Tails v MX USB with Tor [Solved]

[tascoast]

I am curious about https://tails.net/ and how it might compare to creating a generic live MX USB and installing Tor?

Any feedback would be most appreciated, with security implications in mind, other connection/device permutations in practical use being known considerations.

Kindly
tascoast

[beardedragon]

I am curious about https://tails.net/ and how it might compare to creating a generic live MX USB and installing Tor?

Any feedback would be most appreciated, with security implications in mind, other connection/device permutations in practical use being known considerations.

Kindly
tascoast

Check out this link:
https://www.privacyguides.org/articles/ ... ing-tails/

[tascoast]

Tails is recommended by Guardian Australia, a major online news publication but I can see many applications that protect privacy and safety, not least things like family violence, stalking or state terror.

[jj 5117]

At this stage of creation, our IT systems aren't given to have both of:
1) total privacy, security, and anonymity, and
2) total convenience, functionality, and ease of use.

[tascoast]

At this stage of creation, our IT systems aren't given to have both of:
1) total privacy, security, and anonymity, and
2) total convenience, functionality, and ease of use.

That sounds fair.

It was interesting to encounter this, being quite familiar with booting a desktop with a live session of MX via USB, or a DVD, originally, probably when using Mephis.

Kind thanks

[jj 5117]

You are welcome.

It's not fair, but Linux is making it more fair. :)
edit: With MX at the forefront. :)

[DukeComposed]

I am curious about https://tails.net/ and how it might compare to creating a generic live MX USB and installing Tor?

Any feedback would be most appreciated, with security implications in mind

Use Tails.

Tor is fine, and has its place for being able to obfuscate a number of things when dealing with either your local ISP or a particular endpoint. It is not a perfect security tool and it is not a panacea of private browsing.

There's differing degrees of privacy. You might want privacy for doing banking transactions online. You might want privacy for cheating on your spouse. You might want privacy for writing a newspaper article about a government entity that has the power to arrest you, charge you with a crime, and convict you for doing so.

These are all different privacy problems.

Tails is, largely, meant for the journalists in order to make communication (a) safer to engage in in hostile environments with Internet restrictions in place and (b) harder for prosecutorial entities to gather evidence to convict those journalists of crimes in hostile nations. Tails stands for "The Amnesic Incognito Live System". It's not just meant to keep your communications private, it's meant to make it hard to prove your communications happened at all.

So let's think about this for a second. Tails is, ultimately, a Linux distro. So why is it so much better than just "MX + a Tor browser"? Well, MX, and Linux distros in general, are not privacy-oriented. Tails is.

Unless you take active steps to encrypt your DNS communications, your ISP knows who you're talking to.

DNS is an old protocol, and an essential one. It's been around since the 1980s, and most people don't appreciate that literally every URL you visit goes straight to your ISP in a fraction of a second. You don't know how to get to CNN.com. So you type "CNN.com" into Firefox and it resolves to an IP address, and then you get to the homepage for CNN. That resolving happens at your ISP: they run DNS servers that look up CNN.com, so when you type "CNN.com", your ISP knows you want to go there.

Same for literally any other destination. YouTube. PornHub. whitehouse.gov. falundafa.org. Every website.

DNSSEC, the allegedly "secure" DNS extension to ensure integrity of DNS lookups does not encrypt these communications. So even though nefarious nation states might not be able to break the security of the signed DNS records that DNSSEC provides, there are two big problems with DNSSEC: (1) DNSSEC is an optional thing and most DNS records are unsigned, and (2) as I said, DNSSEC queries are not encrypted. Anyone depending on DNSSEC for secure communications inherently accepts that their lookups are, effectively, public knowledge.

So if you're in Tehran and you start looking up a bunch of American or Israeli websites, DNSSEC or no, your Iranian ISP is going to know about it, instantly. Do you feel safe doing that?

This is just DNS; there are plenty more privacy- and security-related issues that are just a fact of life in these modern Internet times. And the MX team doesn't provide any kind of protection for users to keep them from getting in trouble with nation states. This sort of thing is really beyond the scope of most dev teams, in part because small, ragtag bands of volunteers don't feel comfortable arming journalists with tools that, when they fail, get people killed or shipped off to dreary gulags for decades.

If you really need to rely on security, "MX + a Tor browser" is a slapdash and dangerous combination. Tor mostly -- mostly -- encapsulates its own DNS lookups, but leaking DNS queries is still something to be considered, especially for the rest of the OS. The Tails team exists for a reason. Until you know what, exactly, differentiates Tails from your run of the mill Linux distro, you shouldn't expect to cobble together your own secure equivalent with just an apt-get or two and call it good.

So be careful out there.

[tascoast]

Thank you, that's a good overview and interesting read. I got curious as it appears on the guardian media site as a method of securely exchanging information. Signals has had a bad rap lately!

When I purchased a domain recently, the whole name-server business was propagated and linked to Wordpress in no time at all.