Re: [Tails-dev] Anonymous Blogging with WordPress and Tor

Delete this message

Reply to this message
Author: bertagaz
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Anonymous Blogging with WordPress and Tor
Hi,

Nice email, I did some corrections though.

bert.

On Mon, Jul 04, 2011 at 09:38:57AM +0200, sajolida wrote:
>
> Hi,
>
> Here is the draft of the email I'm planning to send to the author of
> this guide. I'd like to have a quick review from you before sending it.
>
>
>                 × × ×

>
>
> Hi,
>
> This week I found out about your document called « Anonymous Blogging
> with WordPress and Tor » and read it carefully and with interest.
>
> I'm part of the team developing Tails, a live CD or live USB that aims
> at preserving your privacy and anonymity; first, by redirecting all
> outgoing traffic to Tor, and second, by taking special to leave no trace
> on the computer you're using unless you ask it explicitly, see:
> http://tails.boum.org/
>
> Tails is now listed by The Tor Project as it's recommended live
> distribution, see:
> https://www.torproject.org/projects/projects.html.en
>
> I would like to suggest you trying out Tails and possibly adapting some
> part of your guide to using it. I believe it would make parts of it
> easier to document and also improve the overall solution that you're
> proposing. I'll tell you why.
>
>
> Trusting your OS
> ----------------
>
> A central vision of Tails is that it is crucial to trust, as a whole,
> the operating system that you are using if you're planning to do any
> sensitive task on a computer, like protecting your anonymity or working
> on sensitive documents.
>
> For example, on page 8, I agree with you when you advocate the use of
> Firefox over Internet Explorer but following the same assumption you
> should not advocate the use of Tor from Windows. The operating system is
> the central piece of software managing all your applications, having
> direct access to your files, your disks, your network interfaces, etc.
> If you can't trust your OS, any security measure that you try to build
> on top of it is bound to be flawed.
>
> The assumption of Tails regarding this is that you'd better trust open
> source software, in our case Debian GNU/Linux on which Tails is based
> and which is quite well know to be reactive on security issues than
> proprietary software like Windows, quite well know for just the opposite.
>
> Plus, since Tails is a live distribution, the OS is restarted in its
> original state at every use so that viruses, buggy software or misuse
> can't affect the system on the long run, especially if run from a
> read-only support like a CD.
>
> This is how we try to provide an improved level of trust on the OS and
> then build security measures at the application level on top of that.
>
> Regarding your document, that would resolve the issue you're mentioning
> on page 1 and provide you an OS easier to trust against keyloggers and
> viruses.
>
>
> About secure deletion
> ---------------------
>
> When writing documentation about security measures it's both hard to
> know where to stop and at the same time be sure you wrote enough.
>
> For example, on page 20 you advise to use securely delete posts after
> publishing them. This means that you include in the thread model of the
> people reading your document that the computer they use could be seize
> and investigate by forensics in search of traces from those documents.


For example, on page 20, you advise to securely delete files used for
the post after publishing it. (or something like that)

could be seized and investigated by forensics experts

> Tails could help you addressing better this thread by:
> - ensuring that every document written during a Tails session won't
> leave any trace on the computer since it's a live distribution running
> from RAM and that it takes special care to not leave any trace on the
> local storage of the computer unless asked explicitly,
> - being shipped already with tools for secure deletion — then actually
> documenting how to use them would be shorter and easier.
>
> For example, when you're saying on page 21 « Write your blog post
> offline. Not only is this a good way to keep from losing a post if your
> browser crashes or your net connection goes down, it means you can
> compose your posts somewhere more private than a cybercafe. », if using
> normal operating systems, you are very likely to leave traces of the
> document on both your machine and the public one.
>
> Plus, it would be a good idea to suggest the users safe ways to carry
> their drafts from one machine to another, for example:


to suggest to users

> 1. Using an encrypted USB stick. That would be something else to
> document well since actually securely delete a single file on a USB is
> much more problematic that on a hard drive, see :
> http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf
>
> Tails provide tools to fully encrypt USB sticks.
>
> 2. Saving the drafts in the disposable mailbox. That might be a better
> solution if it is encrypted using FireGPG. Tails also comes with FireGPG
> installed.
>
> Furthermore, it is good to advertise the securely deletion of files but
> then to be coherent you should also advertise the secure deletion of the
> browser history. And this is much harder to achieve using a normal
> operating system. Plus, on a normal OS you could still leave flash
> cookies behind, see:
> https://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide
>
> Being a live distribution, Tails guarantees you that you won't leave
> trace of any document, any browsing history or flash cookie.
> We then advertise people to only use Tails to work on a give document:
> clearly isolate every step of their work on their sensitive documents in
> a amnesic environment that leave no trace after shutdown.


work on a given document

it clearly isolates (? not sure to get this sentence, its structure sound a
it weird).

