We know that persistence is useful, but it can leak information. For example, a machine that can automatically log into a known Wi-Fi network will respond when the known SSID is broadcast by an adversary. (Many other examples could be given here, and should probably be explained in some detail here:
https://tails.boum.org/doc/first_steps/persistence/warnings/index.en.html <
https://tails.boum.org/doc/first_steps/persistence/warnings/index.en.html> .)
It would be interesting to design the system so that before it takes actions that are known to create a risk of leaking information about the user, the user gets a prompt. For example, add dialogs that say “Join known Wi-Fi network <SSID>?” or “Install apps AAA, BBB, and CCC?” or “Connect to printer <NAME>?”
This would still be much more convenient than configuring Wi-Fi access (or performing other tasks) on every reboot, while allowing the user to maintain a higher degree of privacy than the current implementation of persistence does.
Thoughts? Has this been previously proposed? (I don’t see this anywhere, but I might be missing something.)
. png
