Tor Browser 5.5 introduces protection against fingerprinting but due to an oversight it is not enabled in Tails 2.0. However, this is not so bad for Tails users since each Tails system has the same fonts installed, and hence will look identical, so this only means that it's easy to distinguish whether a user of Tor Browser 5.5 uses Tails or not. That is already easy given that Tails has the AdBlock Plus extension enabled, unlike the normal Tor Browser.
I wonder why they opted to preload it with AdBlock Plus instead of uBlock Origin. I'm sure gorhill would certainly give his blessing, and by all measurements it is just as effective with way less overhead.
Heck, they could go one step further and preload it with a uBlock Origin profile on a paranoid mode that proactively disables all JavaScript (last I remember using Tor I had to manually disable Javascript in the Firefox config).
uBlock Origin's advanced mode is also a lot nicer for JS blocking than NoScript and similar tools even as it allows you to unblock a CDN for a certain domain but not others, so you don't wind up allowing *.cloudfront.com for the whole internet.
And most privacy conscious people left Adblock Plus after they started allowing "acceptable ads" including from some pretty notorious trackers.
moving to uBlock was at first waiting on it to be included in Debian, but then abandoned as the Adblock in Tails doesn't allow the accepted ads by default (ignoring the performance improvements):
Sounds like this ticket was raised before the uBlock / Origin split. It would probably be worth re-opening or re-submitting the ticket explicitly with regards to:
A) That uBlock Origin is still actively worked on while uBlock has largely stalled.
B) The evidence[0] that uBlock Origin operates with substantially less overhead than Adblock Plus
C) The ability for uBlock Origin to double as a Javascript blocker.
I use AdBlock Plus because of the Element Hiding Helper addon, which lets me easily and perpetually hide whatever DOM element I decide is annoying me or taking up unnecessary space. To my knowledge there is no similar addon for uBlock Origin.
I appreciate a lot of the work that the Tails guys do - but for a privacy and security focused distribution there are far too many included apps for my liking[1], which increases the attack surface. LibreOffice, Gimp and Audacity are just some of the apps - and many have a horrible history of vulnerabilities[2].
When Tails has had vulnerabilities it is often with one of these included apps[6].
The browser isn't sanboxed (it's in progress[3]), and the machine is still directly connected to the internet, so you're a single Firefox vulnerability and a drive-by download away from being deanonymized.
It is also a shame that both OS X and Windows make it difficult to write an OS to an USB stick and boot from it - the install requires an intermediary Linux OS either on DVD or USB, which a lot of users won't get by.
For a different approach, see Whonix[4] - a virtual machine based approach with an isolating proxy (very popular setup amongst black hats) and Qubes OS[4] which is built on Xen and runs processes in separate VM's
The Whonix approach is very reasonable. Tails must be considered inadequate when used as a complete solution as long as the browser isn't fully isolated from the Tor underlay.
I built a custom VMWare install of Windows Embedded (well, they're all custom) running just Chromium. I think it's pretty secure - the footprint is tiny, I was actually more concerned about switching off some of the fancier features of Chromium (such as Canvas and WebGL).
In theory it would make an excellent thin client to use with an OpenBSD isolating proxy - i'm actually curious to hear what others would think about using embedded Windows (XP or 8 or 10) in this way.
If the browser leaks identifying client information through HTTPS or other encrypted protocols, the proxy (torify) will not be able to help. That is why Tor Browser is important.
yep, the way it is setup is you create a private network in VMWare, the proxy/router box has a live IP address on one end and is running a DHCP server on the private network. The client VM's connect to the Tor daemon on the proxy/router using SOCKS or HTTP
I don't use torify or anything else - if the app doesn't support SOCKS or HTTP then I don't use it. Any browser leaks will just hit a wall against the router VM.
It's the whonix architecture - except I use my own router (wasn't comfortable with whonix's 1.6GB+ router) and client.
One "practical" reason is that its relatively easy to make a Debian-based derivative distribution due to the large amount of prior art, tools and manpower. Now, if we could integrate Qubes-style isolation with Debian then most of this could be ameliorated. :)
Https only guarantees the origin and protects against MITM, they provide a GPG signing key and sign their isos so it does all that + guarantees that even if their websote gets compromised attackers wouldn't be able to distribute software unless they obtained the private key.
But if the file and site are both accessed over HTTP, it's possible for a bad actor to alter the file and then change the signatures+checksums listed on the page to reflect it.
That can happen regardless of HTTP/HTTPS, say if the site was hacked they could be serving a bad key/signature, which is why you should always obtain the public GPG key (in any scenario, really) via a trusted channel, or multiple ones.
So for instance in this case you could grab the gpg key, go into their IRC channel and ask for it again, etc.
I do agree HTTP makes it easier to MITM, but in theory if you are serious about security you should not be relying on HTTPS alone.
The fact is however, HTTPS offers massive improvements for security for the majority of users, especially those using public or shared Wi-Fi (i.e. Work or School), assuming they're using their own device. Assuming HSTS was set up, it would be impossible to strip SSL without causing most browsers to panic and refuse you access to the website.
