% Tails: a technical overview % BitingBird, kurono, intrigeri % DebConf 15
About Tails
Who are we
- Tails contributors
What is Tails
The Amnesic Incognito Live System
A Live operating system
- works on (almost) any computer
- boots off a DVD or a USB stick
Privacy and anonymity #1
- use the Internet anonymously and circumvent censorship:
all connections to the Internet are forced to go through the Tor network - leave no trace on the computer you are using unless you ask it explicitly
Privacy and anonymity #2
- cryptographic tools: encrypt your files, emails and instant messaging
- media production tools: sound, video, office publishing, graphics...
And... it works?
- According to the NSA, yes :
"(S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor
(S//REL) Adds Severe CNE misery to equation"
(Thanks to a famous Tails user for providing these documents.)- Bruce Schneier, December 2013 :
"What do I trust? I trust, I trust Tails, I trust GPG [...]"
"I don't use Linux. (Shhh. Don't tell anyone.)
Although I have started using Tails""
Main project goals
Usability: a security feature
- Often usability matters more than "pure" security.
- Make a "baseline" security level (privacy, anonymity) very accessible.
A small delta, to avoid drowning
- Fact: specialized distributions often die quickly.
- At least in this area: ✝ Liberté Linux, Haven, Anonym.OS, ParanoidLinux, onionOS, Phantomix and many others. RIP.
Why did they die so quickly?
- small teams, not organized to grow
- underestimation of the maintenance and user support work
- no long-term commitment
- NIH
E.g. what we're doing upstream
- AppArmor
- Debian: pkg-apparmor-team, pkg-anonymity-tools,
pkg-otr-team - libvirt
- Seahorse
- Tor
- Puppet shared modules
Results
- little Tails-specific code
- glue work
- "social" work:
talk to upstreams
spread the word about our needs
find skilled people to do the work at the best place - slow rhythm (waiting the next Debian release, and sometimes the one after), despite backports
- Tails is still alive!
Implementation
PELD
- https://tails.boum.org/contribute/design
- Tails currently based on Debian Wheezy.
- ...migrating to Jessie.
- Core software:
Tor
Tor Browser
GNOME
Use the Internet anonymously
- We don't know what software will attempt to contact the network
- ...so we block all outbound Internet traffic except Tor
- (and I2P when enabled)
- Unsafe Browser for captive portals
Tails Installer
- Initially based on Fedora's liveusb-creator
- https://tails.boum.org/contribute/design/installation/
- recently converted to Python + GTK3 + udisks2
- will be uploaded to Debian very soon :)
Leave no trace on the computer
- Protect against memory recovery such as cold boot attacks
- RAM is overwritten when Tails is being shutdown https://tails.boum.org/contribute/design/memory_erasure/
- Actual memory erasure: secure-delete (sdmem)
Tails persistence
- Somewhat tricky topic for a live distro
- User keys, some APT packages...
- LUKS-encrypted GPT partition (TailsData)
- dm-crypt, ext4
- backend implemented upstream in
live-boot
- GUI written in Perl + GTK3
Incremental upgrades
- https://tails.boum.org/contribute/design/upgrades/
- Only possible when installed on USB stick
- Incremental Upgrade Kit (IUK)
- SquashFs stacking.
Application isolation
- AppArmor to isolate applications
- Currently only file access isolation
(missing non-mainlined kernel patches) - The best supported in Debian
- Hacks to support the Live system
- Currently (somewhat) confined: Tor Browser, Tor, Pidgin, Evince, Totem, Vidalia, etc.
Build and Test
- Git repo
→ https://tails.boum.org/contribute/git/#main-repo - Building Tails using Vagrant
- Automated builds (done!) and tests (WIP) in Jenkins
- Test suite: Sikuli, libvirt, cucumber
→ live demo next Friday
Challenges
Cadence & popularity
- new release every 6 weeks
- about 14k boots a day (x 2.8 since 2 years)
Limited resources and time
- small team compared to scope and pressure
- 3,500 commits, by 15+ persons, in the last 6 months
Roadmap
Early 2016
- Tails 2.0: Upgrade to Debian Jessie
Hardening
- Persistent Tor state
- Protect against exploitation via external buses
- Stronger HTTPS on our website
- Persistent seed for random number generator
- Robust time syncing
International audience
- Persistent Tor configuration (e.g. bridges)
- Web platform for translating our website
Ease adoption
- Revamp Tails Greeter
- Multi-platform Tails Installer
- Improve Tails Installer
- Explain better what Tails is and what makes it so awesome
- Revamp the website
Better user support
- Request tracker for bug reports
- Improve WhisperBack
Polished and reliable platform
- Tor and network progress bar
- Improve additional packages persistence feature
- Localized displayed clock
- Backup system for persistence
- Screen locker
- Full self-upgrades
Sustainability
- Replace Vidalia with Tor Monitor
- Easier ISO build system
- Reproducible build of the ISO image
- Automated Debian package build infrastructure
- (Even more) automated tests
Fundraising
- Have more reliable and steady sources of income
- Depend less on grants from governments
Tails needs help
You can help
- User or trainer: early testing, feedback
- User interface / web / UX person
- Software developer / maintainer
- System administrator
- Debian
- Technical writer
- Translator
- Donor
- Starting point: https://tails.boum.org/contribute/
Contact
Talk to us
- We are here.
- Development mailing-list: tails-dev@boum.org
- Mailing-lists for translators, UX, early testers, user support, non-technical project discussions, etc.
- Core team's encrypted mailing-list: tails@boum.org
- IRC: see https://tails.boum.org/contribute/
- Web: https://tails.boum.org/