Klint Finley reports that Edward Snowden used a Linux Distro designed for anonymity to keep his communications out of the NSA's prying eyes. The Amnesic Incognito Live System (Tails) is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. "Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally," writes Finley. "This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources." The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. "The NSA has been pressuring free software projects and developers in various ways," the group says.
But since we don't know who wrote Tails, how do we now it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. "With Tails", say the distro developers, "we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal."
(Score: 2, Insightful) by NoMaster on Wednesday April 16 2014, @04:05AM
"And all of the Tails code is open source, so it can be inspected by anyone worried about foul play."
So is OpenSSL...
Live free or fuck off and take your naïve Libertarian fantasies with you...
(Score: 1) by dast on Wednesday April 16 2014, @05:30AM
Was OpenSSL the target of foul play?
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 16 2014, @04:55PM
Irrelevant. Point is OpenSSL wasn't inspected enough. Whether there's foul play or not, that it's open source doesn't help detect it if not enough inspect it and announce the results publicly.
(Score: 3, Insightful) by Pav on Wednesday April 16 2014, @08:36PM
F/OSS only needs to be better on average than commercial equivalents. Even for security software that record is FAR from perfect. Also, the OpenSSL bug wasn't found by the developers so the "many eyes" actually did the job - late, but not never.
Also, there is value in the source being available AFTER the fact - raises the bar a little for malicious entities.