Re: [Tails-ux] Prompt before compromise

Supprimer ce message

Répondre à ce message
Auteur: flapflap
Date:  
À: tails-ux
Sujet: Re: [Tails-ux] Prompt before compromise
sajolida:
> u:
>>> We know that persistence is useful, but it can leak information.
>>> For example, a machine that can automatically log into a known
>>> Wi-Fi network will respond when the known SSID is broadcast by an
>>> adversary. (Many other examples could be given here, and should
>>> probably be explained in some detail here:
>>> https://tails.boum.org/doc/first_steps/persistence/warnings/index.en.html
>>> <https://tails.boum.org/doc/first_steps/persistence/warnings/index.en.html>
>>> .)
>
> Sure, your proposal sounds reasonable. Still, I'll like to work first on
> identifying better which information persistence can leak. And whether
> this should rather be avoided in the first place. Then only, if it
> cannot be avoided and if this corresponds to a real problem, then we
> should mention this to the user.
>
> In the case of the auto-connection to the network. This was not the case
> in Tails prior to version 1.1. See
> https://labs.riseup.net/code/issues/7165. When switching to Tails Wheezy
> we wondered whether this was a desirable feature or not. Feel free to
> add more info to that ticket.
>
> Actually, now that we have MAC spoofing enabled by default, this
> auto-connection only leaks the fact that "someone" is connecting to this
> network but shouldn't contain any personally identifying information.
> What other threat are you worried about? Apart from the edge case of WPA
> Enterprise with unique user credentials.


I'm doubtful whether that really is just an "edge case". For example
when using the eduroam network at a university with per-student/staff
login credentials, thousands of people are affected.