Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy-Centric Linux Distro Tails Hits 2.0 Release

Posted by timothy on from the your-eyes-only dept.

A_Mythago writes: The Amnesic Incognito Live System (Tails) has finalized version 2.0, which has several improvements and updates to continue to meet their mission of preserving privacy, anonymity and circumventing censorship without a trace, using a Debian 8.0 custom live distro. More details about Edward Snowden's use of Tails and the distro itself can be found at a previous Slashdot story from 2014.

5 of 42 comments (clear)

  1. Additional info by LichtSpektren · · Score: 3, Informative

    On the firehose submission of this news, I recommended some additional information be included in TFS:
    "This summary could use some more information. I'm here to help! What version of Tor (0.2.7.8) and the Tor browser (5.5, based off Firefox ESR 38.6)? What's new in 2.0 besides the OS and Tor updates (switch from Claws Mail to GNU Icedove, switch from SysVinit to systemd)? Did you know that it uses GNOME classic-mode instead of fallback-mode now? Did you know that Tails will now notify you if you're using virtualization software with proprietary binaries?"

    1. Re:Additional info by LichtSpektren · · Score: 3, Insightful

      switch from SysVinit to systemd

      Yeah, that freaked out the Devuan paranoids https://lists.dyne.org/lurker/message/20160127.151137.ab4c9937.en.html

      The release notes tell you exactly why they're OK with systemd:

      "+ Sandbox many services using Linux namespaces and make them harder to exploit.
      + Make the launching of Tor and the memory wipe on shutdown more robust.
      + Sanitize our code base by replacing many custom scripts."

      Maybe that will change if a backdoor or serious security vulnerabilities are discovered, but until then, one need not be afraid.

    2. Re:Additional info by LichtSpektren · · Score: 2

      Tails is not immune to the observation that the chance and number of critical security errors increase as approximately the square of the number of new features.

      Only recently was the TrueCrypt security review completely, a and a half after the project was abandoned. At least one successor fork, VeraCrypt is not adding features every week.

      I would like monthly security fixes and no more than yearly feature additions.

      That's precisely what TAILS' release cycle is. It's based off of Debian stable, so whatever that wasn't in Jessie won't be added for several years. There are scheduled security updates (as well as emergency releases for when the security vulnerabilities are particularly serious).

  2. Re:Hmm? by LichtSpektren · · Score: 4, Informative

    circumventing censorship without a trace

    Perhaps someone may enlighten me here, but if I recall correctly, Tor doesn't actually hide the fact that you're using it, only what you're using it for, yes? Does Tails have some kind of extra protection to obscure even that??

    That's kind of backwards. Any webmaster can tell when there's Tor users accessing their server. The purpose of Tor is to prevent a location trace (since all that you'd see is what exit node they came out of, not which node they entered through). The Tor Browser and TAILS supplement this because they're pre-configured (N.B. they strongly recommend you don't alter any of the default settings), so that every TB and TAILS user looks identical (i.e. they leave no special fingerprints that could be used to identify them).

  3. Re:Mirror site by Coren22 · · Score: 2

    Thanks, that helped a lot. My download went way faster from that source.

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?