[HN Gopher] Tails is a portable OS that protects against surveil...
___________________________________________________________________
Tails is a portable OS that protects against surveillance and
censorship
Author : gslin
Score : 340 points
Date : 2023-09-14 14:33 UTC (8 hours ago)
(HTM) web link (tails.net)
(TXT) w3m dump (tails.net)
| WhereIsTheTruth wrote:
| Tor servers were breached by the CIA/NSA, I would be careful
| KingLancelot wrote:
| [dead]
| trts wrote:
| what's the alternative to Tor?
| paravirtualized wrote:
| There are no real "alternatives"; but see I2P, Lokinet and
| Freenet for some other options.
| xyst wrote:
| Physical world. Lol
| 0cVlTeIATBs wrote:
| More specifically, couriers to hand deliver your messages,
| like Al Qaeda had.
| paravirtualized wrote:
| Do you suggest that we trust our ISP instead, and pretend that
| they aren't compromised by default?
| xyst wrote:
| By breaches you mean these agencies own a ton of exit nodes?
| KingLancelot wrote:
| [dead]
| Jigsy wrote:
| I've heard bad things about Tails over the last few years.
|
| What with the UK planning to pass that online safety bill, I
| decided to try out Whonix (which involved learning curves when it
| came to Linux), which I think is a better way of keeping safe
| online.
| NetOpWibby wrote:
| > I've heard bad things about Tails over the last few years.
|
| Like what?
| Jigsy wrote:
| As one of the comments mentioned below, easy for someone to
| get your IP with an attack on the Tor browser. (Which was
| actually utilized by law enforcement to catch somebody iirc.)
|
| Anecdotal evidence, but I've heard numerous complaints from
| other users about telemetry settings being enabled in the
| browser and locked.
|
| But worst of all, it uses GNOME.
| [deleted]
| crtasm wrote:
| You may be thinking of the case where a video file was
| specially crafted to cause the media player on Tails to
| make a direct connection?
|
| https://www.schneier.com/blog/archives/2020/06/facebook_hel
| p...
| Jigsy wrote:
| I believe that is what I was thinking of.
| criddell wrote:
| How does Tails help you avoid censorship?
| diydsp wrote:
| Legit question. IIUC: On the publishing side, it allows people
| to say things with less fear of bad guys knowing who said them.
| On the audience side, it allows people to consume media with
| less fear of bad guys knowing they read it. Unfortunately, I
| don't believe it can ameliorate what most people think of as
| the censorship part, which is a guy with a black magic marker
| crossing out parts of things.
| criddell wrote:
| > it allows people to say things with less fear of bad guys
| knowing who said them
|
| I see what you are saying, but AFAIK, the technology is
| neutral as far as good or bad goes. One could say it lets a
| person say and do things with less fear of consequences in
| general.
| fluidcruft wrote:
| It's a Tor client. Bypassing censorship is one of Tor's design
| goals.
| charcircuit wrote:
| If you get canceled and ISPs refuse to give you service Tor
| is not able to somehow bypass that censorship. If the server
| your hidden service is hosted on is taken away in a raid. Tor
| doesn't help you there.
|
| Providing limited protection from being deanonymized doesn't
| mean that you can no longer be censored.
| lapinot wrote:
| Obviously! Assassination or imprisonment could also be
| considered censorship and tor or tails won't help. There
| are always edge cases. They are pretty explicit about their
| threat model and go into great lengths explaining it.
|
| https://tails.net/doc/about/warnings/index.en.html
| criddell wrote:
| Is there anything Tails does to actively bypass censorship,
| or is it simply a result of the increased anonymity?
|
| To me, it seems like it can only have limited utility in this
| regard. For example, Tails (and Tor) isn't going to help you
| avoid private sector censorship on services like X or
| Facebook or YouTube, right? It won't help you get a book
| published or reach an audience with a video.
| fluidcruft wrote:
| I'm not really sure what you understand the word "bypass"
| to mean here?
|
| Tor/Tails can certainly help someone who is experiencing
| censorship to publish a book or distribute a video in a
| _different_ region where that censorship does not exist.
| That bypasses the censorship. For example someone
| experiencing censorship could contact a publisher or
| distributor in a different location and transmit the book
| or video to them.
|
| If censorship exists on Twitter, publishing items to
| Twitter isn't bypassing Twitter's censorship. You may be
| bypassing automated censorship or some mechanism but
| Twitter would still be censored.
|
| The same goes for books. There's no tool that is going to
| keep a book on the shelves of a library that wants to burn
| the book. Bypassing the library's censorship means getting
| the book to readers despite the library's censorship.
| ShroudedNight wrote:
| It seems like a growing number of things once referred to as
| Linux distributions are now referring to themselves as operating
| systems. If the kernel is Linux, and the user-space is GNU, what
| makes this a distinct operating system from, say, SUSE, or Arch?
| npteljes wrote:
| I'd say the reason for that is marketing, or branding, or
| positioning the product, which are, as you wrote, essentially
| Linux distributions.
|
| I find that even combinations that are supposed to be very
| similar (Linux kernel, same DE, same repos) can behave
| differently, and I guess this is because of how the distro
| maintainers set up the different parts and integrations in the
| system. So in this way, my MX Linux box is different from my
| Debian+KDE box.
| WhyNotHugo wrote:
| A distribution focuses on the distribution part (eg: a package
| manager, repositories, etc).
|
| Some distributions are operating systems (eg: OpenBSD,
| ArchLinux, Debian). Some operating systems are not
| distributions (they don't include a mechanism to pull packages.
| Eg: windows, macOS). Some distributions are not operating
| systems (eg: homebrew, Flatpak).
|
| Tails focuses on the operating system side of things. It's
| focus isn't on package distribution and letting you install
| things, but on downloading a usable OS image. It's still a
| distribution, but that's more of a technicality.
| stephen_g wrote:
| The userspace is so diluted now that it's basically flat out
| wrong to say it's just 'GNU', I mean Systemd is probably an
| even bigger a part than GNU is now, and we've long had things
| like OpenSSH from BSD as pretty core parts of the system, and
| we're not going to start calling a distribution 'Kubuntu
| Linux/Systemd/GNU/BSD/KDE' or whatever...
