% Tails: a technical overview % BitingBird, kurono, intrigeri % DebConf 15

About Tails

Who are we

• Tails contributors

What is Tails

The Amnesic Incognito Live System

https://tails.boum.org/

A Live operating system

• works on (almost) any computer
• boots off a DVD or a USB stick

Privacy and anonymity #1

• use the Internet anonymously and circumvent censorship:
  all connections to the Internet are forced to go through the Tor network
• leave no trace on the computer you are using unless you ask it explicitly

Privacy and anonymity #2

• cryptographic tools: encrypt your files, emails and instant messaging
• media production tools: sound, video, office publishing, graphics...

And... it works?

• According to the NSA, yes :
  "(S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor
  (S//REL) Adds Severe CNE misery to equation"
  (Thanks to a famous Tails user for providing these documents.)
• Bruce Schneier, December 2013 :
  "What do I trust? I trust, I trust Tails, I trust GPG [...]"
  "I don't use Linux. (Shhh. Don't tell anyone.)
  Although I have started using Tails""

Main project goals

Usability: a security feature

• Often usability matters more than "pure" security.
• Make a "baseline" security level (privacy, anonymity) very accessible.

A small delta, to avoid drowning

• Fact: specialized distributions often die quickly.
• At least in this area: ✝ Liberté Linux, Haven, Anonym.OS, ParanoidLinux, onionOS, Phantomix and many others. RIP.

Why did they die so quickly?

• small teams, not organized to grow
• underestimation of the maintenance and user support work
• no long-term commitment
• NIH

E.g. what we're doing upstream

• AppArmor
• Debian: pkg-apparmor-team, pkg-anonymity-tools,
  pkg-otr-team
• libvirt
• Seahorse
• Tor
• Puppet shared modules

Results

• little Tails-specific code
• glue work
• "social" work:
  talk to upstreams
  spread the word about our needs
  find skilled people to do the work at the best place
• slow rhythm (waiting the next Debian release, and sometimes the one after), despite backports
• Tails is still alive!

Implementation

PELD

• https://tails.boum.org/contribute/design
• Tails currently based on Debian Wheezy.
• ...migrating to Jessie.
• Core software:
  Tor
  Tor Browser
  GNOME

Use the Internet anonymously

• We don't know what software will attempt to contact the network
• ...so we block all outbound Internet traffic except Tor
• (and I2P when enabled)
• Unsafe Browser for captive portals

Tails Installer

• Initially based on Fedora's liveusb-creator
• https://tails.boum.org/contribute/design/installation/
• recently converted to Python + GTK3 + udisks2
• will be uploaded to Debian very soon :)

Leave no trace on the computer

• Protect against memory recovery such as cold boot attacks
• RAM is overwritten when Tails is being shutdown https://tails.boum.org/contribute/design/memory_erasure/
• Actual memory erasure: secure-delete (sdmem)

Tails persistence

• Somewhat tricky topic for a live distro
• User keys, some APT packages...
• LUKS-encrypted GPT partition (TailsData)
• dm-crypt, ext4
• backend implemented upstream in live-boot
• GUI written in Perl + GTK3

Incremental upgrades

• https://tails.boum.org/contribute/design/upgrades/
• Only possible when installed on USB stick
• Incremental Upgrade Kit (IUK)
• SquashFs stacking.

Application isolation

• AppArmor to isolate applications
• Currently only file access isolation
  (missing non-mainlined kernel patches)
• The best supported in Debian
• Hacks to support the Live system
• Currently (somewhat) confined: Tor Browser, Tor, Pidgin, Evince, Totem, Vidalia, etc.

Build and Test

• Git repo
  → https://tails.boum.org/contribute/git/#main-repo
• Building Tails using Vagrant
• Automated builds (done!) and tests (WIP) in Jenkins
• Test suite: Sikuli, libvirt, cucumber
  → live demo next Friday

Challenges

Cadence & popularity

• new release every 6 weeks
• about 14k boots a day (x 2.8 since 2 years)

Limited resources and time

• small team compared to scope and pressure
• 3,500 commits, by 15+ persons, in the last 6 months

Roadmap

Early 2016

• Tails 2.0: Upgrade to Debian Jessie

Hardening

• Persistent Tor state
• Protect against exploitation via external buses
• Stronger HTTPS on our website
• Persistent seed for random number generator
• Robust time syncing

International audience

• Persistent Tor configuration (e.g. bridges)
• Web platform for translating our website

Ease adoption

• Revamp Tails Greeter
• Multi-platform Tails Installer
• Improve Tails Installer
• Explain better what Tails is and what makes it so awesome
• Revamp the website

Better user support

• Request tracker for bug reports
• Improve WhisperBack

Polished and reliable platform

• Tor and network progress bar
• Improve additional packages persistence feature
• Localized displayed clock
• Backup system for persistence
• Screen locker
• Full self-upgrades

Sustainability

• Replace Vidalia with Tor Monitor
• Easier ISO build system
• Reproducible build of the ISO image
• Automated Debian package build infrastructure
• (Even more) automated tests

Fundraising

• Have more reliable and steady sources of income
• Depend less on grants from governments

Tails needs help

You can help

• User or trainer: early testing, feedback
• User interface / web / UX person
• Software developer / maintainer
• System administrator
• Debian
• Technical writer
• Translator
• Donor
• Starting point: https://tails.boum.org/contribute/

Contact

Talk to us

• We are here.
• Development mailing-list: tails-dev@boum.org
• Mailing-lists for translators, UX, early testers, user support, non-technical project discussions, etc.
• Core team's encrypted mailing-list: tails@boum.org
• IRC: see https://tails.boum.org/contribute/
• Web: https://tails.boum.org/