Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Wednesday April 16 2014, @03:44AM   Printer-friendly [Skip to comment(s)]

Klint Finley reports that Edward Snowden used a Linux Distro designed for anonymity to keep his communications out of the NSA's prying eyes. The Amnesic Incognito Live System (Tails) is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. "Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally," writes Finley. "This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources." The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. "The NSA has been pressuring free software projects and developers in various ways," the group says.

But since we don't know who wrote Tails, how do we now it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. "With Tails", say the distro developers, "we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal."

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by NoMaster on Wednesday April 16 2014, @04:05AM

    by NoMaster (3543) on Wednesday April 16 2014, @04:05AM (#32169)

    "And all of the Tails code is open source, so it can be inspected by anyone worried about foul play."

    So is OpenSSL...

    --
    Live free or fuck off and take your naïve Libertarian fantasies with you...
    • (Score: 1) by dast on Wednesday April 16 2014, @05:30AM

      by dast (1633) on Wednesday April 16 2014, @05:30AM (#32191)

      Was OpenSSL the target of foul play?

      • (Score: 1, Insightful) by Anonymous Coward on Wednesday April 16 2014, @04:55PM

        by Anonymous Coward on Wednesday April 16 2014, @04:55PM (#32377)

        Irrelevant. Point is OpenSSL wasn't inspected enough. Whether there's foul play or not, that it's open source doesn't help detect it if not enough inspect it and announce the results publicly.

    • (Score: 3, Insightful) by Pav on Wednesday April 16 2014, @08:36PM

      by Pav (114) on Wednesday April 16 2014, @08:36PM (#32425)

      F/OSS only needs to be better on average than commercial equivalents. Even for security software that record is FAR from perfect. Also, the OpenSSL bug wasn't found by the developers so the "many eyes" actually did the job - late, but not never.

      Also, there is value in the source being available AFTER the fact - raises the bar a little for malicious entities.

  • (Score: 3, Interesting) by Foobar Bazbot on Wednesday April 16 2014, @04:06AM

    by Foobar Bazbot (37) on Wednesday April 16 2014, @04:06AM (#32170) Journal

    And all of the Tails code is open source, so it can be inspected by anyone worried about foul play

    All of the code, even the ssl library!

    • (Score: 3, Insightful) by dast on Wednesday April 16 2014, @05:38AM

      by dast (1633) on Wednesday April 16 2014, @05:38AM (#32194)

      Well that's still a hell of a lot better than a closed source product in which there could be an untold number of exploitable bugs. We'll never know for sure, since we can't look at the source.

      Open sourcing a project doesn't make it more secure--it makes it more auditable. Bugs will still exist, and may exist for years, but at least with open source projects we can audit the fix. Can you say the same for closed source products?

    • (Score: 2) by stormwyrm on Wednesday April 16 2014, @02:02PM

      by stormwyrm (717) Subscriber Badge on Wednesday April 16 2014, @02:02PM (#32306) Journal

      From the Tor Project blog [torproject.org]:

      5. Tails is still tracking Debian oldstable, so it should not be affected by this bug.

      --
      Nothing in life is to be feared, only to be understood. Now is the time to understand more, that we may fear less.
      • (Score: 1) by dast on Wednesday April 16 2014, @03:03PM

        by dast (1633) on Wednesday April 16 2014, @03:03PM (#32324)

        Isn't all Debian old and stable? ;) /me ducks

        • (Score: 2, Funny) by dast on Wednesday April 16 2014, @03:09PM

          by dast (1633) on Wednesday April 16 2014, @03:09PM (#32328)

          Wow. All my grammar are sucks.

  • (Score: 2) by Kilo110 on Wednesday April 16 2014, @05:02AM

    by Kilo110 (2853) on Wednesday April 16 2014, @05:02AM (#32184)

    "The NSA has been pressuring free software projects and developers in various ways,"

    I'd like to hear more about this.

    • (Score: 3, Informative) by bill_mcgonigle on Wednesday April 16 2014, @05:27AM

      by bill_mcgonigle (1105) on Wednesday April 16 2014, @05:27AM (#32190)

      Applebaum is routinely subject to harsh treatment at border crossings, without probably cause. His work enables the hoi poli to communicate with each other effectively and is therefore a threat to the human farming system.

    • (Score: 2) by c0lo on Wednesday April 16 2014, @06:06AM

      by c0lo (156) Subscriber Badge on Wednesday April 16 2014, @06:06AM (#32201) Journal

      "The NSA has been pressuring free software projects and developers in various ways,"
      I'd like to hear more about this.

      Possible solution: involve yourself in OSS within the privacy/anonymity areas, make your identity known and NSA may contact you.
      (I really don't know if this list may end with the "Profit!" item, but that's a different point).

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0
  • (Score: 5, Informative) by c0lo on Wednesday April 16 2014, @05:34AM

    by c0lo (156) Subscriber Badge on Wednesday April 16 2014, @05:34AM (#32193) Journal
    Tails and alternatives [hacker10.com]:
    1. Tails [wikipedia.org] - The Amnesic Incognito Live System - Debian/GNOME based, uses Tor
    2. Libert Linux [dee.su] - Gentoo/LXDE based, uses Tor or I2P - dev known (.su TLD is for the Soviet Union)
    3. IprediaOS [ipredia.org] - Looks like a Fedora based, Gnome, uses I2P
    4. Whonix [whonix.org] - not a live image, using 2 Virtual Box machines - one to run the Tor gateway, the other for "Whonix-Workstation" running in a completely isolated network. Debian based
    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0
    • (Score: 1) by dast on Wednesday April 16 2014, @05:40AM

      by dast (1633) on Wednesday April 16 2014, @05:40AM (#32195)

      Nice! I wasn't aware of the other options we have. Kudos!

    • (Score: 2) by c0lo on Wednesday April 16 2014, @05:59AM

      by c0lo (156) Subscriber Badge on Wednesday April 16 2014, @05:59AM (#32200) Journal
      Similar streak with Whonix (more like a "security hardened desktop") using Virtual Box, one may consider Qubes OS [wikipedia.org] which uses Xen virtualisation to run potentially buggy/unsecure applications (app crashes, hacker can't get outside the VM anyway).
      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0
    • (Score: 3, Insightful) by mrbluze on Wednesday April 16 2014, @01:32PM

      by mrbluze (49) on Wednesday April 16 2014, @01:32PM (#32293) Journal

      How can we know if any of these are not compromised? How can we know if the wired article is true?

      --
      Do it yourself, 'cause no one else will do it yourself.
      • (Score: 2) by c0lo on Wednesday April 16 2014, @01:55PM

        by c0lo (156) Subscriber Badge on Wednesday April 16 2014, @01:55PM (#32300) Journal

        How can we know if any of these are not compromised?

        Ummmm... read your signature and do as it says?

        --
        https://www.youtube.com/watch?v=aoFiw2jMy-0
  • (Score: 2, Informative) by lajos on Wednesday April 16 2014, @02:34PM

    by lajos (528) on Wednesday April 16 2014, @02:34PM (#32317)

    "a kind of computer-in-a-box" ?

    No, it's not a computer-in-a-box. It's an operating system.

    Now I understand that wired writers are probably morons, writing fluffy articles for morons. But why does it have to be propagated to SN? At least put a [sic] next to it, similar to when quoting illiterate people.