|
| Basically about all something needs to be to be called an OS is
| a kernel and at least one userspace program that does something
| useful, so I'd definitely say every 'Linux distribution' has
| always counted as an operating system in itself (so 'Linux
| distribution' is just a specific subset of 'operating
| systems').
| WhyNotHugo wrote:
| I like to thing of GNU/Linux as Linux with glibc. There's
| software that only runs with glibc (eg: steam), and software
| that runs with various libc (eg: Firefox).
|
| I'm not sure that it's a widely accepted definition, but it's
| often useful to describe what a software depends on. Does it
| require _just_ Linux, or does it also require glibc?
| IE6 wrote:
| You could make the argument that this is more of a GNU + Linux
| than an operating system unto itself.
| yieldcrv wrote:
| where is darknet opsec and the current state of things discussed?
|
| I used to use Dread and various DNM forums to find people to talk
| with and read their threads. It was usually far more complex and
| nuanced than what I would find on clearnet
|
| but its been like 2-3 years since any Tor services even worked
| reliably with this ongoing DDOS attack.
|
| dark.fail has been down too
|
| I hear people moved to i2p but WHERE?
| l0new0lf-G wrote:
| I know it sounds weird, but unless you reviewed the source code
| AND built the binary from it, no open source software is to be
| trusted.
|
| The versions ready for download may be based on code slightly
| different than the one in the repo -either deliberetely, or
| because the NSA managed to redirect the download link to its'
| servers.
|
| There is always a probability that an anonymity product will be
| proved to be a honeypot. Even open source projects may either do
| as mentioned (provide a "hacked" version for downloading), or
| even include some code that downloads and runs a seemingly
| harmless module from an external source, that is not so harmless
| in reality.
|
| If the CIA gives enough money to the core developers or even just
| the website owner, what do they have to lose? Their reputation?
| Not everyone cares about that.
|
| I know these scenarios sound far-fetched and paranoid, but
| nothing should sound impossible after Snowden's revelations. Even
| for open source software.
| MetaWhirledPeas wrote:
| > I know it sounds weird, but unless you reviewed the source
| code AND built the binary from it, no open source software is
| to be trusted.
|
| That's probably true, but if you want to be really paranoid
| you'd also want to be sure to compile it with a machine,
| operating system, and compiler that they are unlikely to have
| tampered with. Maybe something really old or esoteric or both?
| brightlancer wrote:
| > I know it sounds weird, but unless you reviewed the source
| code AND built the binary from it, no open source software is
| to be trusted.
|
| Why specify "open source software"? Is it not true of ALL
| software?
|
| "Unless you reviewed the source code AND built the binary from
| it, no software is to be trusted."
|
| That seems to be more accurate. Am I missing something?
| mark_l_watson wrote:
| I love the idea of Tails. It is unfortunate that it only runs on
| Intel macOS.
|
| I consider my personal setup to be pretty good, but not Tails
| grade privacy: 1. Avoid installing apps, use Safari with all
| possible privacy settings. 2. Run Lockdown mode iOS, iPadOS, and
| macOS. 3. Use duck duck go and ProtonMail. 4. Prefer to run in
| Safari private browsing tabs. 5. Become non-private when logging
| into Amazon to make a purchase, etc.
|
| I would love it if people more knowledgeable than I could
| critique my setup, make suggestions. Thanks in advance.
|
| I would like to mention Cory Doctorow's excellent new book The
| Internet Con [1]. It carries on in the fine tradition of the
| books Surveillance Capitalism and Privacy is Power for the
| narrative that regular law abiding people also benefit from
| doubling down on privacy.
|
| [1] https://craphound.com/internetcon/
| throwitaway156 wrote:
| Being blunt: your setup doesnt protect you from Apple. Websites
| will and does recognize you on every visit, both those done in
| private tabs and the usual ones. DDG and ProtonMail i cant
| comment on, but they are one of the better choices for the less
| tech-savvy/i-want-to-spend-my-free-time-having-fun. You have a
| pretty nice setup in terms of security, however.
|
| If you want better protection for websites identifying you, you
| should consider researching on browser fingerprinting (which is
| extremely hard, if not impossible to do on Safari). If you want
| better protection overall, ditch Apple.
| mark_l_watson wrote:
| Thanks, useful comment.
| dwheeler wrote:
| Tails works fine on IBM-PC compatible laptops and desktops with
| Intel compatible chips, which is nearly all laptops. I presume
| you meant that Tails doesn't run on ARM Macs?
|
| If you only have an ARM Mac, it's easy to get an old IBM-
| compatible laptop and run Tails. What matters is a decent speed
| of USB stick, and today they're generally decent. I find it
| helpful for testing some things, I can reboot and get to a
| known state.
| mrb wrote:
| _" It is unfortunate that it only runs on Intel macOS."_
|
| Tails runs on most computers. It doesn't have to be a "macOS"
| (you mean Apple?). macOS is an OS, tails _replaces_ the OS.
| mark_l_watson wrote:
| I misspoke. I know that it works on any Intel computer that
| you can plug a USB flash drive into.
| boxed wrote:
| It doesn't run on ARM macs. Which is all new macs.
| mrb wrote:
| Sure, but that's not what parent said. He said it only runs
| on "intel macOS", which is false. It works on non-Apple
| computers as well.
|
| But I understand the miscommunication, parent meant to say
| "of the Apple computers, it only runs on Intel ones". There
| is a world outside of Apple, you know :-)
| boxed wrote:
| It's an emphasis thing. You can't tell in text where the
| emphasis is. In this case it was super clear that it was
| " _intel_ macOS ", but yea, it should have been "intel
| macs".
| paulpauper wrote:
| just be careful that is does not crash when using internet
| enabled mode. very common problem with tails given how much
| memory websites use . tails only has limited ram from the
| portable drive.
| tonymet wrote:
| I'd like to highlight the update process . I had a 2-3 year old
| installation and updated using the in-app updater. Update was a
| breeze and persistent storage was saved.
|
| I recently had to dust off tails to do some dark web research on
| a data breach.
|
| It's a great "prophylactic" to protect your assets from possible
| malware while doing research.
| b8 wrote:
| The Airforce Research Laboratory created a Tails like OS called
| TENS [0].
