Having some hardware issues so I can't build/test this on tails
directly right now, but I put this together as proof of concept on
Fedora.
On Mon, Feb 22, 2016 at 11:31 AM, Spencer <spencerone@???> wrote:
> Hi,
>
>>>>
>>>> Austin English:
>>>> filed https://labs.riseup.net/code/issues/11137
>>>>
>
> This is a very challenging problem. There are two cases that come to mind.
>
> 1. The device may become compromised before becoming a Tails device. In
> this case, the files/partitions are either hidden or protected and are not
> removed during reformatting.
>
> This is best addressed during the creation of a new Tails device.
>
> 2. The device may become compromised after becoming a Tails device. In this
> case, the files/partitions, which may be hidden or protected, are not
> removed after shutdown.
>
> This is best addressed during either the startup or shutdown processes of a
> living Tails device.
>
>>>
>>> sajolida:
>>> not about detecting malware but about training
>>> users .. good practices
>>>
>
> So, detecting/educating *that* but not *what*. This seems reasonable, as
> *what* would need blacklists, trust models, and so on.
>
> Also, given the actual (intended/expected) function of the hidden attribute
> files, e.g., preserving user settings, it seems that there are no benefits
> of having these, or any other, files on a Tails device.
>
>>>
>>> Don't plug your Tails in an untrusted OS
>>>
>
> I do not think this is an achievable model to promote because:
>
> - Trust is like STDIN; can be anything to anyone.
>
> - There seem to be no machines or systems that can have the guarantee that
> is referred to when we say 'Trust'.
>
>>>
>>> reinstalling is the only solution .. installing
>>> from the same untrusted OS really won't be.
>>>
>
> And educating (:
>
> How can Tails:
>
> - Inform of this device protection feature and what it does?
>
> - Detect the existence of unwanted files.
>
> - Disclose what the files are and where they were located in the file
> system?
>
> - Provide a resolution to remove the files and restore the devices
> integrity.
>
> - Guarantee the files removed are now gone and will not come back, or
> recommend a behavior model that will limit the possibility of files
> (re)appearing?
>
>>
>> Austin English:
>> help for the ux portion
>>
>
> I would be more than happy to put the files together or think through this
> some more. Feel free to send anything my way; can be as rough or polished
> as you got it.
>
>>
>> if detected, have the greeter pop up some big red
>> warning box.
>>
>
> This warning could replace the greeter.
>
> This warning might want to be ignored.
>
>>
>> discussed on tails-ux
>>
>
> Copied for migration if needed.
>
> Wordlife,
> Spencer
>
>
>
>
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to
> Tails-dev-unsubscribe@???.
--
-Austin
