% Tails: a technical overview % BitingBird, kurono, intrigeri % DebConf 15

About Tails

Who are we

  • Tails contributors

What is Tails

The Amnesic Incognito Live System

https://tails.boum.org/

A Live operating system

  • works on (almost) any computer
  • boots off a DVD or a USB stick

Privacy and anonymity #1

  • use the Internet anonymously and circumvent censorship:
    all connections to the Internet are forced to go through the Tor network
  • leave no trace on the computer you are using unless you ask it explicitly

Privacy and anonymity #2

  • cryptographic tools: encrypt your files, emails and instant messaging
  • media production tools: sound, video, office publishing, graphics...

And... it works?

  • According to the NSA, yes :
    "(S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor
    (S//REL) Adds Severe CNE misery to equation"
    (Thanks to a famous Tails user for providing these documents.)
  • Bruce Schneier, December 2013 :
    "What do I trust? I trust, I trust Tails, I trust GPG [...]"
    "I don't use Linux. (Shhh. Don't tell anyone.)
    Although I have started using Tails""

Main project goals

Usability: a security feature

  • Often usability matters more than "pure" security.
  • Make a "baseline" security level (privacy, anonymity) very accessible.

A small delta, to avoid drowning

  • Fact: specialized distributions often die quickly.
  • At least in this area: ✝ Liberté Linux, Haven, Anonym.OS, ParanoidLinux, onionOS, Phantomix and many others. RIP.

Why did they die so quickly?

  • small teams, not organized to grow
  • underestimation of the maintenance and user support work
  • no long-term commitment
  • NIH

E.g. what we're doing upstream

  • AppArmor
  • Debian: pkg-apparmor-team, pkg-anonymity-tools,
    pkg-otr-team
  • libvirt
  • Seahorse
  • Tor
  • Puppet shared modules

Results

  • little Tails-specific code
  • glue work
  • "social" work:
    talk to upstreams
    spread the word about our needs
    find skilled people to do the work at the best place
  • slow rhythm (waiting the next Debian release, and sometimes the one after), despite backports
  • Tails is still alive!

Implementation

PELD

Use the Internet anonymously

  • We don't know what software will attempt to contact the network
  • ...so we block all outbound Internet traffic except Tor
  • (and I2P when enabled)
  • Unsafe Browser for captive portals

Tails Installer

Leave no trace on the computer

Tails persistence

  • Somewhat tricky topic for a live distro
  • User keys, some APT packages...
  • LUKS-encrypted GPT partition (TailsData)
  • dm-crypt, ext4
  • backend implemented upstream in live-boot
  • GUI written in Perl + GTK3

Incremental upgrades

Application isolation

  • AppArmor to isolate applications
  • Currently only file access isolation
    (missing non-mainlined kernel patches)
  • The best supported in Debian
  • Hacks to support the Live system
  • Currently (somewhat) confined: Tor Browser, Tor, Pidgin, Evince, Totem, Vidalia, etc.

Build and Test

Challenges

Cadence & popularity

  • new release every 6 weeks
  • about 14k boots a day (x 2.8 since 2 years)

Limited resources and time

  • small team compared to scope and pressure
  • 3,500 commits, by 15+ persons, in the last 6 months

Roadmap

Early 2016

  • Tails 2.0: Upgrade to Debian Jessie

Hardening

  • Persistent Tor state
  • Protect against exploitation via external buses
  • Stronger HTTPS on our website
  • Persistent seed for random number generator
  • Robust time syncing

International audience

  • Persistent Tor configuration (e.g. bridges)
  • Web platform for translating our website

Ease adoption

  • Revamp Tails Greeter
  • Multi-platform Tails Installer
  • Improve Tails Installer
  • Explain better what Tails is and what makes it so awesome
  • Revamp the website

Better user support

  • Request tracker for bug reports
  • Improve WhisperBack

Polished and reliable platform

  • Tor and network progress bar
  • Improve additional packages persistence feature
  • Localized displayed clock
  • Backup system for persistence
  • Screen locker
  • Full self-upgrades

Sustainability

  • Replace Vidalia with Tor Monitor
  • Easier ISO build system
  • Reproducible build of the ISO image
  • Automated Debian package build infrastructure
  • (Even more) automated tests

Fundraising

  • Have more reliable and steady sources of income
  • Depend less on grants from governments

Tails needs help

You can help

  • User or trainer: early testing, feedback
  • User interface / web / UX person
  • Software developer / maintainer
  • System administrator
  • Debian
  • Technical writer
  • Translator
  • Donor
  • Starting point: https://tails.boum.org/contribute/

Contact

Talk to us