|
| 0. https://en.wikipedia.org/wiki/Lightweight_Portable_Security
| great_psy wrote:
| How does Tails(or Qubes, or etc) provide security in a real use
| case full time OS system?
|
| Say I log into Facebook, obviously I expect my identity to be
| exposed to Facebook, but do any of those OS have the ability to
| keep me private after I logged into some website ?
| anthk wrote:
| The best code is the one not being run.
|
| - Set unbound with DNS over HTTP.
|
| - Use Links+ with Tor/i2pd and enforcing all the connections to
| the proxy in the settings. Avoid the web for news sites and use
| Gemini with offpunk and gemini://gemi.dev for news sources
| Bookmark the news sites and sync. Then, reading the news offline
| it's easy. Offpunk has a command for that, 'offline', and then
| run 'list', it will show up your cached bookmarks.
|
| - Use nncpgo and sneakernet (or any inet protocol on top) to
| share data between the machines you own.
|
| - News are better being fetched and read online with sfeed and
| lynx. Ditto with email with mbsync/msmtp + Mutt. Also, Gopher and
| Gemini, to read all the nice sites offline. Fetch your news/posts
| offline and forget.
|
| - Use keyboard locked (u)xterms with TMUX. Nsxiv and mpv for
| images/videos. Better if you run them under the framebuffer.
|
| - Convert all the PDF's you have to DJVU with the highest
| settings, then use gzip or xz on it, with DJView as the viewer.
| The less code you run, the better.
|
| - Avoid Brave, Chromium, or worse, Edge.
| shmde wrote:
| Tails OS is my daily driver for absolutely normal day usage and
| do legal stuff. (No tomfoolery involved)
| justin_oaks wrote:
| I'm interested in why you chose this.
|
| What are the main benefits you get from using Tails OS?
|
| What downsides do you tolerate because of the benefits?
| yjftsjthsd-h wrote:
| It would have to be pretty good at avoiding the usual privacy
| problems on the modern internet, right?
| mr_mitm wrote:
| Does it not become cumbersome to use the web for normal usage
| without persistent cookies, history, bookmarks, ...? If you
| save those to persistent storage (if that's even possible, I
| imagine Tails has safeguards against shooting yourself in the
| foot), you lose one of the main reasons why people use Tails.
| londons_explore wrote:
| There have been quite a few exploits in tails.
|
| I suspect you're better off with a more obscure project, because
| then your adversary is less likely to have a 'ready to go'
| exploit.
| fullstick wrote:
| Wouldn't that be security through obscurity? Which is bad
| security and a good way to be exploited. I thought that having
| more eyes on a system made it more secure because people find
| the exploits.
| matrix12 wrote:
| Security through minority actually.
| aqfamnzc wrote:
| As always, depends on the threat model.
| Airsinner wrote:
| Also if you're rolling your own, you're way more likely to
| not keep updates perfectly and patch everything that comes
| up.
| yjftsjthsd-h wrote:
| Depends _how_ you roll your own; something lightly modified
| from a "normal" distro can just take upstream package
| updates and so put you in a good spot.
| Veserv wrote:
| "Many eyes" is a failed philosophy. Even if many people
| could, theoretically, look at the code few actually do as
| evidenced by the Heartbleed defect in OpenSSL. One of the
| most critical pieces of software, used by literally billions
| of consumers and basically every trillion dollar company, and
| they missed glaring coding errors that any basic static
| analyzer would automatically tag. Nobody was looking at even
| some of the most critical code. The first failure is that you
| need people actually looking, which basically requires being
| paid to do full-time work (as most work on Linux is these
| days).
|
| In addition, even if people are looking, finding defects is
| really hard. A random onlooker has basically a 0% chance to
| find most of the critical zero-days afflicting Linux. It
| takes weeks to months of dedicated effort by technical
| experts with domain knowledge to find most such bugs. "Many
| eyes" is worthless to security, what you need is many trained
| technical experts with domain knowledge using high quality
| techniques and processes derived from successful high
| security projects.
|
| This is not to say that "security through obscurity" is a
| good thing or that "open source" has no impact. Open source
| and development does have a large impact, it is just mostly
| on your ability to trust the auditing/security process as a
| random third-party, not the security itself. The security
| itself demands focused technical ability. However, the
| ability to trust the security claims derives from a technical
| evaluation by a technically competent, trusted party. The
| easiest way to do that if you are technically competent is to
| do it yourself. However, few people have that sort of time,
| so you farm out the work. If you are a big company or the
| government, you can usually get access to the source code
| under appropriate contractual protection, then you have your
| own technical staff (technically competent, trusted party) do
| the evaluation. If you are a smaller company, you might not
| have any technical staff appropriate for the task so you farm
| it out to a testing body (technically competent) who can
| probably be trusted since you are paying them.
|
| However, if you are just some random person, you do not have
| the money to pay for a evaluation and you have no way of
| knowing if "Totally Not the NSA Certification Company" can be
| trusted. So, your best bet is inherent transparency and
| hoping that the unaffiliated lookers are, on average, not
| your enemy and technically competent. This is a okay option
| if you do not have access to better choices, and certainly
| better than nothing, but is a far cry from the other options
| where you have real control, incentive alignment, and insight
| into auditing processes. Only a organization incompetent at
| security would not use one of the better options for critical
| dependencys. Unfortunately, basically every large commercial
| IT organization, such as Google, Microsoft, Apple, Amazon,
| Crowdstrike, etc. is incompetent at security and none of them
| actually evaluate their dependencies or do any meaningful
| third-party certifications.
|
| Funnily enough, this means my advice is practically useless,
| because the security of everybody is completely
| untrustworthy. Your only hope is "many eyes" because that is
| the only way to get any trustable audit at all. In the
| physical industries you have standards and certification
| bodies worth more than the paper they are written on, but in
| software everything in security is total snake oil and you
| should only believe what you can see for yourself. Hope that
| helps.
| [deleted]
| hedora wrote:
| It depends. Monocultures are also bad for computer security,
| since the failure mode is catastrophic.
|
| Ideally, there would be a few tails-style projects competing
| with each other (there are; see sibling threads), and the
| internet would be more federated (for instance, if github is
| completely compromised right now, many people reading this
| will git pull malware in the next day or so).
