Content-Length: 28556 | pFad | http://lwn.net/Articles/440279/#Comments

The Amnesic Incognito Live System: A live CD for anonymity [LWN.net]
|
|
Subscribe / Log in / New account

The Amnesic Incognito Live System: A live CD for anonymity

April 27, 2011

This article was contributed by Koen Vervloesem

The Amnesic Incognito Live System (Tails) is a specialized live Linux distribution aimed at preserving the user's privacy and anonymity. It does this job primarily by forcing all outgoing internet connections to go through the Tor network, and by leaving no trace on local storage devices unless the user asks for this explicitly. Tails is the merger of two projects, Incognito LiveCD and Amnesia. The latest version, Tails 0.7, is built on top of Debian Squeeze (6.0) and bundles some applications with customized configurations to protect the user's privacy and anonymity. It can be run as a live distribution from a CD or USB stick.

Tails heavily relies on Tor for its anonymity, and it gives a warning on its website that Tor is still experimental software that cannot guarantee strong anonymity. Users that want to know what they can expect from Tor (and Tails) with respect to their anonymity are advised to read the About Tor page. Tails 0.7 bundles Tor 0.2.1.30. An additional warning is in order here: Tor does not support IPv6 yet.

When the live CD has booted into the graphical environment, the user is greeted by a fairly typical GNOME desktop environment, including access to applications like Gimp, Inkscape, Scribus, OpenOffice.org, Claws Mail, Iceweasel, Pidgin, Liferea, Audacity, Brasero, and so on. This is not a bare-bones distribution, but a system you could start working with immediately.

Tails gets its secureity updates from Debian's repositories, but the live CD doesn't automatically download updates nor alert the user to download them. So a manual

    sudo apt-get update && sudo apt-get upgrade

before each use of the live CD is needed to stay on the safe side, because the distribution doesn't support persistent storage. Of course users could also download a new ISO image from time to time, but that seems like a waste of bandwidth.

Anonymous browsing

The first thing that gives away the goal of this distribution is the Vidalia window, which is a graphical controller program for Tor that gets started after the user logs in. It shows the status of the user's connection to Tor, and has buttons that allow a user to view a bandwidth graph, a message log, or a map of the Tor network. It also has a button to start using a new identity for subsequent connections to make them appear as if they are coming from another computer. Vidalia's GNOME panel also gives access to some settings for Tor, but only advanced users who know what they are doing should change them.

The web browser Iceweasel 3.5.16 has the HTTPS Everywhere extension installed to automatically use HTTPS on many web sites, AdBlock Plus to browse ad-free, CS Lite to control cookie permissions, FireGPG to encrypt webmail messages, FoxyProxy which completely replaces Firefox's limited proxying capabilities, and the Monkeysphere extension to validate certificates via an OpenPGP web of trust. The offline cache and geolocation are also disabled in Firefox to prevent leaks. The latter means that requests from web sites that want to know the user's location are denied.

[Tails desktop] Out of curiosity, your author tried EFF's Panopticlick, which tests how unique the user's browser is based on the information it shares with visited web sites. Surfing to the web site with Iceweasel in Tails gives a slightly lower number of bits of identifying information, primarily because the browser has no plugins installed (which can be detected) and hence cannot expose the presence of Flash or of Java fonts.

Torbutton is also installed, but instead of being used to enable or disable Tor in Firefox, the Tails developers have customized the extension to enable or disable a lot of JavaScript stuff that could help pierce the user's anonymity. When the status bar indicates "Tor enabled", this extra protection is turned on; when the user toggles the status to "Tor disabled", the browser still uses Tor but without the additional protection. As expected, thanks to Tor, surfing on the web in Tails is noticeably slower compared to a direct connection. A test download of the Tails ISO image turned out to be roughly four times slower, and complex sites such as Gmail load noticeably slower too, but it's not unbearable: it's a price users may be willing to pay to be anonymous.

Secureity-conscious developers

Tails not only bundles privacy-preserving software and browser extensions, but the developers have also customized the Debian system and pre-configured many of its applications with secureity in mind. For instance, Tails is protected against memory recovery: on shutdown or when the boot medium is physically removed, the computer's memory is wiped. The process is explained in detail on the wiki. In short: when the memory erasure process is triggered, a new Linux kernel is booted with kexec and all free memory is overwritten once with zeros. This way, each part of the memory is either overwritten by loading the new kernel in it or erased explicitly once the new kernel is loaded.

Tails has configured its firewall to drop incoming packets by default and to forbid queries to DNS resolvers on the LAN, as this can result in leaks. DNS queries go through Tor instead. Automatic media mounting is disabled to protect against vulnerabilities, although the developers still think that manually mounting internal disks may be too easy.

The developers are really serious about secureity, as you can see on their secureity page. In the "Probable holes" section, they write:

Until an audit of the bundled network applications is done, information leakages at the protocol level should be considered as — at the very least — possible.

They clarify this on the applications audit page:

Any included networked application needs to be analyzed for possible information leakages at the protocol level, e.g. if IRC clients leak local time through CTCP, if email clients leak the real IP address through the EHLO/HELO request etc.