>
> Improved end-to-end encryption
> ------------------------------
>
> While talking about Tor I always feel like it's really important to
> explicit remind people that even though your traffic might be encrypted
> between the proxy servers, Tor does not encrypt it between the exit node
> and the destination server. And thus, if you're not using HTTPS the Tor
> exit node can fully monitor your traffic: read it and modify it. And
> this is not fiction, see:
> http://www.wired.com/politics/security/news/2007/09/embassy_hacks


s/might be encrypted/have to be encrypted/

> The encryption provided by Tor aims at providing anonymity by hiding
> your location and does not pretend, as such, to protect your content.
> You are still the one who has to take care of this by using end-to-end
> encryption. So, you should maybe rephrase this part of page 13:
>
> « The pages are encrypted in transit between servers, and even if one or
> two of the servers in the chain were compromised, it would be very
> difficult to see what webpage you were retrieving or posting to. »
>
> and rather get inspired by this excerpt from Tor's overview:
>
> « Instead of taking a direct route from source to destination, data
> packets on the Tor network take a random pathway through several relays
> that cover your tracks so no observer at any single point can tell where
> the data came from or where it's going. »
>
> Tor is about hiding your location not your content.
>
> For example, by default when blogging on WordPress, HTTPS is not enabled
> by default. This means that if the user doesn't take special care to
> switch to HTTPS the whole traffic will be in plain-text and the Tor exit
> node will be in position of capturing the blog's password, modifying
> posts, reading drafts, etc.
>
> A counter measure would be to install the HTTPS Everywhere extension to
> Firefox. It's an extension developed by the EFF that automatically
> switches to HTTPS every connection to a bunch of major websites,
> including WordPress. Tails comes with HTTPS Everywhere enabled by default.
>
> You might be interested in checking the warning page we wrote for Tails
> to mention those kind of security issues people need to be aware of
> before using Tor or Tails:
> https://tails.boum.org/doc/warning/index.en.html
>
>
> Mail providers
> --------------
>
> This doesn't have anything to do with Tails, but in page 17 you say:
>
> « Hotmail and Yahoo mail both have a “security feature” that makes
> privacy advocates very unhappy. Both include the IP address of the
> computer used to send any email. »
>
> I just checked again and I see clearly this in Hotmail (there is a
> header called X-ORIGINATING-IP) but not in Yahoo, so maybe that got removed.
>
> « Also, Hotmail and Yahoo don’t offer secure HTTP (https) interfaces to
> webmail - again, this doesn’t matter so long as you use Tor every time
> you use these mail services. But many users will want to check their
> mail in circumstances where they don’t have Tor installed - for your
> main webmail account, it’s worth choosing a provider that has an https
> interface to mail. »
>
> This is not true anymore and that all three provide HTTPS by now and it
> seems to be enabled by default so this whole paragraph might be removed.
>
>
> Downsides of Tails?
> -------------------
>
> The main downside I can see in advertising Tails at the moment could be
> about its availability:
> - We don't know whether Tails website is being blocked by some countries
> and we don't support a systematic way of getting around this like the
> TBB does.
> - You might not be able to access the Internet from Tails on every
> possible public computer if this requires special network configuration.
> - You might not be able to access the Internet in some places where you
> need to go through a WiFi hotspot web interface, see :
> http://tails.boum.org/todo/add_support_for_free_wifi_hotspots/.
>
> I'd like to hear from your whether you think this could be a major
> blocker in advertising Tails in the context in which you are working. If
> so, the TBB could be a worthy alternative for people that can't use
> Tails because of those technical limitations.
>
>
> Final thoughts
> --------------
>
> I hope that this email was not too long, that I explained myself well
> enough and that you found my points relevant.
>
> In Tails, we're in the process of rewriting our user documentation. It's
> been done already for the parts dealing with downloading and installing
> Tails but not for the main user documentation on how to use Tails. But,
> since you're used to Tor, Firefox and Torbutton I'm sure you won't have
> problems trying out Tails for blogging.
>
> If, in the writing of your document, you need to point to or write parts
> of documentation that we also want to include on Tails website, I guess
> we will be happy to collaborate on those parts.
>
> If you want to getter deeper into Tails internals you can have a look at
> our design document, explaining Tails thread model, specification and
> implementation details, here:
> http://tails.boum.org/contribute/design/


If you want to get a deeper look into Tails internals

> Hoping to hear back from you,
>
> --
> sajolida
>




> _______________________________________________
> tails-dev mailing list
> tails-dev@???
> https://boum.org/mailman/listinfo/tails-dev