| dmwilcox wrote:
| Love Tails, but I haven't used it in ten years. I have had Tails
| and Qubes disposable VMs on my mind though.
|
| I switched off of Qubes last year to my own Alpine chroot with a
| hand crafted kernel and initrd that lives only in memory. I find
| turning off the computer when I'm finished and having it forget
| everything to be a very peaceful way to compute. I owe the
| internet a write up.
|
| I feel like ramfs for root filesystems is an underused pattern
| more broadly. "Want to upgrade? Just reboot. Fallback? Pick a
| different root squashfs in the grub menu"
| justin_oaks wrote:
| > I owe the internet a write up.
|
| I would definitely be interested in reading more about this.
|
| I love the idea of being able to prevent an application from
| writing all over my disk to random places. If I can't prevent
| it, I can at least remedy it by having all those changes go
| away with a reboot.
|
| One of the things I love about Docker containers is that they
| can be ephemeral or persistent, short or long term, have full
| network access or no access, allowed to write to the host
| system or stuck writing to its own file system only.
|
| I'm in control instead of the application.
| mixmastamyk wrote:
| Typically they can only write to home and temp. That can be
| improved via sandboxing, and there's Little/Open Snitch as
| well.
| tlavoie wrote:
| Ages ago, I tried out Puppy Linux, that ran from a burned CD.
| If I made updates, it wrote another filesystem extent to the
| disc, and I think the loading process just used those to
| over-write files as needed until the boot completed.
|
| I was thinking of it for a home firewall at the time, but in
| any case, it made for a very ephemeral system.
| hedora wrote:
| I treat my web browser like this, and similarly have a docker
| container for all my development stuff. I like the idea of
| making the computer (almost) completely stateless.
|
| How do you deal with stuff you want to store in /home? (Like
| source code checkouts, ssh keys, etc.)
| samuell wrote:
| How do Tails and Qubes relate, any reuse of functionality?
|
| (Tried Qubes as written up in [1] but eventually gave up as it
| won't allow me to create virtualbox images, and some other
| caveats, as well as being pretty resource hungry)
|
| [1] https://bionics.it/posts/installing-qubes-os
| paravirtualized wrote:
| > it won't allow me to create virtualbox images
|
| What's the use case[1] for VirtualBox images in an operating
| system designed around virtualization with Xen? You can
| simply create a Xen VM.
|
| [1]: Note that I'm asking a question here, not invalidating
| your experience.
| samuell wrote:
| I've been needing to create virtualbox images for use in
| some courses (teaching data science and the like) at my
| previous work. This usecase has popped up often enough that
| I feel O need to be able to do this on my main laptop.
| analognoise wrote:
| In NixOs it's called Impermanence:
|
| https://nixos.wiki/wiki/Impermanence
|
| Also NixOs has absurd levels of control for upgrades,
| rollbacks, and control over the build and resulting files.
| smoldesu wrote:
| Be warned; your hard drive may file for a divorce after a few
| years of daily-driving NixOS. It is both a blessing and a
| curse: $ smol@computer ~> du -hcs /nix/store/
| 257G /nix/store/
| alex-robbins wrote:
| I'm so sick of this claim. Nix _allows_ you to keep old
| versions of things installed, but you certainly don 't have
| to.
|
| When I switched from Debian to NixOS a few years ago, I
| installed it on a separate subvolume, and it ended up
| taking almost exactly as much space as Debian did (about 12
| GiB with gnome and everything else). And really, what would
| you expect? It's nearly all the same code, just organized
| differently in the filesystem.
|
| P.S., you can check the store usage of the current system
| profile with `nix path-info -Sh /run/current-system`.
| miniBill wrote:
| You... do regular GC, right?
|
| I have 45G, and this computer is more than two years old
| smoldesu wrote:
| I have multiple flakes and a lotta CUDA drivers. In
| fairness though, this is after a few months of no manual
| GC. I think nix-collect-garbage could bring it down to
| ~120-150gb.
|
| It's totally worth the stability, but maybe not the best
| choice for the storage-constrained.
|
| EDIT: According to nix-tree my current generation is only
| 45gb right now.
| 1vuio0pswjnm7 wrote:
| "I switched off of Qubes last year to my own Alpine chroot with
| a hand crafted kernel and initrd that lives only in memory."
|
| "I feel ramfs for root filesystem is an underused pattern more
| broadly."
|
| The kernel has to come from somewhere so it must exist on some
| storage media before it's loaded into memory. Maybe a USB stick
| or some other computer on the local network. Or have I
| misunderstood.
|
| This is the approach I have used for the past 15 years. But not
| on Linux. BSD has been distributing it for decades, i.e., pre-
| compiled kernels with embedded filesystem that mounts on mfs or
| tmpfs. The intent is that people will use these kernels to
| install the system to a "disk" but I have always used them to
| compile custom kernels and embedded filesystems in RAM which I
| then use for general purpose computing. All directories can be
| mounted on tmpfs during custom kernel compilation. The USB
| stick can be removed after boot.
|
| All work is done in RAM. No HDD/SSD is needed. I use this
| approach because it's small, fast and clean. Tails, Whonix and
| Qubes probably exist for other reasons, well-known to the
| reader. Doubtful those projects claim to exist as "protection
| against clutter, bloat and sluggishness."
| omani wrote:
| Same here. Dont understand why not more ppl switched to alpine
| on the desktop. It is my daily driver. Plus LXD for stuff I
| must do (typically spawn ubuntu, etc.)
|
| my whole PDE (Personal Developer Environment) is within a
| container. Need python? Shell into (via dmenu) python
| container. All with complete neovim setup. Need a GUI? No
| problem. Spawn a container. My lxd profile is set up for this.
| Use chezmoi for heavy automated stuff.
|
| My base alpine system always stays clean.
| morjom wrote:
| >why not more ppl switched to alpine
|
| I think one reason might be musl and its compatibility.
| wkat4242 wrote:
| What's so bad about musl? Everything works fine for me on
| Alpine.
|
| My desktop is FreeBSD but I have a few alpine servers for
| docker and other Linux specific stuff.
