Author: Hans-J. Ullrich Date: To: tails-dev Subject: [Tails-dev] Idea or something
Hi dear tails-team,
first of all, I like your cd and think, it is the best way for anonymity.
But there is something, I want to suggest to improve security.
Although everything is sent over TOR, I think you should make sure, the MAC-
address of every network device should be changed at boot. You ca do this by
macchanger.
Wireless cards and network cards (wlan0 and eth0) should at least got a
changed MAC-address, but also should every new device get a new MAC (i think
of bluetooth or usb-3g-devices).
None of physical information of the used computer should be known to the
outside. I do not know, if it is possible, to temporaryly change MAC-addresses
of used routers, but this option would be nice, too.
And of course (and I guess, this is already implemented) NONE, and really mean
NONE services should get access to any parts of the used computer (no
services!!!).
Has tails a firewall active? (iptables). If yes, it should be completely (and
mean COMPLETELY) closed, and should be opened by the user when he is needing
it.
I imagine a nice GUI choosing a whitelist in an understanding way: Either open
ports (for experienced users) or open by description (i.e. "sending mail" ,
"receiving mail" or similar).
Whjat do you think? I am looking forward to your answer.