Tails

% Tails — Privacy for anyone anywhere % intrigeri % June, 2014

What what who

Who I am

Tails contributor
Debian developer

What is Tails

The Amnesic Incognito Live System

https://tails.boum.org/

A Live operating system

works on (almost) any computer
boots off a DD, a USB stick, or a SD card

Preserving privacy and anonymity #1

use the Internet anonymously and circumvent censorship:
all connections to the Internet are forced to go through the Tor network
leave no trace on the computer you are using unless you ask it explicitly

Preserving privacy and anonymity #2

cryptographic tools:
encrypt your files, emails and instant messaging
media production tools:
sound, video, office publishing, graphics...

Other features

exists since 2009
translated into many languages
Free Software, public and open development:
Git, Redmine, meetings and roadmap
design documentation : https://tails.boum.org/contribute/design/

And... it works?

According to the NSA, yes :
"(S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor
(S//REL) Adds Severe CNE misery to equation"
(Thanks to a famous Tails user for providing these documents.)

Bruce Schneier, December 2013 :
"What do I trust? I trust, I trust Tails, I trust GPG [...]"
"I don't use Linux. (Shhh. Don't tell anyone.)
Although I have started using Tails""

Usability: a security feature

Our starting point

privacy and anonymity: collective matters
more secure tool, but less usable
⇒ collectively, less security

Our hypothesis

Often usability matters more than "pure" security.

Make a "baseline" security level (privacy, anonymity) very accessible
⇒ Tails is widely used
⇒ more contributors
⇒ energy ↗ to improve security without decreasing usability

Examples

GNOME desktop
desktop cryptographic tools (Seahorse, OpenPGP applet, GNOME Disks)
integrates the "Spoof MAC address, or not" decision in a user-friendly way
documentation
translations
warnings
WhisperBack

A small delta, to avoid drowning

History lesson

Often, specialized distributions die quickly.
At least in this area.
✝ Haven, Anonym.OS, ParanoidLinux, onionOS, Phantomix and many others. RIP.

Why?

small teams, not organized to grow
underestimation of the maintenance and user support work
no long-term commitment
NIH

Our hypothesis

focus on maintainability
avoid having a delta that grows too much, or too fast, wrt. our upstreams

Examples: what we did not do internally

... despite pressure:

grsecurity
compile-time hardening

Examples: what we did internally

... but should share:

OpenPGP applet
erasing memory on shutdown

Examples: what we're doing upstream

AppArmor
libvirt
Seahorse
Debian
Debian Live
fix OTR downgrade → v1

Consequences #1

little Tails-specific code
glue work
"social" work:
talk to upstreams
spread the word about our needs
find skilled people to do the work at the best place
slow rhythm (waiting the next Debian release, and sometimes the one after), despite backports

Consequences #2

And, above all...

. . .

Tails is still alive!

Challenges

Cadence & popularity

new release every 6 weeks
about 10k boots a day, doubles every 6-9 months

Limited resources and time

mostly volunteer work
2000 commits, by ~10 persons, on the last 6 months

Roadmap

Overview

welcome more varied contributions

... from more varied people

make our life easier

make Tails (even) more usable

better protect users against targeted attacks

This summer

Tails 1.1 — July 22: Debian Wheezy, UEFI

And then

Tails 2.0: sustainability and maintainability
Greeter
same-day security updates
mitigate effects of security holes
Tails 3.0: hardening, sandboxing
More?