Silk Road forums

Discussion => Newbie discussion => Topic started by: mrquick on August 07, 2013, 02:49 am

Title: Funding SPECIFIC TAILS features (to make SR more secure for all)
Post by: mrquick on August 07, 2013, 02:49 am
So recently, DPR has suggested that users start using tails as a default OS for more security on SR. (and privacy forums have been touting the benefits of Tails for A long time, actually.
Tails (along with a few other alternatives WHonix/QUbes) is a GREAT way to improve security+anonymity etc. and I think all should at very least learn more about it, and hopefully start implementing it.

I would post in the appropriate forum, but I hope this still gets exposure.

Tails is designed to help improve all of the things we want when transacting on SR (be it buyer or seller), however they have ALOT of items/to-do's/bugs etc. and SOME Of these are MUCH more important to our SR transactions than others.

here are a few that are MUST have's for real security and anonymity that ARE NOT yet developed for Tails.

https://labs.riseup.net/code/issues/5748 - two layered virtualization
https://labs.riseup.net/code/issues/5412 - fingerprints displaying to ISP/WIFI you're using TOR/tails
https://labs.riseup.net/code/issues/5858 - VPN support

Here are just 3 of HUNDREDS of items that Tails is (or needs to) work on.

However, the aformentioned are probably in the top 10 for SR users in terms of the security and anonymity we need. (please feel free to suggest others or disagree).

RIght now you can donate BTC to Tails (which is Great!):

1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2 (their address)

HOWEVER, you can't specify how your donation will be appropriated. (of course any donation is good, but it would be MUCH better if we could donate to certain features that the SR community desperately needs).

So here's where my proposal comes in: what if we could spark a discussion with Tails team, so that if we the collective of SR donated X amount of bitcoins for a particular aformentioned feature (or others that the community provides), that Tails will make this a priority in their development.

So for example after discussion Tails says that if we receive 15BTC for - two layered virtualization (https://labs.riseup.net/code/issues/5748)

they would then put a large force on implementing this over most all other items. ANd possibly provide a timeline to completion -- we can dream can't we ;)

This would allow the Tails dev. team to essentially cater to OUR (SR user) needs, by making Tails the best in the business.

TL:DR -- decide as a community what features we NEED from Tails that have not been implemented yet for unparallelled SECURITY+ANONYMITY when doing business on SR.

Then discuss with the Tails dev. team the COST and best way of indicating priority of feature dev. (i.e. , how I am donating .1BTC for VPN Support for example) BTC donation we could make to fast track the most important items ASAP -- to benefit SR user base specifically by making the most important pieces more secure, and also helping make tails better as a whole.

Thoughts - ideas - opinions welcome. I really think given the security breaches recently we, collectively, need to put our minds & RESOURCES together to create the most secure system(s) possible.

*** If you are a 50+ poster and passionate about security/anonimi  and feel this content deserves wider circulation, I would be much obliged if you would please post to the security section of the forum for more traction***

Thanks and stay safe and happy trails!

Mrquick
Title: Re: Funding SPECIFIC TAILS features (to make SR more secure for all)
Post by: tanamon on August 07, 2013, 02:56 am
https://labs.riseup.net/code/issues/5748 - two layered virtualization
https://labs.riseup.net/code/issues/5412 - fingerprints displaying to ISP/WIFI you're using TOR/tails
https://labs.riseup.net/code/issues/5858 - VPN support

The first and last issues are already solved by Whonix, and the middle one can be solved by not using an insecure or regular browser. Download the Tor Browser into Whonix and use that.

Quote
So here's where my proposal comes in: what if we could spark a discussion with Tails team, so that if we the collective of SR donated X amount of bitcoins for a particular aformentioned feature (or others that the community provides), that Tails will make this a priority in their development.

Don't contact them as a representative of the SR community. Don't ever mention SR. They won't take money from or work with anyone who openly admits to illegal activity.

It's not a good idea to discuss specifics on this public forum, because they or LE may connect the dots.

Title: Re: Funding SPECIFIC TAILS features (to make SR more secure for all)
Post by: mrquick on August 07, 2013, 03:15 am
Very good points!! Thank you for the response.