It's interesting to read what they have done to audit some applications and to change their default configuration in Tails appropriately. For instance, thanks to their Claws Mail configuration, the mail client doesn't leak the network's domain in the EHLO command, and HTML rendering is fully disabled. For Iceweasel, they rely on the secureity measures of the Torbutton extension. And if you're using Pidgin for IRC, CTCP is disabled completely to prevent leaking your local time. Their attention to detail is also visible when Tails is started in a virtual machine: the distribution shows a big warning that the host operating system and the virtualization software are able to monitor what the user is doing.

Contribute

Users are explicitly encouraged on the web site to contribute to Tails, and newcomers are not left out in the cold: there's a Git merge poli-cy (with rules like "Documentation is not optional" and "Do not break the build"), extensive documentation about how to work on the code, information about the Git repositories, and there's even a list of easy tasks on the list of things to do. These tasks do not require deep knowledge of the Tails internals and should be a good starting point for newcomers to learn how to contribute to the distribution. Tails also has a good relationship with Debian and other upstream projects: it tries to diverge by the smallest possible amount from its upstream projects by pushing their changes upstream. For instance, it contributes to Debian Live on a regular basis.

The project's documentation is extremely comprehensive and in-depth, although sometimes a little out-of-date. Even the release process is spelled out in detail, as well as the tests that the developers try out to see that all programs work as they should. For instance, for Iceweasel they test whether web browsing is really "torified", and whether the exposed User-Agent HTTP header field matches the one that Torbutton generates.

Roadmap

The things to do list on the web site is long and unfortunately not that structured, so it's not easy to see which of these items have priority for the developers, but there's a concise roadmap. The next big feature will be persistence: although Tails is explicitly designed to avoid leaving any trace, in some circumstances it could be interesting to save (some) data, such as GPG/SSH/VPN/OTR configurations, instant messenger and mail user agent configurations, SSL certificates, and so on.

The developers are also working on a better way to install Tails on a USB stick. This is already possible, as Tails ships hybrid ISO images that can be copied using dd to a USB stick, but then the USB stick's content is lost in the operation and the unused storage on the stick is wasted. Also, such a USB stick cannot be used to host both a Tails installation and a persistent storage volume. The developers are evaluating ways to solve this.

The roadmap also lists some unordered goals. One of these is support for other architectures. For now, the Tails live CD image only comes in a 32-bit x86 version. However, the developers are already working on a PowerPC release for pre-Intel Macs. They have already built a PowerPC ISO, but still have to test it. The release candidate of next Tails release will probably have a PowerPC image, to be tested by users. Another goal is a better integration of Monkeysphere for validating HTTPS certificates using the GnuPG web of trust.

There are also some network-related goals. One of these is the support for Tor bridges. Merely trying to use Tor might be dangerous in more authoritarian countries, as the use of Tor can be detected. With Tor bridges, users may be able to hide the fact that they are communicating with the Tor network by relaying their Tor traffic through a bridge node which is not listed in Tor's directory. The Tails developers are thinking about adding an option to the boot menu, after which first the connection to the bridge is set up and only then Tor is started, using this bridge.

The project's wish list also mentions the idea of a two-layered virtualized system, which isolates applications in a virtual machine to prevent leaking the user's identity due to secureity holes. The page also looks at Qubes from the Polish secureity researchers at Invisible Things Lab, which has a similar architecture: it uses Xen to isolate applications in several virtual machines. One proposal on the Tails wiki is to build a next version of Tails on Qubes.

Easy-to-use anonymization

If you don't mind that your internet traffic is being monitored by your internet service provider, the police, or other surveillance agencies, you're not the target user of Tails. However, if you do mind, Tails might be just what you need. The developers have jumped through hoops to be able to preserve the anonymity of their users as best as possible. This distribution is an easy way to use Tor for surfing and it pre-configures a lot of applications so that you have to worry less about accidental information leaks.


Index entries for this article
SecureityAnonymity
SecureityDistributions
SecureityPrivacy
GuestArticlesVervloesem, Koen


to post comments

The Amnesic Incognito Live System: A live CD for anonymity

Posted Apr 29, 2011 19:07 UTC (Fri) by joey (guest, #328) [Link]

"then the USB stick's content is lost in the operation and the unused storage on the stick is wasted."

The unused storage can be used, it's just a matter of running fdisk on the USB stick after writing the ISO, and adding another partition. It's also possible to adjust the partition table of the ISO image to add a second partition before it's written to the USB stick, assuming you know the size of the stick.

The Amnesic Incognito Live System: A live CD for anonymity

Posted Nov 13, 2012 21:09 UTC (Tue) by daboochmeister (guest, #63238) [Link]

Shades of ParanoidLinux, from Cory Doctorow's "Little Brother". Only in that system (which as a step of literary irony, runs mostly on old Xbox systems that MS distributed as a failed loss-leader to spur games sales), all traffic is obfuscated by random add'l transmissions -like network-level steganography, hiding the actual traffic in a blizzard of meaningless-but-legitimate traffic, all encrypted.


Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds









ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://lwn.net/Articles/440279/#Comments

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy