Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy-Centric Linux Distro Tails Hits 2.0 Release

Posted by timothy on from the your-eyes-only dept.

A_Mythago writes: The Amnesic Incognito Live System (Tails) has finalized version 2.0, which has several improvements and updates to continue to meet their mission of preserving privacy, anonymity and circumventing censorship without a trace, using a Debian 8.0 custom live distro. More details about Edward Snowden's use of Tails and the distro itself can be found at a previous Slashdot story from 2014.

42 comments

  1. Pointless by Anonymous Coward · · Score: 0

    When someone with a scanning maser/radar can decode electrical signals from your brain, I think privacy tools are a bit redundant.

    1. Re: Pointless by Anonymous Coward · · Score: 0

      Well done mate.

    2. Re:Pointless by Anonymous Coward · · Score: 0

      That just requires SEVERAL layers of tinfoil. . .

  2. Additional info by LichtSpektren · · Score: 3, Informative

    On the firehose submission of this news, I recommended some additional information be included in TFS:
    "This summary could use some more information. I'm here to help! What version of Tor (0.2.7.8) and the Tor browser (5.5, based off Firefox ESR 38.6)? What's new in 2.0 besides the OS and Tor updates (switch from Claws Mail to GNU Icedove, switch from SysVinit to systemd)? Did you know that it uses GNOME classic-mode instead of fallback-mode now? Did you know that Tails will now notify you if you're using virtualization software with proprietary binaries?"

    1. Re:Additional info by Eunuchswear · · Score: 0

      switch from SysVinit to systemd

      Yeah, that freaked out the Devuan paranoids https://lists.dyne.org/lurker/message/20160127.151137.ab4c9937.en.html

      --
      Watch this Heartland Institute video
    2. Re:Additional info by Anonymous Coward · · Score: 1

      Tails is not immune to the observation that the chance and number of critical security errors increase as approximately the square of the number of new features.

      Only recently was the TrueCrypt security review completely, a and a half after the project was abandoned. At least one successor fork, VeraCrypt is not adding features every week.

      I would like monthly security fixes and no more than yearly feature additions.

    3. Re:Additional info by LichtSpektren · · Score: 3, Insightful

      switch from SysVinit to systemd

      Yeah, that freaked out the Devuan paranoids https://lists.dyne.org/lurker/message/20160127.151137.ab4c9937.en.html

      The release notes tell you exactly why they're OK with systemd:

      "+ Sandbox many services using Linux namespaces and make them harder to exploit.
      + Make the launching of Tor and the memory wipe on shutdown more robust.
      + Sanitize our code base by replacing many custom scripts."

      Maybe that will change if a backdoor or serious security vulnerabilities are discovered, but until then, one need not be afraid.

    4. Re:Additional info by LichtSpektren · · Score: 2

      Tails is not immune to the observation that the chance and number of critical security errors increase as approximately the square of the number of new features.

      Only recently was the TrueCrypt security review completely, a and a half after the project was abandoned. At least one successor fork, VeraCrypt is not adding features every week.

      I would like monthly security fixes and no more than yearly feature additions.

      That's precisely what TAILS' release cycle is. It's based off of Debian stable, so whatever that wasn't in Jessie won't be added for several years. There are scheduled security updates (as well as emergency releases for when the security vulnerabilities are particularly serious).

    5. Re:Additional info by Anonymous Coward · · Score: 0

      There's a lot to be said against the borglike systemd-* constellation subsuming everything in its path (which will come first? systemd-emacs or M-x systemd-mode?) , usually in shitty ways, but if you don't drag in all the garbage like the DNS resolver that is weak against poisoning attacks the big boys fixed a decade ago, the core init system should be acceptable.

    6. Re: Additional info by Anonymous Coward · · Score: 0

      Always type it SystemD so that it looks like an ASCII penis.

    7. Re:Additional info by Anonymous Coward · · Score: 0

      You forgot, "And you still can't use it for browsing porn sites, because Flash."