|
| And FreeBSD is even less Gnu-Linux compatible than Alpine
| yet everything works fine. Thanks to an army of port
| maintainers of course.
| Scarbutt wrote:
| How do you run a GUI with a container? Xorg server running in
| the container?
| kspacewalk2 wrote:
| Here's how I do it using Docker Compose:
|
| https://gist.github.com/kspacewalk/52ea8f0c383f57a34042db2a
| 0...
|
| Access via http://localhost:8080/vnc.html
| codethief wrote:
| Do you have a separate neovim instance (config and all) in
| every container? Or a single neovim instance on the host
| which can access all container volumes? What about shell
| instances?
| macinjosh wrote:
| I containerized my neovim setup and I share my projects/
| directory with it. Containers get a shared volume like
| projects/project/.
|
| From my neomvim container I can use the local terminal or I
| can ssh to the host to run my other containers.
| bsdnoob wrote:
| By any chance can you share how you do this practically?
| yard2010 wrote:
| +1 and from which IDE/text processor did you migrate from
| to neovim?
| coppsilgold wrote:
| I also use alpine as the main/root environment. But I
| rarely use any applications from alpine. For that I have
| Arch, Fedora and Debian rootfs dirs into which I pivot_root
| with the help of bubblewrap (bwrap) in shell scripts. There
| is no overhead and the GPU can be easily attached. You can
| also dynamically attach ro/rw CWD and target paths (`for
| arg in "$@"`).
|
| Everything that I care about just works and I get a
| separation of concerns. Use of network namespaces allows
| further flexibility. For example, I have a netns that is
| forced through a Tor gateway such that any traffic
| originating in it can only go through Tor.
|
| This type of setup is not hardened against kernel
| vulnerabilities, the kernel treats applications running in
| namespaces as if they are isolated from other namespaces
| but those applications can still interact with broad
| surfaces of the kernel and therefore potentially exploit
| it.
|
| For kernel safety applications must be denied direct access
| to the host kernel, this is usually achieved with virtual
| machines.
| pulse7 wrote:
| How can I be sure this project isn't sponsored by XYZ government
| secret agency and that more than 1GB of data does not contain any
| surveillance software?
| slim wrote:
| you can't. but here are some reasons XYZ should not target
| Tails specifically : - People who use Tails are not interesting
| data collection targets - They have already access to people
| using Tails by other means - It's just Linux. So their 0days
| could work with little effort in case they need it. - The main
| purpose of Tor being an opensource project is plausible
| deniability for CIA agents using it. The main purpose of Tails
| (which is really a UX focused project) is more plausible
| deniability. They wouldn't ruin it by making a different
| "clean" version for their agents.
| laurent123456 wrote:
| They appear to support reproducible builds, which would make it
| a lot harder to sneak in surveillance software -
| https://tails.net/contribute/design/reproducibility/
| sleepybrett wrote:
| The fact that it still does not support an incredibly popular
| portable computer like the raspberry pi (or anything that ins't
| intel) saddens me.
| ipnon wrote:
| I agree, and you have to make the PRs you want to see. I don't
| think this project of free software has a big (or perhaps any)
| budget!
| tredre3 wrote:
| I'm so tired of seeing this argument. Most "big" open-source
| projects are well funded. Usually the reason they don't
| support <<obvious thing>> is poor leadership, not funding.
|
| Over the past two years Tails has received 500k USD in
| bitcoin alone:
|
| https://www.blockchain.com/explorer/addresses/btc/bc1qjg53lw.
| ..
|
| You can also surmise that they receive ~200k/yr from official
| sponsors:
|
| https://tails.net/sponsors/index.en.html
|
| Then you have all the paypal, bank, cash donations.
|
| Is it enough to add support for a second arch that is fully
| supported upstream (they ship a customized Debian)? You
| decide.
| sillysaurusx wrote:
| That's a lot of donations.
| hedora wrote:
| I'd guess it is a matter of priorities (do you want the safest,
| best-tested environment, or something less tested?).
|
| However, assuming the source is easily bootstrappable, someone
| should try producing an unofficial port to Arm and Risc V. I'm
| sure it would reveal some security holes, even if it isn't
| appropriate (yet) for tails' target audience.
| jacknews wrote:
| I might be wrong but I think this was a project originated by one
| of the branches of the US armed forces or security services?
|
| In which case, it should be pretty secure.
|
| Although, there's the obvious 'honeypot' concern.
|
| But maybe I'm thinking of another distro, that ran from RAM and
| didn't write anything to disk.
| kylebenzle wrote:
| Tails was "FUNDED" by the TOR project, which was started by the
| US Navy. So, not really...
| ranger_danger wrote:
| The Internet also originated from the US military, among many
| other things. So tired of this FUD.
| chickenpotpie wrote:
| That's a false equivalency. The military invented a network
| that inspired the Internet. We're not all using ARPANET to
| send emails.
| selectodude wrote:
| The DoD created TCP/IP.
| wrs wrote:
| Not sure what you're saying there...the Internet grew out
| of ARPANet, it's not a separate thing. Is the oak tree
| "inspired" by the acorn?
| chickenpotpie wrote:
| I think that's an incorrect oversimplification. The
| Internet didn't grow from ARPANET like a seed grows into
| a tree. ARPANET didn't become bigger and bigger until it
| became the Internet. The Internet was the merger of many
| networks and many of them never communicated with any
| computer in ARPANET and we're developed with absolutely
| zero funding from the United States government.
| wrs wrote:
| I guess it's a matter of interpretation. Of course every
| computer connected to the internet is not government-
| funded. But in this context we're talking about the
| origin of the technology and protocols that allowed the
| network to exist at all. By the time the internet got
| bigger than ARPANet, CSNET, and NSFNET (all government
| funded), the protocols were pretty much settled, and
| that's what everyone else's network used to become part
| of the internet. If the government hadn't gotten it to
| that point, there would be no internet.
| daqhris wrote:
| I can't validate if you are wrong or not. Just bring to your
| attention that one of their marketing slogan is "Amnesia" and
| "Persistent Storage on a USB stick".
| https://tails.net/about/index.en.html
|
| The 'honeypot' concern is somehow valid because full-on privacy
| on the internet is as hard to achieve as privacy in a public
| park. Only its user can determine if their online activities
| goes against the (legal/moral/financial) interests of the most
| technically-advanced nation on our planet.
| paravirtualized wrote:
| The Tails team made the fantastic decision of _modifying_ the
| Tor Browser, giving Tails users a unique fingerprint as
| opposed to regular Tor Browser users.
| Synaesthesia wrote:
| I know the TOR project was started by the US navy, and that now
| I2Pnis the preferred method of browsing the darknet, because
| many people believe it has been compromised.
| paravirtualized wrote:
| > and that now I2Pnis the preferred method of browsing the
| darknet
|
| This is not true by any means. A "switch" to I2P never
| happened, and just a few months ago an exploit[1] that could
| deanonymize eepsites was published. Tor is still the only
| "method of browsing the darknet"; by most definitions.
|
| [1]: https://xeiaso.net/blog/CVE-2023-36325
| brightlancer wrote:
| The TOR software is likely no more compromised than GNU/Linux
| generally -- the TOR _network_ is likely compromised by
| flooding it with honeypot servers that can track users by
| monitoring origins and destinations.
| beardog wrote:
| In the same manner that parts of the NSA are interested in
| secure cryptography as opposed to breaking it, parts of the
| Navy were interested in anonymizing traffic as opposed to de-
| anonymizing.
| cf100clunk wrote:
| Distrowatch is a good place to get a brief overview of pretty
| well every Linux distribution ever made, with links and a bit
| of background info on each:
|
| https://distrowatch.com/
| [deleted]
| jordanpg wrote:
| Would be curious to hear criticisms of Tails, if anyone has
| opinions about it.
|
| To be clear, I'm a fan of the product -- just wondering what the
| other side of the story is.
| gpcz wrote:
| There may be a security advantage to using a separate non-
| bypassable network appliance that puts your traffic on Tor,
| since then it would be much harder to break into a Tails
| machine and make it leak your location. However, given that
| it's meant to be easy to use, I think they probably picked the
| right balance by having the Tor redirecting occur in the same
| address space as the computing environment.
| oneepic wrote:
| I'm wary about even Googling it because I swear I heard you are
| tracked in the US for even Googling it, or downloading it, or
| even reading on Wikipedia. It sounds laughable when I type it
| to be honest, but hey. I feel I have better hills to die on.
| paravirtualized wrote:
| Tails didn't patch a non-root exploit that could leak the users
| real IP by bypassing the firewall _without them knowing it_ for
| _3 years_. I do _not_ understand why Tails is recommended over
| Whonix (specifically Qubes-Whonix, thus with a trusted TCB).
|
| > The Unsafe Browser allows to retrieve the public IP address
| by a compromised amnesia user with no user interaction
|
| https://gitlab.tails.boum.org/tails/tails/-/issues/15635
| cf100clunk wrote:
| The ''Heads'' distro was meant to address some of the
| criticisms of Tails. Sadly its development seemed to end in
| 2018:
|
| https://heads.dyne.org/about.html
|
| https://distrowatch.com/table.php?distribution=heads
| letmevoteplease wrote:
| All known law enforcement attacks against Tor have involved
| some kind of exploit (e.g., in Tor Browser) that creates a non-
| Tor connection to collect the user's IP. Tails does not protect
| against this. Whonix provides much stronger protection against
| practical, real-world attacks, since the entire operating
| system is forced through a Tor connection.
| yieldcrv wrote:
| Tails has the entire OS as Tor connections only, an escape
| from the Tor browser would still be stuck in a Tor only OS.
|
| What information do you have to the contrary?
| [deleted]
| letmevoteplease wrote:
| Tails includes an "Unsafe Browser" which connects in the
| clear. So on top of a Firefox exploit, you would need
| another exploit to launch that browser or an exploit to
| escalate to root and tamper with the firewall rules. At
| least one Tails user has been successfully targeted like
| this ("an exploit taking advantage of a flaw in Tails'
| video player to reveal the real IP address of the person
| viewing the video").[1] With Whonix, even an attacker with
| root would not be able to make a non-Tor connection because
| the firewall runs on a separate virtual machine.
|
| [1] https://www.vice.com/en/article/v7gd9b/facebook-helped-
| fbi-h...
| yieldcrv wrote:
| wow! that story is wild I totally missed that during the
| pandemic. now I'm no longer annoyed at always having to
| update tails the few times I boot it up.
|
| but yeah probably going to prioritize Qubes and whonix
| again.
| vorticalbox wrote:
| I mean yes and no.
|
| Assuming there was an exploit that broke out of the Firefox
| sand box you are correct that any connection is via tor.
|
| Though tails isn't 100% sure, you could chain a Firefox cve
| + user land to root and then turn off the to routing rules.
| yieldcrv wrote:
| administrator/root is turned off by default, and even if
| the user turned it on during boot, they would still have
| to be tricked into approving or putting in their password
| again, am I missing something about the veracity of
| possible exploits?
| vorticalbox wrote:
| There are some exploits that allow for gaining root
| access.
|
| One that comes to mind is dirty sock[0]. It uses a
| vulnerability in the snap api to create a root user.
|
| https://github.com/initstring/dirty_sock/blob/master/dirt
| y_s...
| paravirtualized wrote:
| I left a comment in this thread of a non-root deanonymizing,
| Tails specific exploit that bizarrely went unpatched for
| _multiple years_.
| stephen_g wrote:
| It's probably important to note that as I understand it,
| these attacks have generally been Firefox zero-day exploits
| that have made its way in because the Tor Browser is based on
| Firefox ESR with patches.
| arboles wrote:
| Darknet sites should be on something with a much smaller
| attack surface like the pages from the Gopher or Gemini
| protocols.
| woodruffw wrote:
| Could any HN users speak about their experience and rationale for
| using Tails?
|
| My outsiders' perspective is that the threat model for these
| kinds of surveillance resistant tools is somewhat perverse: they
| trade indistinguishability (being lost in the crowd) for a
| nominally more anonymous but _extremely_ unusual datapoint (a
| host /browser/etc. that basically looks like no other normal
| machine.)
