Will ParanoidLinux Protect the Truly Paranoid?

← Back to Stories (view on slashdot.org)

Will ParanoidLinux Protect the Truly Paranoid?

Posted by kdawson on Saturday October 4, 2008 @08:30AM from the tinfoil-laptop-carrying-case dept.

ruphus13 writes "There are still places on the world where having anonymity might mean the difference between life and death. Covering one's tracks is considered to be of such paramount importance that we are now witnessing the rise of a Linux distro catering to the most paranoid. The 'alpha-alpha' version of ParanoidLinux is now out. But is this the best way to protect oneself? Couldn't it be easily circumvented? The article asks, 'Why is it necessary to put the applications and services designed to protect anonymity, to encrypt files, to make the user nameless and faceless, all together, in one distribution? Let's think in a truly paranoid manner. Wouldn't it be far easier for a nefarious government organization to target that distribution's repositories, mirror that singular distribution's disk images with files of its own design, and leave every last one of that distribution's users in the great wide open?' What should truly paranoid user do?"

45 of 236 comments (clear)

Suggestion by msuarezalvarez · 2008-10-04 08:32 · Score: 5, Insightful

The truly paranoid user should get some help...
1. Re:Suggestion by Anonymous Coward · 2008-10-04 08:46 · Score: 5, Funny
  
  Are you talking about me?
2. Re:Suggestion by presidenteloco · 2008-10-04 08:55 · Score: 4, Informative
  
  Just because you're paranoid
  doesn't mean they're not out to get you.
  Remember, this is the same "they" that
  are responsible for every negative thing
  that affects you. They are very powerful,
  and pretty much omniscient, and although
  you are boring, they are not bored
  observing and foiling your every move.
  
  --
  
  Where are we going and why are we in a handbasket?
3. Re:Suggestion by Anonymous Coward · 2008-10-04 09:05 · Score: 5, Funny
  
  The truly paranoid user should get some help...
  So says one of the brainwashed masses. Have you considered that perhaps the only reason you don't believe that the government is reading and writing your thoughts is because you have been programmed to think that way? And have you considered that perhaps the paranoid aren't crazy but they only appear that way because you have been programmed to think that way?
  Of course not! This level of introspection would require you to break free of your programming. And even if you were able to independently do so, without wearing a psychotronic radiation deflector beanie you would just be reprogrammed in an instant.
  For the rest of us 'paranoids' I recommend that we hunker down and reinforce each others 'crazy' ideas. After all, we are the only ones who recognize our thoughts for what they are: sanity. And no, we don't consider our criticizing of the lack of introspection of the brainwashed masses to be hypocrisy because we *know* that we are right, unlike the brainwashed masses who are programmed to think that way.
4. Re:Suggestion by houghi · 2008-10-04 09:23 · Score: 3, Funny
  
  The truly paranoid user should get some help...
  I would love to, but who to trust ...
  
  --
  Don't fight for your country, if your country does not fight for you.
5. Re:Suggestion by youthoftoday · 2008-10-04 09:26 · Score: 2, Funny
  
  Twitter, is that you?
  
  --
  -1 not first post
6. Re:Suggestion by msuarezalvarez · 2008-10-04 09:28 · Score: 2, Funny
  
  Actually, I know for a fact that it is you who has been brainwashed into that state of paranoia: I work for a government agency which does that to people, simply for the entertainment value. Nice to see our out work here too: I rarely get to interact with our subjects!...
  Where do you think those 700 thousand million dollars are going to? The whole crash thing is just cover up: that money is coming directly to us. I'll look up your file on Monday first thing in the morning.
7. Re:Suggestion by ciderVisor · 2008-10-04 11:29 · Score: 2, Funny
  
  Ceiling Cat is watching you masturbate.
  
  --
  Squirrel!
8. Re:Suggestion by ezzzD55J · 2008-10-04 11:43 · Score: 4, Funny
  
  reminds me of this:
  In The Know: Is The Government Spying On Paranoid Schizophrenics Enough?
  http://www.theonion.com/content/video/in_the_know_is_the_government
9. Re:Suggestion by Pathwalker · 2008-10-04 12:29 · Score: 2, Funny
  
  Ahh - but who watches Ceiling Cat while Ceiling Cat is watching you?
  
  Actually I'd probably be better off not knowing - it's probably someone from /b/.
TinfoilHat is much better by meist3r · 2008-10-04 08:34 · Score: 2, Funny

It sets up fairly easily and once you've got it running no one will ever come near you again ... to harm you.
1. Re:TinfoilHat is much better by Anonymous Coward · 2008-10-04 09:42 · Score: 2, Funny
  
  It sets up fairly easily and once you've got it running no one will ever come near you again ... to harm you.
  They just want you to think that tinfoilhats protect you. Actually, they work as antennas.
2. Re:TinfoilHat is much better by supernova_hq · 2008-10-04 14:00 · Score: 2, Funny
  
  Don't forget the floor and to duct-tape the doors and windows.
  No, no, no, it has to be red construction tape!
3. Re:TinfoilHat is much better by flosofl · 2008-10-04 15:36 · Score: 2, Informative
  
  Then, once your tinfoil hat is secured in place, you can begin the tedious process of upgrading to covering your ceiling and walls with tinfoil.
  
  LIES!!! User johndmartiniii (obviously an alias) wants us to use tinfoil as a signal blocker. Fortunately I have found a copy of the study on tinfoil the Reptoid scientific community tried to bury. It's On the Effectiveness of Aluminium Foil Helmets: An Empirical Study
  
  Among a fringe community of paranoids, aluminum helmets serve as the protective measure of choice against invasive radio signals. We investigate the efficacy of three aluminum helmet designs on a sample group of four individuals. Using a $250,000 network analyser, we find that although on average all helmets attenuate invasive radio frequencies in either directions (either emanating from an outside source, or emanating from the cranium of the subject), certain frequencies are in fact greatly amplified. These amplified frequencies coincide with radio bands reserved for government use according to the Federal Communication Commission (FCC). Statistical evidence suggests the use of helmets may in fact enhance the governmentâ(TM)s invasive abilities. We speculate that the government may in fact have started the helmet craze for this reason.
  
  (emaphasis mine)
  
  Nice try johndmartiniii. Now know the brutality of your masters, the Reptoid Illuminati, as you are rendered into their protein vats after they discover the failure of your misinformation campaign.
  
  --
  "This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"
The obvious answer by jalefkowit · 2008-10-04 08:34 · Score: 3, Funny

What should [the] truly paranoid user do?
Trust no one?

--
Read my blog.
1. Re:The obvious answer by plover · 2008-10-04 08:47 · Score: 3, Funny
  
  "Stay Alert! Trust No One! Keep Your Laser Handy!"
  and
  "Trust The Computer. The Computer is Your Friend."
  
  --
  John
2. Re:The obvious answer by M8e · 2008-10-04 08:56 · Score: 2, Funny
  
  "Happiness is mandatory"
Hermit by el_chupanegre · 2008-10-04 08:38 · Score: 5, Insightful

A truly paranoid person would be suspicious of absolutely everyone and everything. That would mean writing your own OS on your own hardware etc etc.
Since this is impossible, go and live in hiding with no human contact or chance thereof.
Why would you download this 'super-safe' OS from some people you never met, through a public unencrypted network, if your life depended on it?
1. Re:Hermit by Phat_Tony · 2008-10-04 12:38 · Score: 3, Informative
  
  This is obviously not aimed at the truly paranoid, though. Paranoia is a psychological disease that makes people irrationally believe that everyone's out to get them. The paranoid would probably be particularly suspicious of any product aimed at paranoid people, and they really won't trust this product at all, because they are irrationally afraid of everyone and everything. Even if a bunch of well-known security researchers with good reputations had audited the source code and said it's a great implementation, and the principles leading the project were well known people with a good reputation, the truly paranoid would still fear it, because there is no limit to the scope of a conspiracy they'll believe in.
  
