Klint Finley reports that Edward Snowden used a Linux Distro designed for anonymity to keep his communications out of the NSA's prying eyes. The Amnesic Incognito Live System (Tails) is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. "Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally," writes Finley. "This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources." The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. "The NSA has been pressuring free software projects and developers in various ways," the group says.
But since we don't know who wrote Tails, how do we now it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. "With Tails", say the distro developers, "we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal."
(Score: 2, Insightful) by NoMaster on Wednesday April 16 2014, @04:05AM
"And all of the Tails code is open source, so it can be inspected by anyone worried about foul play."
So is OpenSSL...
Live free or fuck off and take your naïve Libertarian fantasies with you...
(Score: 1) by dast on Wednesday April 16 2014, @05:30AM
Was OpenSSL the target of foul play?
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 16 2014, @04:55PM
Irrelevant. Point is OpenSSL wasn't inspected enough. Whether there's foul play or not, that it's open source doesn't help detect it if not enough inspect it and announce the results publicly.
(Score: 3, Insightful) by Pav on Wednesday April 16 2014, @08:36PM
F/OSS only needs to be better on average than commercial equivalents. Even for security software that record is FAR from perfect. Also, the OpenSSL bug wasn't found by the developers so the "many eyes" actually did the job - late, but not never.
Also, there is value in the source being available AFTER the fact - raises the bar a little for malicious entities.
(Score: 3, Interesting) by Foobar Bazbot on Wednesday April 16 2014, @04:06AM
All of the code, even the ssl library!
(Score: 3, Insightful) by dast on Wednesday April 16 2014, @05:38AM
Well that's still a hell of a lot better than a closed source product in which there could be an untold number of exploitable bugs. We'll never know for sure, since we can't look at the source.
Open sourcing a project doesn't make it more secure--it makes it more auditable. Bugs will still exist, and may exist for years, but at least with open source projects we can audit the fix. Can you say the same for closed source products?
(Score: 2) by stormwyrm on Wednesday April 16 2014, @02:02PM
From the Tor Project blog [torproject.org]:
Numquam ponenda est pluralitas sine necessitate.
(Score: 1) by dast on Wednesday April 16 2014, @03:03PM
Isn't all Debian old and stable? ;) /me ducks
(Score: 2, Funny) by dast on Wednesday April 16 2014, @03:09PM
Wow. All my grammar are sucks.
(Score: 2) by Kilo110 on Wednesday April 16 2014, @05:02AM
"The NSA has been pressuring free software projects and developers in various ways,"
I'd like to hear more about this.
(Score: 3, Informative) by bill_mcgonigle on Wednesday April 16 2014, @05:27AM
Applebaum is routinely subject to harsh treatment at border crossings, without probably cause. His work enables the hoi poli to communicate with each other effectively and is therefore a threat to the human farming system.
(Score: 2) by c0lo on Wednesday April 16 2014, @06:06AM
Possible solution: involve yourself in OSS within the privacy/anonymity areas, make your identity known and NSA may contact you.
(I really don't know if this list may end with the "Profit!" item, but that's a different point).
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Informative) by c0lo on Wednesday April 16 2014, @05:34AM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by dast on Wednesday April 16 2014, @05:40AM
Nice! I wasn't aware of the other options we have. Kudos!
(Score: 2) by c0lo on Wednesday April 16 2014, @05:59AM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Insightful) by mrbluze on Wednesday April 16 2014, @01:32PM
How can we know if any of these are not compromised? How can we know if the wired article is true?
Do it yourself, 'cause no one else will do it yourself.
(Score: 2) by c0lo on Wednesday April 16 2014, @01:55PM
Ummmm... read your signature and do as it says?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2, Informative) by lajos on Wednesday April 16 2014, @02:34PM
"a kind of computer-in-a-box" ?
No, it's not a computer-in-a-box. It's an operating system.
Now I understand that wired writers are probably morons, writing fluffy articles for morons. But why does it have to be propagated to SN? At least put a [sic] next to it, similar to when quoting illiterate people.