|
| Put another way: without a clear attacker in mind, my outsiders'
| perspective is that Tails feels a bit like wearing a paper bag in
| public to foil public CCTV: it might _work_ , but is far likely
| to provoke contact with the relevant authorities than just
| attempting to blend in.
| EVa5I7bHFq9mnYK wrote:
| You put the stick in, access forbidden web site (for example,
| Instagram). Take the stick out, police searches your computer,
| there are no traces. If you were using a regular OS, even
| through Tor, there are some incriminating traces left, in
| browser cache, in MFT, in pagefile etc. that can be recovered.
| sneak wrote:
| https://www.theregister.com/2014/07/03/nsa_xkeyscore_stasi_s...
|
| https://daserste.ndr.de/panorama/xkeyscorerules100.txt
| BJxdr wrote:
| I wish Tails ditched Gnome..
| ra0x3 wrote:
| Does anyone if/when Tails will support Apple Silicon?
| SushiHippie wrote:
| https://gitlab.tails.boum.org/tails/tails/-/issues/10972
|
| This is the discussion regarding support for ARM, it's
| currently not supported.
| paravirtualized wrote:
| Tails has a very specific use case, very few people need anti-
| forensics.
|
| I suggest looking into Whonix[1] if you want something that you
| can truly use for privacy. It is also _much_ more secure than
| Tails by design, and does not have any limitations like locking
| down the root user account.
|
| Summary from GitHub:
|
| "Whonix is an operating system focused on anonymity, privacy and
| security. It's based on the Tor anonymity network, Debian
| GNU/Linux and security by isolation. DNS leaks are impossible,
| and not even malware with root privileges can find out the user's
| real IP."
|
| [1]: https://www.whonix.org/wiki/FAQ
| trw55 wrote:
| What isn't secure about Tails? Its been recommended by so many
| InfoSec podcasts that I've been poking around in it on a USB
| stick
| thenose wrote:
| Hi. We're building The Nose (https://thenose.cc), a safe haven
| for training data that can't be taken down with DMCA. Since this
| involves copyright infringement, strong anonymity is a
| requirement.
|
| I wrote up our security procedures here:
| https://news.ycombinator.com/item?id=37346620
|
| The reason Tails isn't an option is because, as others have
| mentioned, there have been Tor browser exploits which reveal the
| IP address of the Tails user. While this is unlikely for our
| case, it's important to approach security from first principles
| with threat modeling. An attack from the FBI may seem unlikely
| today, but both Silk Road and one of its successors were taken
| down by mistakes they made when setting up their site. Learning
| from history, if you're not careful early, you're in for a
| surprise later.
|
| Case in point: When I started Whonix Workstation to post this
| comment, the Whonix Gateway VM failed to boot. So when I tried to
| start Tor Browser and go to https://news.ycombinator.com, all I
| saw was a connection error. This kind of layered defense is
| essential if you're serious about staying out of jail.
|
| Realistically, you'll likely dox yourself through some other
| means: sending Bitcoin to your pseudonym from your real identity,
| admitting to someone you know that you control your pseudonym
| (this work gets lonely, so this is a real temptation), or even
| accidentally signing off an email with "Thanks, [your real
| name]". And once you make a single mistake, you can never
| recover.
| thenose wrote:
| Other thoughts:
|
| Day to day browsing is a pain. I use a VNC client to remote
| into our server, which is running a desktop environment with a
| regular browser. That way you can use apps (gmail, discord,
| etc) from outside the Tor network. But since you're tunneling
| through Tor, this is painfully slow. You'll likely want to type
| out long messages in Whonix, then copy-paste into your remote
| session. Each keystroke can sometimes take a full second to
| appear when animations are heavy.
|
| Transferring large amounts of data is also painful. If you try
| to start Litecoin Core on Whonix, you'll need to sync more than
| 30 GB, which can take a very long time.
|
| Patience is your weapon. You have all the time in the world not
| to make a mistake, and moments to make a fatal one. Think
| carefully about everything you do.
|
| Stylometry scares me. AI can help here: run an assistant
| locally, and ask it to reword everything you write. You won't
| be able to use ChatGPT for this, obviously because OpenAI
| retains a history of everything you submit, but also because
| they require a real phone number to sign up. And you can't get
| a real number through any means I've found so far.
|
| Payment is also a pain. I'm hoping to ask the community to
| donate Vanilla gift cards so that I can sign up for Tarsnap or
| spin up a droplet.
|
| By applying the discipline normally found in aeronautics, I
| think it's possible to do this safely. But you'll still be
| risking jail time, and the intersection of people who want to
| do something for altruistic reasons and willing to risk prison
| is pretty small. I'll be documenting everything I do so that
| you can learn from my example, or perhaps from my mistakes.
| WD40forRust wrote:
| You sir are very based.
|
| I too am a fellow qube herder. After having discovered Qubes
| OS, I've never wanted to go back!
| [deleted]
| artninja1988 wrote:
| Really appreciate what you're doing. Don't let those danish
| bottom feeders get you!
| danielvaughn wrote:
| Is it new or something? This is the second time I've heard about
| it in 24 hours, and had never heard of it before.
| arbeiterz wrote:
| No, not new. If I recall correctly, Snowden approved of it back
| in roughly 2017(?)
| crtasm wrote:
| Initial release 2009
|
| https://en.wikipedia.org/wiki/Tails_(operating_system)
| cuuupid wrote:
| Was pretty popular circa 2012 for dissidents in some countries
| e_i_pi_2 wrote:
| It's been around for a while, but interesting to see this and a
| Fireship video on it the same day. I was wondering if they did
| some new release or something but doesn't seem like it
| chimbosonic wrote:
| Tails is one of those tools I always keep on me physically. Added
| it to my key ring 6 years ago , and I get use out of it at least
| twice a month. Also started using it as a recovery ISO. But my
| main use case is when I have to use a computer but don't have
| mine around . Just pop the USB in and voila all the access I need
| and my data stored in the persistent partition.
| chimbosonic wrote:
| I also spent most of my internship long ago researching secure
| operating systems for the analysts of the company I worked for
| and Tails was the best fit with Qubes being second due to how
| power hungry it is. Another was subgraph but at the time it
| wasn't properly developed. Overall if you need a OS that
| guarantees that all your traffic is anonymised via Tor and that
| it is ephemeral Tails is superb.