  But there's no reason to ask whether or not the truly paranoid would be willing to use Paranoid Linux, because it's not aimed at them. It's just a clever name. It's aimed at people who actually have a rational fear that someone's out to get them. (Note that, if everyone really was out to get you, and you knew that they were, it would be impossible for you to be paranoid. The following is not an actual instance of Godwin's Law because I'm not using this to counteract anybody's argument, it's just an actual good example: while Hitler's often been described as paranoid, it would actually have been impossible for him to have been paranoid. Nearly every person in the world really did have potential reasons to be out to get him.)
  
  So this is aimed at people like political dissenters in oppressive countries. They aren't paranoid, but in many ways they act like paranoid people, because it truly is possible, or even likely, that someone really is out to get them.
  
  The main thing I worry about is that the mere presence of Paranoid Linux installed on your machine will be grounds for prosecuting you in the places where it's most needed. Is Paranoid Linux paranoid enough to make itself appear indistinguishable from Windows? Can Paranoid Linux run in the background as a stealth rootkit on Windows that you can't even find or access without secret, user-specifiable knowledge?
  
  --
  Can anyone tell me how to set my sig on Slashdot?
Based on an idea from Cory's book by Phyrexicaid · 2008-10-04 08:39 · Score: 4, Informative

Little Brother by Cory Doctorow uses this idea (and name), and the distro was started based on that.

--
The meme is dead, long live the meme!
1. Re:Based on an idea from Cory's book by Phyrexicaid · 2008-10-04 09:11 · Score: 3, Funny
  
  Didn't read TFA, I read TFB
  
  --
  The meme is dead, long live the meme!
True open source question by cdrguru · 2008-10-04 08:41 · Score: 4, Insightful

If you do not examine the source, how can you trust any piece of software? You are in effect agreeing to trust the unknown people that have looked at the source. Except in the case of a smallish distribution nobody may have actually looked into that particular distribution in any detail at all.
Of course, there is a greater issue of trust. If you accept chips made by unknown fabricators, do you know what microcode has been implemented? If you cannot examine the "source code" of the chips being used how can you actually trust that these chips are not doing things behind your back to reveal your identity and files?
So without a truly "open" computer, you are trusting a whole raft of unknown individuals and companies with your identity, your data, your reputation.
Moreover, if you are not knowledgeable about programming languages, using any computer is an act of utter faith with plenty of reason to not be so trusting. It is like climbing a mountain with a guide that only lost "a few" parties last year.
1. Re:True open source question by zxaos · 2008-10-04 09:14 · Score: 2, Insightful
  
  You implement your own compiler in assembly, on open chips, and then you compile a checked version of gcc with the compiler you built and go on from there.
  Obviously. :p
2. Re:True open source question by cdfh · 2008-10-04 09:16 · Score: 4, Interesting
  
  Ken Thompson talks about using untrusted compilers in his lecture, "Reflections on Trusting Trust".
  (See also: this)
3. Re:True open source question by slimjim8094 · 2008-10-04 10:53 · Score: 2, Insightful
  
  Great, and really cool, thought experiment. However, you can hand-assemble fairly easily (I wouldn't, though) and then you don't even need to trust so much as an assembler.
  For the paranoid but lazy - check the C source for spies, compile to assembler, check the assembler and make sure it matches the C code, then hand-assemble.
  Or write your own quick and dirty C compiler, use it to compile GCC, then compile it with itself so you get the nifty optimizations.
  
  --
  I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
easy answer by schnikies79 · 2008-10-04 08:42 · Score: 5, Insightful

"What should truly paranoid user do?"
Stay off the internet.

