Jurre van Bergen:
> I'm not an UX person but I see the following solution(s) living next to
> each other if needed. Coming from a security point of view, I believe
> it's better to enable things than to disable things. Most of our users
> might not understand the risks associated to attacks described in vpwned
> and dma capable devices. We therefor, shouldn't make them vulnerable by
> default but rather by choice and document in a clear way what the risks
> associated to it are.
>
> I'd also rather not advocate for a way to enable through out a session,
> it's like having intercourse and deciding, gosh, we're ready to go but
> we're out of condoms, but whatever, just this one time. The implications
> might be for a lifetime.
>
> 1) When I boot Tails, i'm presented with an option to allow local
> traffic or not.
> 2) When I boot Tails, i'm presented with an option to allow certain
> local traffic like SSH and printing and the rest not.
> 3) When I boot Tails, i'm presented with an option to be able to login
> to a captive portal, only this IP is whitelisted on the firewall rules
> and the rest is blocked.
>
> I think my aim with providing these options is that, when you boot a
> computer, you often know what you're going to do with it or what you
> want access to or not. The same would go for allowing devices which are
> DMA capable like firewire, thunderbolt, pcmcia and others.
We started a related discussion on tails-ux these days. Please see
https://mailman.boum.org/pipermail/tails-ux/2014-December/000148.html
Feel free to provide technical insight on whether having printers
configured in persistence might leak information on the LAN and whether
people should be warned about that.
--
sajolida