Re: [Tails-dev] SecureDrop and Tails vs Qubes

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: Conor Schaefer
CC: The Tails public development discussion list, Jennifer Helsby
Old-Topics: Re: [Tails-dev] SecureDrop and Tails vs Qubes
Subject: Re: [Tails-dev] SecureDrop and Tails vs Qubes
Hi,

Conor Schaefer:
> On 12/14/2017 02:31 AM, sajolida wrote:
> Fair points. With the (Tails-based) SecureDrop Journalist Workstation,
> we're already shoehorning a lot of persistence into the environment,
> which I count as going against the grain of the primary use case of
> Tails. For instance, we're setting network-manager hooks to update the
> system torrc with hidservauth cookies, so authenticated Onion Services
> are accessible in Tor Browser.


> This works! But distributing updates to the various workstations out in
> the wild is quite challenging, and currently requires that Admins or
> Journalists pull from git, verify a tag, and run a script. A strategy
> that supports unattended upgrades would enable us to be more confident
> in iterating on the workstation tooling.


Interesting!

I think the new torrc.d/ directory support would help: you could make
that directory persistent and drop files in it.

We don't include that directory at the moment
(https://bugs.debian.org/866187) but if that's something you need we
could source it without waiting for the Debian default torrc to do it
(we ship our own torrc anyway).

>> - We documented how to configure additional APT repositories:
>>
>> https://tails.boum.org/doc/advanced_topics/additional_software/


> Great news, and congratulations! Those are some great sources you
> shared, thanks. I'd actually been under the impression that we'd need to
> get packages into Debian in order for them to be apt-installable, and
> having a lower bar that would enable us to ship our own packages (as we
> do with the SecureDrop servers) is worth a closer look.


Yeah! Please check it out and let us know if there's a reason why it
does not work for you.

> We've been working on an updated threat model that should be ready for
> public consumption in early 2018. The current SecureDrop
> architecture—including the multiple Tails devices per instance—was
> designed several years ago, and we've learned a lot since then. Having a
> more modern threat model will enable us to make informed decisions about
> major changes such as trusting hypervisor isolation in place of a
> hardware airgap.


Where can I read more about this updated threat model?

Cheers,
--
intrigeri