--
Gone!
Borrow wifi - get someone to type for you by presidenteloco · 2008-10-04 08:49 · Score: 4, Interesting

1. Always borrow random open wifi access points,
in a geographic pattern not centered around your habitual location
2. Get a new unknowing assistant to type in roughly what you want to say each time. There are pattern detectors for your ways of expressing things.
3. Establish online identities such as gmail that have no tie whatsoever to any of your identity info or financial info

--

Where are we going and why are we in a handbasket?
What do do? by Rick+Zeman · 2008-10-04 08:49 · Score: 2, Informative

What should truly paranoid user do?
Pull the tinfoil hat down tighter....
Quite Franky by eclectro · 2008-10-04 08:51 · Score: 5, Funny

This slashdot story was posted to get us to use Paranoid Linux, which can only mean that some one planted a backdoor in it.

--
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Re:well by fractic · 2008-10-04 08:54 · Score: 3, Funny

self help books?
Re:well by RiotingPacifist · 2008-10-04 09:02 · Score: 2, Funny

but can the author be trusted?

--
IranAir Flight 655 never forget!
Re:well by coren2000 · 2008-10-04 09:11 · Score: 2, Funny

Only if the self help book is self authored by the paranoid individual.
Just not in a public place. by RockoTDF · 2008-10-04 09:13 · Score: 3, Interesting

The truly paranoid user should get use a liveCD with a mac address scrambler off of a wireless connection that does not belong to them.

--
There is more to science than physics!

www.iomalfunction.blogspot.com
The truly paranoid shouldn't be online by fortapocalypse · 2008-10-04 09:17 · Score: 2, Funny

Forget Linux, throw away all electronic devices, and follow these handy tips:
1. Preferably find a wife/husband related to you (the closer the better, because you can trust your blood kin more, but avoid anything closer than 3rd cousins if possible).
2. Squat on a large remote property you don't own (preferably somewhere considered by other folk to be inhabitable).
3. Have 10-50 kids (more than that and you might just be inviting mutiny).
4. Teach kids to how to hunt, fish, and guard the perimeter of the property you're squatting on.
5. Please note that aluminum foil around the head isn't safe anymore because of darn nanotechnology, in fact nothing is completely safe. But making everything from nature is as safe as your going to get, so make everything from all natural materials that you find and grow yourself.
6. Stop reading slashdot. They watch people that read slashdot.
Sorry, Ken Thompson (brain fart...) by Giant+Electronic+Bra · 2008-10-04 09:23 · Score: 2, Interesting

"It is also possible to create a backdoor without modifying the source code of a program, or even modifying it after compilation. This can be done by rewriting the compiler so that it recognizes code during compilation that triggers inclusion of a backdoor in the compiled output. When the compromised compiler finds such code, it compiles it as normal, but also inserts a backdoor (perhaps a password recognition routine). So, when the user provides that input, he gains access to some (likely undocumented) aspect of program operation. This attack was first outlined by Ken Thompson in his famous paper Reflections on Trusting Trust."
http://en.wikipedia.org/wiki/Backdoor_(computing)

--
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
Re:well by NFN_NLN · 2008-10-04 09:24 · Score: 5, Interesting

What should truly paranoid user do?
get help?
get BSD?
Seriously, there is already an OS aimed at security... OpenBSD:
"Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography."
"Audit Process:
Our security auditing team typically has between six and twelve members who continue to search for and fix new security holes. We have been auditing since the summer of 1996. The process we follow to increase security is simply a comprehensive file-by-file analysis of every critical software component. We are not so much looking for security holes, as we are looking for basic software bugs, and if years later someone discovers the problem used to be a security issue, and we fixed it because it was just a bug, well, all the better. Flaws have been found in just about every area of the system. Entire new classes of security problems have been found during our audit, and often source code which had been audited earlier needs re-auditing with these new flaws in mind. Code often gets audited multiple times, and by multiple people with different auditing skills."
Re:Paranoia by BPPG · 2008-10-04 09:52 · Score: 2, Funny

What? Who let the liberal arts major in here?

