On Sat, Apr 11, 2015, at 08:55 PM, Peter N. Glaskowsky wrote:
> > Can we even secure a mobile device at the application, OS, and network level?
>
> My question is, why do we want to secure the _device_? Given that Tails
> is "amnesiac and incognito” already, it seems to me that all we need is
> to secure _user data_ when the user is not physically securing the
> device.
I agree on this point... the amnesiac aspect of TAILS is what is unique
and needed here, and not the entire secure stack, necessarily. The
ability to boot into something that is in an expected safe/clean state,
perform some tasks, and then exit that, knowing that you can reboot into
that at some point later, is definitely unique, and very different from
any "secure mobile OS" out there.
> > Afaik, there are four candidate mobile Linux distributions : Ubuntu Touch, Sailfish OS, Android/Replicant, and maybe FireFox OS. I suppose iptables could be used to restrict internet access to specific users on any of them, but that’s only the beginning.
If you want to see the latest, best open effort in securing Android,
there is the "Mission Impossible Android" write-up by Mike Perry of Tor
and subsequently inspired project to create a flashable update for
Cyanogen:
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://github.com/mission-impossible-android/mission-impossible-android
Iptables management is already part of Orbot (tor for android), and also
now in Orwall, a more sophisticated focused tool for that, again based
on Mike Perry's original write-up:
https://orwall.org/
> I see that in other comments on that older thread, Thomas Benjamin (tomb
> at cryptocracy.net <http://cryptocracy.net/>) and others were discussing
> boot devices. Consumer tablets are cheap enough that we should be
> thinking in terms of devoting the machine to Tails by installing the OS
> to the internal storage rather than a USB or SD card.
That is true. I think the hope was you could have a stock looking
device, which you could switch into this mode for specific tasks, and
then somehow switch out of it. Having a permanent TAILS device doesn't
quite match the way people think of what TAILS is/does today. However, I
agree we shouldn't get stuck on the boot device issue, and especially
since there are < $100 tablets without base bands, asking people to have
a dedicated device for something like this, is not a big deal.
> So in summary I think Tails is already 98% ready to be a mobile OS like
> the ones you mentioned, and once ready, it would deliver a uniquely
> valuable user experience that would attract a much larger audience than
> it does today.
If the desire is to go in Android-based direction, I think the MIA
effort would be more than happy to incorporate some TAILS-type features
into that work.
Otherwise, as mentioned in another thread, I think there is also a great
possibility to focus on getting the actual current TAILS stack running
on a Windows 8/10 compatible tablet, as opposed to some sort of
semi-TAILS based on Android.
Best,
Nathan
--
Nathan of Guardian
nathan@???