SoylentNews is people
SoylentNews
The Tails project announced the release of version 2.12 of the operating system which focuses on "privacy and anonymity."
The new version includes Gnome Sound Recorder, removes I2P, runs on version 4.9.13 of the Linux kernel, and as per usual remedies "numerous security holes" in the previous release. Distro Watch has additional coverage.
Related story:
TAILS 2.11: The Last Release to Support the I2P Anonymizing Network
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Remember Darwin; building a better mousetrap merely results in smarter mice.
(Score: 3, Interesting) by butthurt on Friday April 21 2017, @01:42AM (5 children)
At your third link (GNU site) I read:
Tails uses the vanilla version of Linux, which contains nonfree firmware blobs.
At your second link (Tails project site):
However, Tails includes non-free firmware in order to work on as much hardware as possible.
...so they've disclosed that. If they would say "except for the non-free firmware included, Tails is free software" rather than "Tails is free software, however it includes non-free firmware" they would be telling the truth. Would it compromise your anonymity to direct us to your bug report on the topic? If you expressed yourself there in the same tone as you have here, that may be the reason your concern--which is obviously valid--wasn't properly addressed.
(Score: 3, Informative) by melikamp on Friday April 21 2017, @02:06AM (4 children)
I didn't say they didn't disclose blobs, I said their front page is lying to their users. They know it is factually incorrect, but they choose not to fix it, and they refuse to discuss it. My tone was and is irrelevant: they should have fixed this bug regardless, for the sake of their users and potential users who are looking at their front page, the moment they became aware of it, because what they are saying is incorrect. And since they know they falsely claim that they are free software by FSF's definition, it's a lie, regardless of my tone.
I am not saying this because I have a grudge against them or something, I really don't give a flying fuck what they do at this point, unless they fix these issues, which I would applaud. I am just warning current and potential users of Tails about two simple facts: the project leadership is incompetent (blobs for privacy!), and is OK with lying to users with big bold letters on the front page. My original inquiry:
https://mailman.boum.org/pipermail/tails-support/2016-March/000345.html [boum.org]
And by the way, if you think my tone is at fault, please, take a few minutes out of your busy schedule and report this bug properly. This would wipe my nose, no? I would be quite glad if this bug was fixed, regardless of how, but they literally won't talk to me no more, and they never had. They absolutely refused to comment on either issue, do you see?
https://labs.riseup.net/code/issues/5393#note-10 [riseup.net]
(Score: 2) by Scruffy Beard 2 on Friday April 21 2017, @09:07AM (1 child)
Maybe the blobs don't need malware because modern systems are inherently insecure, regardless.
If I wanted to add a back-door to a NIC, I would have it listen for a 128bit number (hashed with the MAC address), and then read any instructions from the payload. As a bonus, you can require cryptographic signatures as well: but that would probably at least double the footprint of the malware portion of the image.
(Score: 3, Informative) by melikamp on Saturday April 22 2017, @05:26AM
(Score: 2) by butthurt on Friday April 21 2017, @08:55PM (1 child)
> They absolutely refused to comment on either issue, do you see?
Thank you for the links. In the mailing list discussion I see replies from two writers, "intrigeri" and "ForgottenBeast" who have addresses at boum.org and riseup.net. I would assume that those are members of the project (because the project's Web sites are on those hosts).
https://mailman.boum.org/pipermail/tails-support/2016-March/000347.html [boum.org]
https://mailman.boum.org/pipermail/tails-support/2016-March/000361.html [boum.org]
https://mailman.boum.org/pipermail/tails-support/2016-March/000372.html [boum.org]
https://mailman.boum.org/pipermail/tails-support/2016-March/000380.html [boum.org]
(Score: 2) by melikamp on Saturday April 22 2017, @02:19AM
I don't know whether ForgottenBeast is affiliated with Tails, but his answer does not address my question. I asked them for an estimate of the amount of malware they distribute, and he told me that an actively and massively exploited backdoor would have probably been detected fast. I tend to agree, but it does nothing to answer my question.
With his last post intrigeri explicitly refused to issue any comment whatsoever.
It's an implicit wontfix, or so it seems to me. I would even say, they actually seem to believe the risk is zero, and there is no malware or (reported to law enforcement) zero-days in those blobs, but for some reason they also refuse to state that explicitly :)