    8. Re:Additional info by Anonymous Coward · · Score: 0

      If you just want the init part, go with nosh. It can even understand systemd unit files just fine.

  3. So what's the bet. . . . by Anonymous Coward · · Score: 0

    . . . .that No Such Agency is watching all traffic going to the TAILS site and its' download mirrors ?

    After all, if you can be identified by IP as INTERESTED in an Anonymity Distro, they're already admitted it spotlights you. They don't NEED to crack it, if they identify the machine and get an exploit on to it. . .

    1. Re: So what's the bet. . . . by Anonymous Coward · · Score: 0

      So. This doesn't mean you can't change isp, nor does it infer that the isp switch can be traced.

    2. Re: So what's the bet. . . . by Coren22 · · Score: 1

      Heck, mask your Mac address and go to starbucks....this isn't complex stuff here.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    3. Re: So what's the bet. . . . by LichtSpektren · · Score: 1

      Heck, mask your Mac address and go to starbucks....this isn't complex stuff here.

      All that would obscure is which computer at the Starbucks is doing whatever shady thing is being done online. If you used TAILS, there would be no proof that it ever booted on your computer at all.

    4. Re: So what's the bet. . . . by Coren22 · · Score: 1

      Go back to my post, and click the Parent link. I was responding to a thread about the download of TAILS being traceable to an IP, which would show intelligence agencies that you went and downloaded TAILS. If you do it from Starbucks with a fake MAC address, the Intelligence agencies have no clue who downloaded TAILS, after that you can use it wherever you like.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  4. Fresh News by Anonymous Coward · · Score: 0

    Get your fresh news here, just 2 days old, not spoiled yet!

  5. Tried to get it 2 days ago. by truck_soccer · · Score: 1

    I tried to install it through my junker ubuntu laptop but the repository location got a 404 error and then I lost motivation to find out why.

  6. Hmm? by EmeraldBot · · Score: 1

    circumventing censorship without a trace

    Perhaps someone may enlighten me here, but if I recall correctly, Tor doesn't actually hide the fact that you're using it, only what you're using it for, yes? Does Tails have some kind of extra protection to obscure even that??

    --
    "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
    1. Re:Hmm? by LichtSpektren · · Score: 4, Informative

      circumventing censorship without a trace

      Perhaps someone may enlighten me here, but if I recall correctly, Tor doesn't actually hide the fact that you're using it, only what you're using it for, yes? Does Tails have some kind of extra protection to obscure even that??

      That's kind of backwards. Any webmaster can tell when there's Tor users accessing their server. The purpose of Tor is to prevent a location trace (since all that you'd see is what exit node they came out of, not which node they entered through). The Tor Browser and TAILS supplement this because they're pre-configured (N.B. they strongly recommend you don't alter any of the default settings), so that every TB and TAILS user looks identical (i.e. they leave no special fingerprints that could be used to identify them).

    2. Re:Hmm? by Actually,+I+do+RTFA · · Score: 1

      Correct, Tor does not usually hide the fact that you are using it. There are some obscuring gateways into Tor, but those only work if you know about them and your adversary doesn't. I wouldn't trust that, and assume if I am using Tor, anyone who wants to know that fact can get it.

      The bomb threat made at Harvard (via Tor) a while back was traced to the only person who was on Tor when it was sent. That was the primary thing that lead to his suspicion.

      --
      Your ad here. Ask me how!
    3. Re:Hmm? by LichtSpektren · · Score: 1

      Correct, Tor does not usually hide the fact that you are using it. There are some obscuring gateways into Tor, but those only work if you know about them and your adversary doesn't. I wouldn't trust that, and assume if I am using Tor, anyone who wants to know that fact can get it.

      The bomb threat made at Harvard (via Tor) a while back was traced to the only person who was on Tor when it was sent. That was the primary thing that lead to his suspicion.

      Right. The reason the Tor Browser works is because everyone using it is indistinguishable. What this means is that the less people using it, the weaker its obfuscation of its users becomes.