| [deleted]
| mr_mitm wrote:
| Your use-case sounds like you could be using any other live
| distribution. Why did you choose Tails over Knoppix, Mint,
| Ubuntu, Fedora, ... ?
| Run_DOS_Run wrote:
| Tails is great. I am using it for several years now.
|
| Other related projects are whonix ( https://www.whonix.org ),
| which consists of two virtual machines:
|
| A workstation to work on and a gateway, which torifies all
| traffic from the workstation VM.
|
| Whonix is also integrated in Qubes OS ( https://www.qubes-os.org
| ), which allows you to easily work with multiple seperate whonix
| VMs. There is also the possibility to tunnel all internet traffic
| of your machine through Tor including system upgrades of the host
| OS itself.
| paravirtualized wrote:
| > Whonix is also integrated in Qubes OS ( https://www.qubes-
| os.org )
|
| Qubes-Whonix with fully ephemeral disposable VMs is the future.
| It would be a total killer for nearly every use case of Tails
| besides ease of use.
|
| Note that this is in the works, but not fully implemented by
| default yet. https://github.com/anywaydense/QubesEphemerize
|
| > The steps below outline how to make all PVH DispVM's
| permanently fully ephemeral. All data written to the disk will
| be encrypted with an ephemeral encryption key only stored in
| RAM. The encryption and encryption key generation is handled by
| dom0 and is thus inaccessible to the VM.
| Syonyk wrote:
| Whonix/Qubes integration is excellent, and it's certainly a
| nice perk of Qubes.
|
| To clarify the benefits of the "two VM" approach:
|
| Most of the unmasking exploits against Tor users (as
| distinguished from unmasking Tor hidden services) involve
| getting a browser to ignore the proxy settings, somehow. I
| believe WebRTC, Flash, and various other things have been used
| to cause the browser to beacon out to some endpoint - you
| exploit the kitty picture site, and put in code to exploit the
| browser, which then makes a direct request to
| http://someip/unique_identifier - and, boom, you've got the
| user's IP, probable cause, the works.
|
| This happens because a "typical" Tor install is the daemon
| running locally, but nothing prevents other binaries from
| making a direct connection out. You set the browser to use
| socks5://localhost:9050 or something as the proxy, but if you
| can either get some part of it to misbehave, or just spawn off
| a different process, it doesn't obey the proxy settings and
| goes straight out.
|
| Whonix solves this problem by splitting the system into the
| workstation VM (what you interact with) and the gateway VM
| (that connects to Tor and "torifies" traffic). The _only_
| network port on the workstation VM is connected to the input
| port on the gateway VM - and _everything_ coming in that port
| is routed through Tor, via the other (internet connected) port.
|
| So, if you manage to exploit the workstation VM, the attacker
| still doesn't gain an IP - because they launch a shell that
| runs 'wget http://someip/unique_id', but that goes out through
| the gateway VM, and gets encapsulated into Tor before going
| out, so it still pops out some Tor exit node, not your home IP
| address.
|
| It raises the bar rather substantially for using Tor, and
| avoids a lot of the various ways to get Tor to leak. Also, they
| ship a copy of the Tor Browser in Whonix, which disables a lot
| of high risk functionality and allows you to very easily
| disable automatic media parsing and Javascript and such.
|
| Qubes is awesome, and the integrated Whonix stuff is just a
| beautiful integration.
| pcurve wrote:
| Fireship did a 2:40 minute video on this a few hours ago.
|
| https://www.youtube.com/watch?v=mVKAyw0xqxw
|
| Short and informative :-)
| MR4D wrote:
| Just watched it. Thanks for the recommendation. 100K views in 3
| hours - not too shabby!
| pcurve wrote:
| np! I love his humor. My favorite is "10 programmer
| stereotypes"
|
| https://www.youtube.com/watch?v=_k-F-MMvQV4
| londons_explore wrote:
| If I were wanting do do secure tor browsing, I would use a
| liveUSB of ubuntu, running virtualbox, running vmware, running
| tor. On the host ubuntu, I would run a 2nd instance of
| virtualbox, running vmware, running Chrome.
|
| Networking will be set up so the Chrome inner VM can ssh to the
| tor VM. The tor VM can access only some whitelisted tor nodes.
|
| Now an adversary that uses a Chrome exploit needs to break out of
| Windows and 2 layers of VM's before they get to my host. Breaking
| out of a VM is fairly doable, but breaking out of two will
| require lots of zero-days chained together (expensive).
|
| Same if they find an exploit in tor.
| Syonyk wrote:
| You've just independently developed something almost identical
| to the Whonix system. :) May as well use the pre-built VMs that
| do it for you.
| londons_explore wrote:
| Pre built VM's mean an adversary probably has pre-built
| exploits...
| crimmin wrote:
| It's a bit more secure if you use a proper write once DVD as
| well to read the live cd. It's a bit slower to boot but the
| best way to prevent persistence is always to make it virtually
| physically impossible by not having any physical storage
| mediums connected
| londons_explore wrote:
| I think the main concern of most tor-users is that their real
| IP address (and hence location) is leaked.
|
| For that, just a run-of-the-mill firefox exploit is all that
| is needed, and suddenly exploit code can do a wifi scan and
| get a very precise location.
| nonameiguess wrote:
| Honestly, if this is a serious concern and you're already
| willing to go to all the other trouble, you may as well do
| your most sensitive Internet browsing from your car,
| connecting only to public WiFi in parking lots, in cities
| you don't actually live in, and never stay connected for
| more than a few hours at at time. Or take a hint from
| history's most secure criminals and don't do any of this
| yourself at all. Use paid underlings who fear you more than
| they fear prison and are willing to do time rather than rat
| you out.
| techlatest_net wrote:
| For those interested, we provide out of box setup of Tails on
| Google cloud for a quick setup. [1]
|
| https://console.cloud.google.com/marketplace/product/techlat...
| osigurdson wrote:
| Sounds like its users have something to hide (sarcasm).
| toasted-subs wrote:
| I like wearing my chainmail. Even if that means having to deal
| with some judgement.
___________________________________________________________________
(page generated 2023-09-14 23:01 UTC)