A wireframe globe breaking out of chains

Free the internet

Support tools that break the chains of censorship and surveillance. Donate to the Tor Project today.

Through December 31, your gift will be matched, up to $250,000!

Donate now

Tails

% Tails needs Debian
(and the other way around?) % intrigeri % August, 2014

What Tails is

What's in a name

The amnesic incognito live system

https://tails.boum.org/

A Live operating system

  • works on (almost) any x86 computer
  • boots off a DVD, a USB stick, or a SD card
  • based on Debian ♥

Preserving privacy and anonymity #1

  • use the Internet anonymously, circumvent censorship:
    all connections to the Internet are forced to go through the Tor network
  • leave no trace on the computer you are using unless you ask it explicitly

Preserving privacy and anonymity #2

  • desktop cryptographic tools:
    encrypt files, email and instant messaging
    metadata anonymization (https://packages.d.o/mat)
  • media production tools:
    sound, video, office publishing, graphics...

Usability = a security feature

  • yes, you may be able to protect yourself
  • but privacy and security = collective matters
  • if only tech-savvy users can use our stuff,
    then the others will use something worse,
    and collectively we've lost.

Other features

  • first release in 2009
  • translated into many languages
  • Free Software, public and open development:
    Git, Redmine, meetings and roadmap
  • specs and design documentation: https://tails.boum.org/contribute/design/

And... it works?

  • According to the NSA, yes:
    (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor
    (S//REL) Adds Severe CNE misery to equation
    (Thanks to a famous Tails user for providing these documents.)
  • Bruce Schneier, December 2013:
    What do I trust? I trust, I trust Tails, I trust GPG [...]
    I don't use Linux. (Shhh. Don't tell anyone.)
    Although I have started using Tails

Userbase

  • broad and diverse

Challenges

Cadence

  • preparing a release takes 6-10 solid days of work
  • new release every 6 weeks + a RC 1-2 weeks before

Popularity

in July:

  • 11.5k boots a day
    (doubles every 6-12 months, since years)
  • 35k downloads of the OpenPGP signature of Tails ISO
  • ⇒ increasing expectations

Limited resources and time

  • mostly volunteer work
  • 2000 commits, by ~10 persons, on the last 6 months

Roadmap

  • welcome more varied contributions
  • ... from more diverse people
  • make the project more sustainable
  • improve usability
  • better protect users against targeted attacks
  • more?

Tails and its upstreams

History lesson

  • most distributions in this area have died quickly
  • ⇒ focus on maintainability
  • ⇒ avoid having a delta that grows too much, or too fast,
    wrt. our upstreams

Examples: what we did not do internally

... despite pressure:

  • grsecurity
  • compile-time hardening

Examples: what we did internally

... and are in the process of sharing:

  • OpenPGP applet
  • erasing memory on shutdown

Examples: what we're doing upstream

  • AppArmor
  • libvirt
  • Seahorse
  • various Debian things
  • fix OTR downgrade → v1

Consequences #1

  • little Tails-specific code: mostly glue work
  • social work:
    talk to upstreams
    spread the word about our needs
    find skilled people to do the work at the best place
  • slow rhythm, despite backports

Consequences #2

And, above all...

. . .

Tails is still alive!

Tails needs Debian

Keep up the good work!

Debian is an awesome basis for derivatives.

Thank you ☺

Many one-shot small tasks

Help us help Debian

  • in August: 5 Tails contributors have had stuff uploaded
  • more to come!
  • already a few mentors and sponsors (thank you), need more

Distro-wide improvements

  • AppArmor (https://wiki.d.o/AppArmor)
  • reproducible builds (https://wiki.d.o/ReproducibleBuilds)
  • hardening build flags (PIE on amd64?)

Packaging

  • grsecurity kernel (Debian#605090)
  • packaging teams:
    anonymity tools (https://wiki.d.o/Teams/AnonymityTools) OTR (https://wiki.d.o/Teams/OTR)
  • X.Org as non-root, Wayland
  • systemd user sessions

Infrastructure

  • derivatives patches tracking tools
  • continuous integration

Where to start?

Debian needs Tails?

How can Tails be better for Debian?

You tell me.

Contact

Talk to us