On those types of networks, MITM attacks are extremely easy, and there are tools to do it in seconds. It may be more likely for you to get MITM'd and have them modify the signature, than for the actual website to get hacked. Combined with the fact that some people would try to download Tails across these types of network for the added anonymity.
The main ISO link is able to be used via HTTPS (by adding an "s" to the URL) but it's got some compliance issue. HTTPS would likely not provide anonymity, since it leaks to much metadata; might be wrong, just my opinion.
If you use a distinct server for Tails then you could still spot the downloads, you'd need HTTPS and serving from a busy mirror that serves a lot of other apps and systems as well
I'm sure I'm not first to question this, but if you download Tails or Tor browser or whatever, wouldn't that be sort of obvious? I mean it leaves traces. Then if you only use it to do something specific be it chat with friends, browse for porn, take part is activism or to buy illegal products for example wouldn't it be easy to see that: your computer went offline, then something new (Tails) went up, took anonymous connection to somewhere and then X happened, then Tails went away and your main OS/machine went back up.
My main "inspiration" here is the fake bomb threat by the college kid to get out of mid terms, just before the email about the bomb was sent his IP downloaded Tor bundle. The service he was using also had the schools IP or something so administration could see it was sent from inside the school, but I think that is still valid concern. This kind of meta data about your actions can leak just as much information as actually seeing what you are doing.
My question therefor would be: should more people use Tails as their "daily driver"? Would that make it more anonymous/private for the people like whistle blowers? My only idea at the moment would be to pay for two separate trusted VPN provider (don't know how you would vet that trustworthiness) with bitcoin, to keep your anonymity/privacy with them as well. Then pipe all your traffic through one of the VPNs all the time. Then when you need to use Tor, you would simply pipe it through that same VPN when you would emerge with rest of the clients from same point and then pipe your Tor traffic through the secondary VPN. This way you would still get the benefits of encrypted tunnels all the way through with benefit of Tors anonymizing and it might not be so obvious you are browsing Tor to your ISP or whatever.
Maybe I'm thinking this is harder than it actually is
First, Harvard bomb kid was caught because of some decent sysadmins ran good network analysis and after receiving a bomb threat that was received from Tor saw that there was only a single student on the entire network that was running Tor.
ISP's or network providers know if you're running Tor, when you're online and when you're active (it has been used in criminal cases to link real people to online aliases)
Someone else in this thread pointed out that the download points for Tails are all HTTP - so you can't find it and download it anonymously.
The way to do it would be to find an HTTPS mirror (avoiding search engines) or a public terminal.
IMO you shouldn't use Tails as your personal machine. This isn't a technical decision more a question of OPSEC policy. The key to anonymity is compartmentalization - the concept of creating, maintaining and then isolating your different identities.
Your real identity will continue to use your computer, your phone number, your internet connection, etc. It might tighten up some privacy leaks. Your anonymous identity (which may have a name) will use Tor in a virtual machine as a gateway and Linux in another virtual machine as a client, or it will boot into Tails. The anonymous identity using Tor has nothing in common with the real identity that can be linked together by a passive or active attacker.
For ex. your anon identity is doing anonymous stuff on anonymous online markets, but then you use the same Tails session to login to your personal Gmail. You've just been de-anonymized. Don't share anything between the two identities (having the same interests, typing style, etc. to name a few) as that would tie an anonymous identity to a real one.
With this in mind, Tails is perfect for the use case of 'I need to do some anonymous stuff with my anonymous identity and then get back' which is exactly how a lot of journalists, black hats, etc. use it. The more 'comfortable' Tails is with features and programs the more likely you are to hang around and do something that will de-anonymize you :)
Seems you can download via bittorrent as well? [1]
BTW, if you download a file of 1.1 GB from boum.org then the size of the download already pretty much gives away that you are downloading tails.. So https does not give you anonymous downloads, it gives you an increased certainty of origin. But as you should verify the signature instead (which is served over https)[2] I think it is fine to download via http.
I mean... you could do this, but it would completely depend on your threat level. The problem with this idea is that using your computer in any way that's remotely convenient or normal is impossible. Eventually everyone screws up/gets frustrated/let's their parent or SO use the machine. Right then all of this is mute.
If you're this level of paranoid any email account used more than a handful of times has to be burned and never touched. You definitely should not ever access a cell network with a smartphone, which has to be burned as well every week or so. Social media use is also dead. If you don't use social media because of security concerns, that's fine, but 2.5 billion people do, so you're probably in the minority.
If you're going to whistle blow there are a bunch of other steps you should implement, running TOR being one of them, Tails if you're that high up of a risk (hint: you're probably not). If you're at that level 1.) you should be doing everything from various public wifi networks in cities nowhere near you and 2.) the fact that you downloaded TOR is not what anyone's interested in anyways, it's what you're saying and doing behind it.
>1.) you should be doing everything from various public wifi networks in cities nowhere near you and 2.) the fact that you downloaded TOR is not what anyone's interested in anyways, it's what you're saying and doing behind it.
