Guys, I know I am new on the list but please accept my 2c input here:
While I understand the desire to have a kind of equivalent of debian-server
for TAILS, I am not so sure it is a clear cut and easy task to accomplish.
First of all, while it is surely simple enough to provide a server image
which meets the simple use case, this isn't actually what's required to run
a website like Silk Road, I am pretty sure it is those "other things" which
allowed the FBI/NSA to bring down Dread Pirate Roberts and Silk Road.
1. The biggest and most important point is that while it's possible to meet
the simple use case with a reasonable expectation of security and
anonymity, as soon as the operator of the webserver loads PHP/Python/Perl
code to run a dynamic website, the "attack surface" is greatly expanded and
now completely beyond the controls the server can offer.
2. DPR did not implement many architectural features which are extremely
important to ensure the integrity and anonymity of sites like this. AFAIK
the entire site was running on a single server (no distributed
architecture), so any exploits in the external website probably expanded
the attack surface to include internal services with less security than if
they had been distributed (i.e. SQL, message queues, the bitcoin tumblers,
etc). No network obfuscation which sites like ThePirateBay rely on heavily,
DPR relied wholly on Tor for any network anonymity of his server. The
server was running off hard disks (probably a necessity due to lack of
distributed architecture) and not implemented physical intrusion detection
(despite being a common feature on most rackmount server kit) to notify
that someone potentially had gained physical access to the machine. We
can't be sure, but it doesn't appear the contents of the server disks was
encrypted.
3. DPR broke the first rule of fight club by making public advertisements
(on forums and Stack Overflow) about Silk Road before it was popular with
his real name, without using anonymising software, allowing the FBI/NSA to
subpoena records (probably anti-spam IP logs) to physically associate with
the beginnings of the project. Not to mention all of his YouTube videos
etc. We now know MITM and other targeted attacks are tools of the law
enforcement trade, all kinds of targeted attack could be applied against
him after this association was completed.
4. I think there are probably some "strategic" or "tactical" elements which
the FBI/NSA are holding back here to ensure their "trade secrets" are
available for future use so any effort undertaken will have to be extremely
paranoid and pro-active.
5. Finally DPR probably should have shut-down the service and caught the
first flight to Russia as soon as the FBI/NSA attack against FreedomHosting
was made public.
That said, if anyone asked me for this kind of server, I would probably
consider some combination of grsecurity and a per-site LXC, or even better
grsecurity and zeroVM as the basis for this. Probably zeroVM is a little
beyond most peoples understanding even though it fits the threat model most
appropriately.
/2c
On 5 October 2013 01:36, adrelanos <adrelanos@???> wrote:
> s7r@???:
> > I would do this myself, but I am not so skilled regarding this.
>
> While risking to state the obvious... We're all started learning at some
> point. Getting your feature requests a higher priority others is very
> unlikely. Adding "Highly requested" and/or "Very Important" won't help
> either.
>
> > However, I am looking into paying someone with skills to take 1 or 2
> > hours per day of his time and make this happen.
> >
> > If anyone here can do it, waiting to hear.
>
> What are the exact goals and how much are you willing to pay?
> _______________________________________________
> tails-dev mailing list
> tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
>