--
What's the value of information that you don't know?
Re:well by coren2000 · 2008-10-04 11:00 · Score: 5, Funny

OBVIOUSLY the paranoid individual will not allow anyone else to see the self help book, let alone publish it.
Also, the self help book will be written freehand in blood. Every time the paranoid reads the book they will DNA test the blood to ensure that it is their own blood. DNA tests are ofcourse done in house and using tools that the paranoid has already assembled based on research that they have done themselves.
Still, there is a risk of clone operatives... but isn't there always?
A paranoid user should use this by xant · 2008-10-04 11:08 · Score: 3, Interesting

I think a lot of people misunderstand the concept of "single point of failure". With all of this stuff in one place, yes, there's only one place that attackers need to attack. But there's also only one place that defenders need to defend. The alternative is that all these security programs remain scattered in lots of places on the Internet. True, attackers probably won't be able to subvert more than a couple of those, but it only takes one flaw in your security for them to get you. If you subverted GPG, it doesn't matter much that TrueCrypt is still working for you. If someone subverted SSL, or DNS, and it doesn't matter much that the Linux Kernel is still secure. Best to get everything from one place, and make sure that one place is really, REALLY damn secure.

--
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Chuck Moore has done this... by EmbeddedJanitor · 2008-10-04 11:16 · Score: 3, Interesting

http://en.wikipedia.org/wiki/Charles_H._Moore designed his own language (Forth), an OS, chip design software and designed his own CPUs.
I'd say he's well on his way to achieving this.

--
Engineering is the art of compromise.
Re:well by H3g3m0n · 2008-10-04 11:18 · Score: 2, Informative

That is for security *NOT* anonymity, those are completely different things.

Paranoid people need to ensure that things like Banshee in Gnome don't perform the "Similar Artists" lookup in case the RIAA is watching, or they are in a place where the internet is restricted, or where there taste in music could get them in trouble.

Then there is the issue of cached files, Gnome by default keeps a listing of all the files you open, it keeps a thumbnail of image that appears in Nautilus. You need to disable a lot of that stuff by default in case someone access your system while your logged in (I assume you have an encrypted partition).

A secure kernel will only do so much to help, such as it will help stop malicious software from gaining root.

--
cat /dev/urandom > .sig
Re:Only one real answer by AgentPaper · 2008-10-04 12:07 · Score: 2, Funny

You forgot to scrub down your body with a high-level disinfectant (potentially traceable commensal bacteria on your skin). After that, you'll have to spend the rest of your life in a full-body skin garment (DNA from shed skin cells). And you'll have to wear a full-helmet respirator (exhaled trace chemicals from your bloodstream, potentially traceable). And your suit will have to contain and reprocess all your wastes (DNA from epithelial cells in your urine/feces). And you can never speak a word (identification through voice analysis).
...And now that you look like Hollywood's best guess at an extraterrestrial, other paranoids can use you as evidence that "They" have been concealing the existence of sentient alien life. Awesome!
(Full disclosure: This post contains high levels of sarcasm, which may be traceable in readers' thought patterns. Do not read if you're worried about "Them" detecting your brainwaves or some other such B.S.)

--
First rule of trauma: Bleeding always stops.
For anonymity as well as security by Beryllium+Sphere(tm) · 2008-10-04 12:37 · Score: 2, Interesting

Someone could resurrect the Anonym.os project, an OpenBSD live CD with anonymity tools.
Re:well by funwithBSD · 2008-10-04 12:38 · Score: 2, Informative

You must be secure FIRST.
Otherwise you are not anonymous.

--
Never answer an anonymous letter. - Yogi Berra
Re:well by TehZorroness · 2008-10-04 15:36 · Score: 2, Funny

God damn it, you gave me an excuse.