Everyone keeps saying that you should "take a greyhound out to the boon to use their wifi to be anonymous", it's pretty suspect if suddenly you take a trip to somewhere you've never been to with no obvious motive and suddenly bunch of data related to you/your employer gets leaked.
About no one caring you download Tor, if it still gets hovered up in some NSA-database-type-thing you can be exposed years after the fact. Just like no one cares (right now) what kind of porn you watch, but maybe in future some suppressive regime gets to power and they don't like how you spend your past time.
Pay cash for your ticket, leave your smartphone at home switched on (even script some stuff if you want to make it look like there's activity there). Boot into a live CD, make sure you use a spoofed MAC address (does TAILS do this automatically?) and keep your face away from cameras.
Should be pretty bulletproof against all but the most capable adversaries.
Firefox refuses to let me look at this page because of a certificate problem.
Not to go off on a rant, but this is what the "everyone must use https because we said so" edict is going to cause - it's not enough you use https, it has to be the right kind of https that involves a third party issuer of certs.
Can anyone fix that issue or link to a different page please?
> Firefox refuses to let me look at this page because of a certificate problem.
Me too, but I know why: my employer's proxy MITMs any SSL connections whose certificate authority it does not recognize as bona fide. Quite aggravating - but a very nice tool to explain SSL MITM to users... There's always a silver lining !
> whose certificate authority it does not recognize as bona fide
That's a very strange criteria; do you mean that anything that would have been a certificate error gets MITMed instead, rather than rejected? Very strange.
Not just the self-signed ones - also some others... I wonder what the whitelist is. The proxy is the infamous McAfee Web Gateway - I don't know if the list is user-maintained or supplied by the vendor.
To be more precise, they offer no defense against MITM on first visit. Once I've pinned a particular self-signed cert for a particular site, I'll be quite suspicious if that cert ever changes.
I can proceed if I add an exception. But I don't know if I want to add an exception.
Edit: Clock is automatically set via OSX. Not a problem with other sites.
Firefox says
tails.boum.org uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: sec_error_unknown_issuer)
Sooooo..... I need a root certificate of some sort then? See, this is what we get to contend with - I can't read this site because reasons. And it's up to me to find out what the reasons are I guess. Wait till this hits the masses when certs get revoked, expire, etc. :)
And you shouldn't - this page uses a valid certificate for me. Either your clock is set wrong, you're missing CAs or you're being MITM'd. Verify your time, check the certificate chain on the site (should be UserTrust -> Gandi -> site) and try to check fingerprints against https://www.grc.com/fingerprints.htm if you can.
Yeah.. That's suspicious.. Firefox uses it's own CA list, so if your install of firefox is up to date, and your system clock is correct then you are potentially being MITM'd...
If that is the case then your browser is exhibiting correct behavior.
For me, I can see that the root CA is USERTrust (SHA-384 sig, interestingly), and the server is presenting a valid intermediate (Gandi - also using a SHA-384 signature), then the site certificate (SHA-256 sig).
There is a secondary certification path though, coming from a old SHA1 AddTrust Root (but this is also in my trust store for Firefox).
Did you resolve this? Make sure the root that shows up on the certificate details page is UserTrust - if it's not, it's possible someone is performing MITM on you.
If that doesn't match the value you see in the Firefox or Chrome certificate details page, please, send as many details about the chain as you can back, I'm very interested to see what's happening here considering you're not on a corp network and seeing this and even moreso because this is the Tails site, something that might very much interest some attackers...
Think twice before clicking this link. A bunch of non-crazy newspapers have reported that merely reading about privacy tools (tails & tor) will make you a link in the NSA surveillance graph.
Which is why you should be using Tor to read it. You shouldn't accept someone's attempt to subvert your right to the freedom to read. Fear tactics like that shouldn't be accepted. Besides, everyone is already in NSA's database. Looking up Tor just adds more data that can be correlated with you later. On the plus side, if you then go on to use Tor, that's the last piece of data that can be correlated with you (assuming good enough opsec).
EDIT: As I send this, the app I'm using (Materialistic) isn't able to access the HN API when I'm using Orbot with transparent proxying. That's really annoying.
I'm not sure tracking privacy-seekers is a fear tactic. It may have more to do with consolidating bureaucratic power -- the more an agency can collect, the more convincing it can be when it asks congress for money.
TAILS solves the problem of your individual privacy, but if you care about privacy in general you need to engage politically. Increasing TAILS use without increasing letters to congress increases the odds of anti-privacy legislation.
Try hitting one of the API endpoints with something else while connected via Tor. I noticed swathes of sites responding with 403/401 when I browsed via Tor.
I wonder why they opted to preload it with AdBlock Plus instead of uBlock Origin. I'm sure gorhill would certainly give his blessing, and by all measurements it is just as effective with way less overhead.
Heck, they could go one step further and preload it with a uBlock Origin profile on a paranoid mode that proactively disables all JavaScript (last I remember using Tor I had to manually disable Javascript in the Firefox config).