to do so. The Tor Project has provided most of the financial support for development.[4]

Tails is a live system that aims at preserving your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leave no trace using unless you ask it explicitly.

It is a complete operating-system designed to be used from a DVD or a USB stick independently of the computer’s original operating system. It is Free Software and based on Debian GNU/Linux.

Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc.

Read about how you can help improving Tails documentation.

General information

Get Tails

First steps with Tails

Connect to the Internet anonymously

Encryption & privacy

Work on sensitive documents

Advanced topics

quantOS, based on Linux Mint 11, is a hardened Linux distro for secure daily use. quantOS leverages AppArmor application security profiles, Arkose Desktop Application Sandboxing and Vidalia for creating secure Tor connections for enhanced privacy.

The DemocraKey was invented by Kirk, in response to government snooping and censorship in China and the United States. Six months later, he started to promote the DemocraKey and get help with his project.
Read more here.

kaos.theory’s Anonym.OS LiveCD is a bootable live cd based on OpenBSD that provides a hardened operating environment whereby all ingress traffic is denied and all egress traffic is automatically and transparently encrypted and/or anonymized.

Liberté Linux is a secure, lightweight, and easy to use Gentoo-based Linux distribution intended as a communication aid in hostile environments. Liberté installs on a USB key, and boots on any computer or laptop.

Gentoo Linux, a special flavor of Linux that can be automatically optimized and customized for just about any application or need. Extreme performance, configurability and a top-notch user and developer community are all hallmarks of the Gentoo experience. To learn more, read our about page.

Liberté Linux Web Site›

Hardened Gentoo is pretty unique: hardened toolchain and hardened kernel that are supported by upstream. I don’t know anyone else doing that to this extent. But there are some things I don’t understand.

1) Update/release security. Everything is PGP signed but portage update singing is fully optional/disabled by default. The Liberte build script uses hardcoded fingerprints which doesn’t strike me as a very trustworthy approach if those aren’t validated before running. They have one key that is integrated into a web of trust (Gentoo Linux Release Signing Key) but the two other keys used (Automated Weekly Release Key) aren’t signed by the “strong” key and one is singed by just a single random anonymous keys. In that case on could as well use PKI. None of the install media contains any keys at all which would be a great distribution method because you only need to verify one thing and can buy a CD over a trusted channel.

In any case the signature of the portage archive isn’t all that meaningful. The signature only tells us that the archive wasn’t modified AFTER being compiled by the release team, it doesn’t nothing to validate a chain of trust or accountability from individual maintainers to the enduser. That’s what ebuild sigs would be for but Gentoo doesn’t seem able to enforce that security policy among its contributors.

2) Security updates and advisories: GLSAs are batch processed every now and then. A bunch on March 6 even though some of them have been fixed two months ago. The advisories could also be err more on the safe side. e.g. CVE-2011-4109 is reported to “potentially allow execution of arbitrary code”, no word about that in the GLSA (BTW, that bug was fixed in the slow stable Debian a week before Gentoo and their DSA was two months ago.)

I’m getting incredibly frustrated with Linux (and BSD). No distro seems to fully “get” security. Either they are good with patching. announcing and auto-updating (Debian and RHEL) or they do a lot of hardening but fail to deliver a trusted security update mechanism at all (OpenBSD) or fail at the timeliness of announces and fixes (Hardened Gentoo). PaX doesn’t prevent exploitation of all bug classes. Often the error is in the logic of the code and not just a missing sanity check etc. We’d really need both for even the most rudimentary two layered defense.

Building a live cd on top of Genoo only prolongs the already long window where known and elsewhere patched vulnerabilities remain “potentially exploitable”. I think the work you have done with Liberte is great and I can trust you because I can checkout the code, read it and compile it. But I can’t read all the code coming from Gentoo and I can’t stay on top of all vulnerabilities that hopefully get reported to bugzilla and by RHEL, Debian, Ubuntu… Then mask all the keywords to use fixed but unstable packages and then finally expect to get a stable and usable system. Even if I trust that Tor is dependable and secure (for my threat model) and that all upstream and Gentoo devs are trustworthy I still can’t trust Liberte as a whole if it contains known vulnerabilities that aren’t just exploitable by the likes of VUPEN because commits and even backports are already out there for weeks and sometimes even POCs and in the worst case it could already be in metasploit.

Iran blocked Tor handshakes using Deep Packet Inspection (DPI) in January 2011 and September 2011. Bluecoat tested out a Tor handshake filter in Syria in June 2011. China has been harvesting and blocking IP addresses for both public Tor relays and private Tor bridges for years.

Roger Dingledine and Jacob Appelbaum will talk about how exactly these governments are doing the blocking, both in terms of what signatures they filter in Tor (and how we’ve gotten around the blocking in each case), and what technologies they use to deploy the filters — including the use of Western technology to operate the surveillance and censorship infrastructure in Tunisia (Smartfilter), Syria (Bluecoat), and other countries. We’ll cover what we’ve learned about the mindset of the censor operators (who in many cases don’t want to block Tor because they use it!), and how we can measure and track the wide-scale censorship in these countries. Last, we’ll explain Tor’s development plans to get ahead of the address harvesting and handshake DPI arms races.

Speaker: Jacob Appelbaum, Roger Dingledine
EventID: 4800
Event: 28th Chaos Communication Congress (28C3) by the Chaos Computer Club [CCC]
Location: Berlin Congress Center [bcc]; Alexanderstr. 11; 10178 Berlin; Germany
Language: english
Start: 28.12.2011 18:30:00 +01:00
License: CC-by-nc-sa