    4. Re:Hmm? by Anonymous Coward · · Score: 0

      Censorship and government sniffing can be (and probably usually is) done somewhere at a "more global" providing level, not individual server. E.g. https://en.wikipedia.org/wiki/SORM

    5. Re:Hmm? by Anonymous Coward · · Score: 0

      + I think, EmeraldBot was saying that the Tor traffic is easily distinguishable, which is worrisome even if they can't figure out where it's coming from and to whom.

  7. Safe to download? by Anonymous Coward · · Score: 0

    Or will grabbing this put me on the NSA watchlist?

  8. The Amnesic Incognito Live System by Anonymous Coward · · Score: 1

    This is what happens when you try to force an acronym.

  9. Nothing running on an Intel chip can be trusted... by Anonymous Coward · · Score: 0

    The progress of Tails is welcome, but there is a lack of trustworthy hardware to run it on. All current Intel processors are hopelessly and fundamentally flawed. The state of x86 security was never good, but Intel has taken it to a whole new level, and now provides the perfect platform for invisible backdoors, rootkits, and other malware.

  10. On a mint 17.3 by Anonymous Coward · · Score: 1

    Dont bother the ppa just download the torrent file for the iso.
    you can use ktorrent it is a little tricky but you will figure it out.

  11. Re:Mirror site by Coren22 · · Score: 2

    Thanks, that helped a lot. My download went way faster from that source.

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  12. An hour to install? by bigsexyjoe · · Score: 1

    Weren't you able to run Tails 1.0 by just putting in a CD and booting from it? What am I missing? I thought Tails was a live OS and you didn't "install" it per say.

    --
    Democracy Now! - your daily, uncensored, corporate-free
    1. Re: An hour to install? by Anonymous Coward · · Score: 0

      I thought the same and it's 'per se'.

    2. Re:An hour to install? by Anonymous Coward · · Score: 0

      Reading the upgrade instructions it seems they consider the time spent downloading it to be included in the "time to install".

    3. Re: An hour to install? by Anonymous Coward · · Score: 0

      How would they know at what speed I'm going to download?

    4. Re: An hour to install? by Zontar+The+Mindless · · Score: 1

      It is the same. They just push an apparently new and eye-crossingly "simplified" solution out in front of it.

      Just show us where to grab the ISO so we can burn the damned thing to a DVD or USB already, geez.

      --
      Il n'y a pas de Planet B.
    5. Re: An hour to install? by Zontar+The+Mindless · · Score: 1

      Oh, I'm sorry--be sure to hide your user agent, or they'll try to make you download some damned Firefox add-on first, for verifying the download. Fortunately, there's a torrent.

      --
      Il n'y a pas de Planet B.
    6. Re: An hour to install? by Zontar+The+Mindless · · Score: 1

      The torrent took me exactly 1 minute and one second to download.

      --
      Il n'y a pas de Planet B.
  13. Re: mod Do3n by Anonymous Coward · · Score: 0

    It sure does. Because it's eof.

  14. Re:Nothing running on an Intel chip can be trusted by godel_56 · · Score: 1

    The progress of Tails is welcome, but there is a lack of trustworthy hardware to run it on. All current Intel processors are hopelessly and fundamentally flawed. The state of x86 security was never good, but Intel has taken it to a whole new level, and now provides the perfect platform for invisible backdoors, rootkits, and other malware.

    True, so use a computer that can't be traced to you.

    Buy a second hand laptop for cash in a private sale, somewhere away from the cameras, and use it only for that purpose. Transfer files using USB keys or disposable data CDs, to or from your working computer which is air-gaped, or at least not used for anything the watchers may be interested in.

  15. Exit nodes by Anonymous Coward · · Score: 0

    I'm yet to start using TOR, and hear a lot about some of the exit nodes being compromised, exit nodes being able to see the original IP.
    Is this true, and if so, why is TOR still being used, if it's so easy to compromise (for lack of better term)?
    Also, given the inherent danger of setting up exit nodes, who does run them, and how do they keep out of the firing line?

    This seems like the best place to ask, I haven't been able to find a concise answer on the above.