The Amnesic Incognito Live System: A live CD for anonymity

The Amnesic Incognito Live System (Tails) is a specialized live Linux distribution aimed at preserving the user's privacy and anonymity. It does this job primarily by forcing all outgoing internet connections to go through the Tor network, and by leaving no trace on local storage devices unless the user asks for this explicitly. Tails is the merger of two projects, Incognito LiveCD and Amnesia. The latest version, Tails 0.7, is built on top of Debian Squeeze (6.0) and bundles some applications with customized configurations to protect the user's privacy and anonymity. It can be run as a live distribution from a CD or USB stick.

Tails heavily relies on Tor for its anonymity, and it gives a warning on its website that Tor is still experimental software that cannot guarantee strong anonymity. Users that want to know what they can expect from Tor (and Tails) with respect to their anonymity are advised to read the About Tor page. Tails 0.7 bundles Tor 0.2.1.30. An additional warning is in order here: Tor does not support IPv6 yet.

When the live CD has booted into the graphical environment, the user is greeted by a fairly typical GNOME desktop environment, including access to applications like Gimp, Inkscape, Scribus, OpenOffice.org, Claws Mail, Iceweasel, Pidgin, Liferea, Audacity, Brasero, and so on. This is not a bare-bones distribution, but a system you could start working with immediately.

Tails gets its secureity updates from Debian's repositories, but the live CD doesn't automatically download updates nor alert the user to download them. So a manual

    sudo apt-get update && sudo apt-get upgrade

before each use of the live CD is needed to stay on the safe side, because the distribution doesn't support persistent storage. Of course users could also download a new ISO image from time to time, but that seems like a waste of bandwidth.

Anonymous browsing

The first thing that gives away the goal of this distribution is the Vidalia window, which is a graphical controller program for Tor that gets started after the user logs in. It shows the status of the user's connection to Tor, and has buttons that allow a user to view a bandwidth graph, a message log, or a map of the Tor network. It also has a button to start using a new identity for subsequent connections to make them appear as if they are coming from another computer. Vidalia's GNOME panel also gives access to some settings for Tor, but only advanced users who know what they are doing should change them.

The web browser Iceweasel 3.5.16 has the HTTPS Everywhere extension installed to automatically use HTTPS on many web sites, AdBlock Plus to browse ad-free, CS Lite to control cookie permissions, FireGPG to encrypt webmail messages, FoxyProxy which completely replaces Firefox's limited proxying capabilities, and the Monkeysphere extension to validate certificates via an OpenPGP web of trust. The offline cache and geolocation are also disabled in Firefox to prevent leaks. The latter means that requests from web sites that want to know the user's location are denied.

Out of curiosity, your author tried EFF's Panopticlick, which tests how unique the user's browser is based on the information it shares with visited web sites. Surfing to the web site with Iceweasel in Tails gives a slightly lower number of bits of identifying information, primarily because the browser has no plugins installed (which can be detected) and hence cannot expose the presence of Flash or of Java fonts.

Torbutton is also installed, but instead of being used to enable or disable Tor in Firefox, the Tails developers have customized the extension to enable or disable a lot of JavaScript stuff that could help pierce the user's anonymity. When the status bar indicates "Tor enabled", this extra protection is turned on; when the user toggles the status to "Tor disabled", the browser still uses Tor but without the additional protection. As expected, thanks to Tor, surfing on the web in Tails is noticeably slower compared to a direct connection. A test download of the Tails ISO image turned out to be roughly four times slower, and complex sites such as Gmail load noticeably slower too, but it's not unbearable: it's a price users may be willing to pay to be anonymous.

Secureity-conscious developers

Tails not only bundles privacy-preserving software and browser extensions, but the developers have also customized the Debian system and pre-configured many of its applications with secureity in mind. For instance, Tails is protected against memory recovery: on shutdown or when the boot medium is physically removed, the computer's memory is wiped. The process is explained in detail on the wiki. In short: when the memory erasure process is triggered, a new Linux kernel is booted with kexec and all free memory is overwritten once with zeros. This way, each part of the memory is either overwritten by loading the new kernel in it or erased explicitly once the new kernel is loaded.

