Trustless Computing Association

View Original

How Tails could bring privacy to all with 8M€

Tails, the free software USB Gnu/Linux OS, is reportedly used by Snowden and Schneier as their main secure desktop platform. It’s definitely a major step ahead respect to everything else. But, aside from its poor usability and availability only for PC, does it provide nearly enough privacy and security after the what has come out in the last year?! I see major potential critical vulnerabilities (to scalable remote exploitation coming) from:

  • way too large OS and apps, even if severely stripped down and hardened

  • not enough expert verification per quantity of code

  • no public background checks on contributors and lead developers and architects (which are anonymous)

  • users ‘firmware

  • users’ hardware

  • Tor network vulnerabilities due to: traffic analysis, bug in poorly verified floss code (such as OpenSSL), low number of expected non-malicious and competently-managed nodes.

I imagine Snowden and Schneier protect from these through setups and configurations, rules of behavior, .. But such tricks require very high skills, shared by your communications interlocutor, and they drive usability even lower. We at the Open Media Cluster believe to have identified a solution to such vulnerabilities and usability problems of Tails (and similar), that could cost under 8M€ of R&D to build and test, and be made affordable and usable by any Western citizen, as a parallel environment for secure computing. It involves modifying Tails by:

  • stripping it down to very basic features -embedding it in a barebone 3mm touch screen device with hdmi out (to display on your desktop monitor) and bluetooth (to go on the Net via your phone), that can be attached to the back of any phone via a hard case.

  • adding very very thorough (relative to quantity of code) and open verification to all software and firmware

  • add manufacturing process oversight exceeding in user-verifiability the US DoD “Trusted Foundry Program”

  • improve Tor security and performance through traffic spoofing techniques, direct incentives for non-malicious and properly configured nodes, and very extensive Tor code review

  • a few more tricks. See more at the User Verified Social Telematics project.

UPDATE OF MAY 6th 2014: After discussion with Christian Grothoff, I believe that a large or small minority of code contributions by anonymous contributors would increase the assurance of the resulting product, as very knowledgeable experts could contribute that are could be targeted with threats.