Klint Finley reports that Edward Snowden used a Linux Distro designed for anonymity to keep his communications out of the NSA's prying eyes. The Amnesic Incognito Live System (Tails) is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. "Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally," writes Finley. "This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources." The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. "The NSA has been pressuring free software projects and developers in various ways," the group says.
But since we don't know who wrote Tails, how do we now it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. "With Tails", say the distro developers, "we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal."
Related Stories
The Finnix project and DistroWatch are observing the 25th anniversary of the Finnix live distro a few days ago:
From Finnix:
Today is a very special day: March 22 is the 25 year anniversary of the first public release of Finnix, the oldest live Linux distribution still in production. Finnix 0.03 was released on March 22, 2000, and to celebrate this anniversary, I'm proud to announce the 35th Finnix release, Finnix 250!
Besides the continuing trend of Finnix version number inflation (the previous release was Finnix 126), Finnix 250 is simply a solid regular release, with the following notes:
From DistroWatch:
The Finnix distribution is a small, self-contained, bootable live Linux distribution for system administrators, based on Debian. The project's latest version is Finnix 250 which marks the project's 25th anniversary.
Other live distros come and go. However, Finnix is a special live distro because it contains so many pre-installed system administration tools that it has been a goto tool for system recovery and repair for two and a half decades.
Previously:
(2016) Refracta 8.0: Devuan on a Stick
(2015) Slackware Live Edition Beta Available
(2014) Snowden Used Special Linux Distro for Anonymity
(Score: 2, Insightful) by NoMaster on Wednesday April 16 2014, @04:05AM
"And all of the Tails code is open source, so it can be inspected by anyone worried about foul play."
So is OpenSSL...
Live free or fuck off and take your naïve Libertarian fantasies with you...
(Score: 1) by dast on Wednesday April 16 2014, @05:30AM
Was OpenSSL the target of foul play?
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 16 2014, @04:55PM
Irrelevant. Point is OpenSSL wasn't inspected enough. Whether there's foul play or not, that it's open source doesn't help detect it if not enough inspect it and announce the results publicly.
(Score: 3, Insightful) by Pav on Wednesday April 16 2014, @08:36PM
F/OSS only needs to be better on average than commercial equivalents. Even for security software that record is FAR from perfect. Also, the OpenSSL bug wasn't found by the developers so the "many eyes" actually did the job - late, but not never.
Also, there is value in the source being available AFTER the fact - raises the bar a little for malicious entities.
(Score: 3, Interesting) by Foobar Bazbot on Wednesday April 16 2014, @04:06AM
All of the code, even the ssl library!
(Score: 3, Insightful) by dast on Wednesday April 16 2014, @05:38AM
Well that's still a hell of a lot better than a closed source product in which there could be an untold number of exploitable bugs. We'll never know for sure, since we can't look at the source.
Open sourcing a project doesn't make it more secure--it makes it more auditable. Bugs will still exist, and may exist for years, but at least with open source projects we can audit the fix. Can you say the same for closed source products?
(Score: 2) by stormwyrm on Wednesday April 16 2014, @02:02PM
From the Tor Project blog [torproject.org]:
Numquam ponenda est pluralitas sine necessitate.
(Score: 1) by dast on Wednesday April 16 2014, @03:03PM
Isn't all Debian old and stable? ;) /me ducks
(Score: 2, Funny) by dast on Wednesday April 16 2014, @03:09PM
Wow. All my grammar are sucks.
(Score: 2) by Kilo110 on Wednesday April 16 2014, @05:02AM
"The NSA has been pressuring free software projects and developers in various ways,"
I'd like to hear more about this.
(Score: 3, Informative) by bill_mcgonigle on Wednesday April 16 2014, @05:27AM
Applebaum is routinely subject to harsh treatment at border crossings, without probably cause. His work enables the hoi poli to communicate with each other effectively and is therefore a threat to the human farming system.
(Score: 2) by c0lo on Wednesday April 16 2014, @06:06AM
Possible solution: involve yourself in OSS within the privacy/anonymity areas, make your identity known and NSA may contact you.
(I really don't know if this list may end with the "Profit!" item, but that's a different point).
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Informative) by c0lo on Wednesday April 16 2014, @05:34AM
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by dast on Wednesday April 16 2014, @05:40AM
Nice! I wasn't aware of the other options we have. Kudos!
(Score: 2) by c0lo on Wednesday April 16 2014, @05:59AM
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Insightful) by mrbluze on Wednesday April 16 2014, @01:32PM
How can we know if any of these are not compromised? How can we know if the wired article is true?
Do it yourself, 'cause no one else will do it yourself.
(Score: 2) by c0lo on Wednesday April 16 2014, @01:55PM
Ummmm... read your signature and do as it says?
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2, Informative) by lajos on Wednesday April 16 2014, @02:34PM
"a kind of computer-in-a-box" ?
No, it's not a computer-in-a-box. It's an operating system.
Now I understand that wired writers are probably morons, writing fluffy articles for morons. But why does it have to be propagated to SN? At least put a [sic] next to it, similar to when quoting illiterate people.