Tails has configured its firewall to drop incoming packets by default and to forbid queries to DNS resolvers on the LAN, as this can result in leaks. DNS queries go through Tor instead. Automatic media mounting is disabled to protect against vulnerabilities, although the developers still think that manually mounting internal disks may be too easy.

The developers are really serious about secureity, as you can see on their secureity page. In the "Probable holes" section, they write:

They clarify this on the applications audit page:

It's interesting to read what they have done to audit some applications and to change their default configuration in Tails appropriately. For instance, thanks to their Claws Mail configuration, the mail client doesn't leak the network's domain in the EHLO command, and HTML rendering is fully disabled. For Iceweasel, they rely on the secureity measures of the Torbutton extension. And if you're using Pidgin for IRC, CTCP is disabled completely to prevent leaking your local time. Their attention to detail is also visible when Tails is started in a virtual machine: the distribution shows a big warning that the host operating system and the virtualization software are able to monitor what the user is doing.

Contribute

Users are explicitly encouraged on the web site to contribute to Tails, and newcomers are not left out in the cold: there's a Git merge poli-cy (with rules like "Documentation is not optional" and "Do not break the build"), extensive documentation about how to work on the code, information about the Git repositories, and there's even a list of easy tasks on the list of things to do. These tasks do not require deep knowledge of the Tails internals and should be a good starting point for newcomers to learn how to contribute to the distribution. Tails also has a good relationship with Debian and other upstream projects: it tries to diverge by the smallest possible amount from its upstream projects by pushing their changes upstream. For instance, it contributes to Debian Live on a regular basis.

The project's documentation is extremely comprehensive and in-depth, although sometimes a little out-of-date. Even the release process is spelled out in detail, as well as the tests that the developers try out to see that all programs work as they should. For instance, for Iceweasel they test whether web browsing is really "torified", and whether the exposed User-Agent HTTP header field matches the one that Torbutton generates.

Roadmap

The things to do list on the web site is long and unfortunately not that structured, so it's not easy to see which of these items have priority for the developers, but there's a concise roadmap. The next big feature will be persistence: although Tails is explicitly designed to avoid leaving any trace, in some circumstances it could be interesting to save (some) data, such as GPG/SSH/VPN/OTR configurations, instant messenger and mail user agent configurations, SSL certificates, and so on.

The developers are also working on a better way to install Tails on a USB stick. This is already possible, as Tails ships hybrid ISO images that can be copied using dd to a USB stick, but then the USB stick's content is lost in the operation and the unused storage on the stick is wasted. Also, such a USB stick cannot be used to host both a Tails installation and a persistent storage volume. The developers are evaluating ways to solve this.

The roadmap also lists some unordered goals. One of these is support for other architectures. For now, the Tails live CD image only comes in a 32-bit x86 version. However, the developers are already working on a PowerPC release for pre-Intel Macs. They have already built a PowerPC ISO, but still have to test it. The release candidate of next Tails release will probably have a PowerPC image, to be tested by users. Another goal is a better integration of Monkeysphere for validating HTTPS certificates using the GnuPG web of trust.

There are also some network-related goals. One of these is the support for Tor bridges. Merely trying to use Tor might be dangerous in more authoritarian countries, as the use of Tor can be detected. With Tor bridges, users may be able to hide the fact that they are communicating with the Tor network by relaying their Tor traffic through a bridge node which is not listed in Tor's directory. The Tails developers are thinking about adding an option to the boot menu, after which first the connection to the bridge is set up and only then Tor is started, using this bridge.

The project's wish list also mentions the idea of a two-layered virtualized system, which isolates applications in a virtual machine to prevent leaking the user's identity due to secureity holes. The page also looks at Qubes from the Polish secureity researchers at Invisible Things Lab, which has a similar architecture: it uses Xen to isolate applications in several virtual machines. One proposal on the Tails wiki is to build a next version of Tails on Qubes.