First, completely agree about the ability of whonix to solve the issues you mentioned, but if users aren't using whonix and using tails, then they are still very much issues to be addressed.

( on the second issue on not using an insecure browser can you please elaborate? would the TBB qualify as a secure browser bundle that would not display ANY fingerprint of TOR usage when analyzed?

Second, I think that I wasn't clear enough in my previous posts about what features the SR community wants vs. conveying this to the Tails dev team.

I would NEVER think to contact Tails dev. team and implictly or explictly suggest that we want features for SR security. What I was trying to convey was that I think we/I/Someone could approach them and request a feature be put on the fast track for a given donation.

How the logistics are tackled is exactly why I made my first post, but I nevertheless I still think it's important that users
#1 know that Tails has some glaring security issues that need to be addressed and
#2 if DPR is suggesting that the SR community use Tails (and not Whonix, which btw I have a tremendous amount of respect for and hope they continue to build amazing privacy software - I"m still undecided with amnesia/ live uSB etc. which is the better fit atm for SR) then the vast majority will D/L tails (as opposed to any other software), and think nothing more of it.

So my aim is to incentivize the Tails team to work on the most prescient issues of tails that affect SR members, through donations that
a) have nothing to do, and are in no way related to SR
b) can be specified so that if you donate .5BTC you can ask for those funds go to developing the highest priority features for our community.

I sincerely appreciate your reply and agree with what you have to say. I still think it's worth pointing out that Tails still has security issues, and that as a community we could help expedite the funding and work to remedy the most egregious of those.
Title: Re: Funding SPECIFIC TAILS features (to make SR more secure for all)
Post by: tanamon on August 07, 2013, 04:34 am
( on the second issue on not using an insecure browser can you please elaborate? would the TBB qualify as a secure browser bundle that would not display ANY fingerprint of TOR usage when analyzed?

I must have misunderstood the nature of that issue. If you are visiting sites from Tor exit nodes, they already know you are using Tor. The only sense in which you need to protect yourself from fingerprinting is to not stand out among Tor users. Everyone should use the same default configuration that ships with the browser bundle and we will be anonymous.


Quote
I would NEVER think to contact Tails dev. team and implictly or explictly suggest that we want features for SR security. What I was trying to convey was that I think we/I/Someone could approach them and request a feature be put on the fast track for a given donation.

How the logistics are tackled is exactly why I made my first post, but I nevertheless I still think it's important that users
#1 know that Tails has some glaring security issues that need to be addressed and
#2 if DPR is suggesting that the SR community use Tails (and not Whonix, which btw I have a tremendous amount of respect for and hope they continue to build amazing privacy software - I"m still undecided with amnesia/ live uSB etc. which is the better fit atm for SR) then the vast majority will D/L tails (as opposed to any other software), and think nothing more of it.

So my aim is to incentivize the Tails team to work on the most prescient issues of tails that affect SR members, through donations that
a) have nothing to do, and are in no way related to SR
b) can be specified so that if you donate .5BTC you can ask for those funds go to developing the highest priority features for our community.

That sounds good. It seems that DPR's recommendation of using Tails (through a link on the main site) had a impact, since a lot more people are talking about Tails now. I don't think we could pull off a switch to Whonix at this point. :)
Title: Re: Funding SPECIFIC TAILS features (to make SR more secure for all)
Post by: Psyche on August 07, 2013, 06:10 am
( on the second issue on not using an insecure browser can you please elaborate? would the TBB qualify as a secure browser bundle that would not display ANY fingerprint of TOR usage when analyzed?

I must have misunderstood the nature of that issue. If you are visiting sites from Tor exit nodes, they already know you are using Tor. The only sense in which you need to protect yourself from fingerprinting is to not stand out among Tor users. Everyone should use the same default configuration that ships with the browser bundle and we will be anonymous.

Really what they're talking about it this: https://panopticlick.eff.org (Clearnet exercise caution)

A tool from EFF which shows you how unique your browser is and you may be suprised to find out that you're not very unique at all.

This really only matters if you're being targetted by a website you visit(compromised or not) or you have a very large adversary.