Re: [Tails-dev] vpwned + greeter

Jurre van Bergen wrote:
> 1) When I boot Tails, i'm presented with an option to allow local
> traffic or not.

Do you mean *all* local traffic here?

> 2) When I boot Tails, i'm presented with an option to allow certain
> local traffic like SSH and printing and the rest not.

... in contrast with this option which only certain local traffic?

> 3) When I boot Tails, i'm presented with an option to be able to login
> to a captive portal, only this IP is whitelisted on the firewall rules
> and the rest is blocked.

I doubt people needing to loggin through a captive portal would know
which IP need to be allowed here. I personally wouldn't. Also note that
networking is disabled in the Greeter, so we can't really even try to
detect captive portals at this point :(

Anyway, this looks like a security slider at first sight, right?

> I think my aim with providing these options is that, when you boot a
> computer, you often know what you're going to do with it or what you
> want access to or not. The same would go for allowing devices which are
> DMA capable like firewire, thunderbolt, pcmcia and others.

Unfortunately, this is not always the case. I often change my mind or
realize that I need more stuff than I thought at first. But since I
agree with your argument of not changing the security level while
running, then the central point here is to have a default that makes
sense in most cases. Maybe somewhere in the middle of the slider :)

--
sajolida