TAILS 2.6 vs fully patched Linux Mint with updated TOR browser

I know Whonix is ultimately the best, but for casual buyers, please correct me if I am wrong, but I feel that a fully patched machine running Linux Mint with an updated TOR browser is more secure then TAILS.

The reason I feel this way, is because whenever a zero day is found the Linux Mint team releases a patch ASAP and I install it, same with TOR browser, you get a near instant patch. But if you use TAILS you have to wait for the TAILS team to release an entire NEW operating system and then checksum it and then burn the DVD.

It just seems like to me Whonix and Linux Mint + TOR is superior to TAILS. Please correct me if I am wrong so I can change my ways.


Comments


[21 Points] wombat2combat:

tails already has unnecessary thing stripped that would only increase the attack surface unlike linux mint

tails is amnesiac by default or offers a strong full disk encryption if you use persistence. IIRC you can encrypt your home folder with mint or maybe some more but it will never be as secure as the full disk encryption of tails

buyers and [most] vendors should not worry about 0 days in tails or the Tor browser since it is very expensive to get them, there also will probably never be one that can de-anonymize every Tor user and law enforcement would never waste such exploits on drug users and vendors. therefore the update cycle of tails is completely ok. there are more important opsec topics which vendors and buyers should worry about.

But if you use TAILS you have to wait for the TAILS team to release an entire NEW operating system and then checksum it and then burn the DVD.

not true, tails has an internal updater which only requires a few clicks. until version 18, mint had not even an internal updater so you had to to the steps above to get the latest version [although the older version would get security fixes for some time].

tl;dr tails is the os of choice for many dnm users for a reason


[15 Points] sapiophile:

No way, for many, many reasons:

  1. First of all, Tails updates more promptly than Mint. Mint is based on Ubuntu which is based on Debian. Pretty much all of them rely on the Debian Security Team to write the security patches they use. Debian gets them first, and Tails is Debian (with some basic configuration changes). That means that a simple sudo apt-get update && sudo apt-get dist-upgrade on the Tails command line will patch your software faster than Mint would. But even if you're not manually updating packages in Tails (which is not really necessary), they actually do release a whole new OS version every time a significant 0day is published. With good CVS and management, as Tails has, this is not really much of a hindrance. Tails even very frequently gets updates before Debian (and of course, Mint) releases them, because the Tails maintainers are just that badass.

  2. Linux Mint contains tons of proprietary, closed-source binary blobs, and makes no attempts to be a Free Software system. This is extremely bad from a trust and security standpoint.

  3. Linux Mint specifically has an absolutely atrocious record on security issues. From their slapshod, thrown-together bleeding-edge package assortments, to the time earlier this year when their website got hacked and was distributing malware-infected .isos, to the fact that they didn't even offer signed releases until after that hack, and so much more. Mint is not intended or designed to be a secure distribution, nor stable enough for production. It is more-or-less for watching YouTube and for playing games in WINE. Some people might say it's also for a Linux newbie or a grandma, but these days I don't even recommend it for that, because it's so unstable and unreliable that it produces a much more frustrating and harder-to-use experience than stable distros like Debian Stable.

  4. Tails has an incredibly well-thought-out security design including extensive application-user segregations, hardened compiling of all packages, locked-down filesystem permissions, and in the newest release, ASLR, which prevents many potential exploits of applications. Linux Mint, in comparison, is basically the opposite, and in fact, doesn't even support some of those features (at least not without a lot of hacking).

  5. UX security: Tails's design is intuitive and pared down to just what a DNM user or cypherpunk might ever want, with easy and integrated access to relevant tools like an anonymized Electrum Bitcoin wallet and the panel GPG Applet, and much more. Using Bitcoin anonymously with other systems, on the other hand, is extremely tricky and is always prone to easy errors that gravely compromise anonymity. Through streamlined User Expperience, security is improved and made closer to foolproof.

  6. Amnesia. An extremely useful feature for DNM users. Basically impossible to set up Mint to do.

  7. A dedicated OS for anonymous activities helps improve compartmentalization and enforces an OPSEC mentality in the user. A "one-system-for-all-activities" model is much more prone to leaks and failures. For more info see http://privacy-pc.com/articles/hackers-guide-to-stay-out-of-jail-opsec-for-freedom-fighters.html

There's even more that could be said, but those are the biggies.

Whonix has somewhat different security parameters from either Tails or Linux Mint, and so is difficult to compare directly, but is also a very good choice for DNM use. Qubes-Whonix is also worth using, though it has specific hardware requirements and requires some skill, but it allows for very fine-grained compartmentalization which is the foundation of OPSEC.

TL;DR: Please don't use Linux Mint. If you really, really want to use some system that isn't purpose-built for anonymity (like Tails or Whonix), at least use Debian Stable or some system that isn't made out of poop.


[2 Points] The_Ninth_Chevron:

Basically what sapiophile said. Tails is built specifically for anonymity and is more user friendly than something along the lines of Whonix. Using a fully featured distro would feel like I'm hiding behind a free proxy and using the Tor bundle on Windows :3

Personally I use Tails and I definitely like it but if you really want something different look into penetration testing distros. Parrot Security OS is a pretty new one that even claims to have specific amnesiac/anonymity features that make it good for this sort of thing. I haven't used it for more than a couple minutes playing with a live USB but it seems alright.

My personal reccomendation would be Kali Linux. It's another pen testing distro. It's my non-Windows daily driver and the primary OS on my business laptop. It may not be as encrypted and safe as Tails but with some tinkering you can get it pretty close. Honestly I'd be comfortable making the occasional personal order straight from my desktop once in a while.

tl;dr Tails is pretty much one of your best choices for DNM activity, although I have to say I definitely have gripes with it. Try experimenting with different distros, its always fun to try something new. Just be 115% sure you've figured it out before actually shopping. Have a plane ticket to Belize on standby just in case ;)


[1 Points] PeeWeedHerman:

Personally I'd say if your an infrequent buyer you can use any OS and your tor could even be outdated at the personal small level your going to get busted for signing a package that got intercepted not having a NSA team cracking your coin trail and following back to you, that type of work is for big fish and security threats so don't buy depleted uranium or 100lbs of meth and you "should" be fine. Of course if your tech savvy or a nerd and love to tinker with this stuff yeah get tails already lol


[1 Points] trappy_AB:

Just get whonix