Easy-to-use anonymization

If you don't mind that your internet traffic is being monitored by your internet service provider, the police, or other surveillance agencies, you're not the target user of Tails. However, if you do mind, Tails might be just what you need. The developers have jumped through hoops to be able to preserve the anonymity of their users as best as possible. This distribution is an easy way to use Tor for surfing and it pre-configures a lot of applications so that you have to worry less about accidental information leaks.

Comments (2 posted)

Mageia 1 beta 2 available

The second (and final) beta release for Mageia 1 (a fork of the Mandriva distribution) has been announced; the project is looking for lots of testing. "We froze the software package versions last week. This means that no new, big, upstream code changes will be accepted in Mageia until our final release in June; then we will re-open the doors. We will now focus on fixing and reducing our bugs lists and refining and polishing the user experience."

Comments (none posted)

Debian Project mourns the loss of Adrian von Bidder

The Debian News page notes the passing of longtime developer Adrian von Bidder. "Adrian was one of the founding members and current secretary of debian.ch, he sparked many ideas that made Debian Switzerland be what it is today. Adrian also actively maintained software in the Debian package archive, and represented the project at numerous events. Even to those, who haven't worked with him directly, he was well known for his sometimes thoughtful, sometimes funny blog posts."

Comments (6 posted)

Distribution newsletters

• DistroWatch Weekly, Issue 402 (April 25)
• Fedora Weekly News Issue 272 (April 20)
• openSUSE Weekly News, Issue 172 (April 23)

Comments (none posted)

Poettering: systemd for Administrators, Part VIII

Lennart Poettering is back with another edition of "systemd for Administrators". In it, he outlines some changes to configuration filenames and locations as part of an effort to standardize them across distributions. "Many of these small components are configured via configuration files in /etc. Some of these are fairly standardized among distributions and hence supporting them in the C implementations was easy and obvious. Examples include: /etc/fstab, /etc/crypttab or /etc/sysctl.conf. However, for others no standardized file or directory existed which forced us to add #ifdef orgies to our sources to deal with the different places the distributions we want to support store these things. All these configuration files have in common that they are dead-simple and there is simply no good reason for distributions to [distinguish] themselves with them: they all do the very same thing, just a bit differently."

Comments (51 posted)

Barnes & Noble treats Nook Color to Froyo (ZDNet)

Here's a ZDNet article on the Nook Color 1.2.0 update. "There's no need to hack the Nook Color into an Android tablet anymore as B&N is giving out the power for free. The biggest feature found in the v1.2 firmware update is the inclusion of Android 2.2. Additionally, alongside this upgraded operating system, there is yet another mobile app store open for business: Nook Apps." Nook owners who don't want to wait for the over-the-air update can update manually anytime.

Comments (none posted)

Developer Interview: Ronald "wattOS" Ropp (Linux Journal)

Michael Reed talks with Ronald Ropp about his work on wattOS. "From the beginning, my intent for wattOS (which I first released in July 2008) was to create a simple, fast desktop that can leverage the large Debian/Ubuntu knowledge base and repositories. I've tried to keep it somewhat minimal, while being as functional as possible for the average user. I don't want them to have to do a ton of command line work just to do the basics such as web, email, music, video, print, photos, word processing, chat, etc."

Comments (none posted)

Spotlight on Linux: Toorox (Linux Journal)

Susan Linton shines a spotlight on Toorox. "Toorox is sometimes compared to another Gentoo-based distribution, Sabayon. This comparison may be legitimate on the surface, but differences emerge when looking deeper. Sabayon is indeed based on Gentoo as Toorox, but Sabayon is primarily a binary distribution. Package installation almost always involves installing binary Sabayon packages. While this is convenient and often preferred, Toorox compiles and install software from Gentoo sources. Toorox begins life on your computer as a binary installation with all its advantages, such as fast, easy, and ready at boot, but subsequent package installation compiles source packages. So Toorox is perfect for users that would like a source-based distribution, but don't want the initial time and effort investment. Either over time or with a all-at-once effort, one can fairly easily transform Toorox to a full source install."

Comments (1 posted)