One important and often overlooked feature of Tails is when you shut it down it wipes your system memory/RAM using sdmem.
Your encrypted data and sensitive files are often accessible via memory forensics even if you shut your computer down. Including the websites you visited. Your encryption keys can be in your computers memory for weeks and is easily accessible via a memory dump.
This is why people say that with physical access your computer can always be owned. Even if it's encrypted. Tails is the only one I know that handles this attack vector by default.
Data can be retrieved from DRAM not after weeks (your claim is "even if you shut your computer down (...) Your encryption keys can be in your computers memory for weeks") but only
And even the electrons from SRAM, which doesn't need refreshes and which was for decades not used as "RAM" in the computers will leak away without the power:
"SRAM exhibits data remanence but it is still volatile in the conventional sense that data is eventually lost when the memory is not powered."
Of course, if you never power off your computer but just reset it (the power is never cut off) or if you shut it down and immediately power it up the content of the RAM can really survive for much longer.
The original cold boot paper was released in 2008 and they only demonstrated the attack on DDR2 memory [1]. A paper published in 2013 [2] discussed cold boot on modern hardware.
"This study is based on 5 different computer
systems. While we demonstrate that simple warm
reset attacks (not cutting power) are effective even
against DDR3 systems, we were
not
able to detect
any data remanence for DDR3 after cold boots. Even
cooling the RAM chips did not reveal data remanence
beyond cold boots. This leads us to the claim that
cold boot attacks relying on RAM remanence beyond
cold boots are not possible against modern DDR3
RAM chips."
Thanks, this is true. Encryption keys can exist in memory for up to a week [edit: or longer] in live memory with power on. This is well after they've been used on the machine, or say after you close your Truecrypt volumes. The vast majority of people rarely shutdown their laptops for extended periods of time and often just suspend to disk, instead of a full power-off.
This is why it's good to power down or sdmem when you're finished working with sensitive data.
On a full shutdown persistence is not as big of a risk, as the other commenter pointed out, cold boots are mitigated by DDR3 similar to how modern SSDs with TRIM make deleted data-recovery nearly impossible (such as Swap data which may also contain encryption keys).
> Encryption keys can exist in memory for up to a week in live memory with power on.
No. After some high-enough RAM area contained the keys and you keep it powered and your OS uses much less physical RAM than physically available there's no hard limit. Just forget the "week."
You really should replace the words 'for up to a week' with 'indefinitely'. Mentioning a time limit at all is misleading in that context. This isn't pedantry: it's mere correctness.
In real life, keys actually can unintentionally remain in RAM even if in the ideal case they shouldn't. And you want more than just the keys to be wiped: your secrets you want to keep, the reason you decided to use Tails. And the fact that the Tails cares about implementing RAM wiping is the top post from dmix.
I don't really trust their tests, but DDR3 memory kind of makes this attack useless. The $FEDAGENCY also plans arrests so you're cuffed with everything turned on and no way to push buttons or yank out cables like Ross Ulbricht or Max Vision
"For various reasons Tails tries to diverge by the smallest possible amount from its upstream projects, and especially from Debian"
"We try to push our changes upstream when we need to modify software we ship. This often requires us to write code in a generic way, rather than implementing ad-hoc hacks to fit our specific needs: e.g. we often need to make the stuff we need opt-in and add configuration options."
The official term for this is "Debian derivative" rather than "fork."
So, is this proof that tor is not completely subverted by the NSA? Recent articles here claim that the NSA has been deploying numerous nodes and can analyze traffic from multiple nodes to compromise the user.
Or is this proof of tor being better than nothing?
The latter. The NSA didn't have to analyze anything: Snowden was not a known target, and he revealed himself before any real manhunt or mass-analysis had started.
Impressive how much thought and work has gone into Tails development, e.g. it has a surprisingly-convincing XP skin that hides the fact you're even using Linux to the casual observer. Kudos to the devs.
Oh I see.. I just skimmed the Wikipedia article. That is very interesting. Would come in handy in an environment where your superiors are looking over your shoulder. I guess it can't be that bad of an experience since it's Linux underneath.
You can hack SD cards actually unlike the article states, Bunny's blog post and presentation at Chaos Computer Congress mentions of this possibility. SD cards have microcontrollers and with enough resources their guess flash media can be subverted. Diversity of these controllers and variety of "proprietary" standards the way these flash controllers work however can be the entropy that makes SD controller hacking very unlikely - but you never know.
It's worth noting that Tails doesn't make you impervious. Tails uses Tor, and Tor is vulnerable to NSA and GCHQ attacks. Specifically, they have the capability of deanonymizing individual targets. I hypothesize that this capability works by monitoring Tor traffic worldwide, then performing a timing correlation between an origin and an endpoint.
Here's an example: Let's say (for the sake of example please) that the NSA can passively monitor Google searches in realtime. Let's say you search for a phrase that sets off their monitor: something like "a Tor user has Googled for Snowden." They'd like to know who you are. How would they do that?
One way is to record the fact that from your home computer originated some Tor traffic at almost the same time the Google search took place.
It's unclear exactly how they deanonymize Tor users, but one piece of info that may corroborate my hypothesis is that in a Snowden screenshot, you can see the NSA has a tab called "Tor Events" in one of their tools.
The need for websites to load quickly is Tor's Achilles heel, because it enables timing correlation. The fact that few people use Tor exacerbates the problem.
I think you mean to say that users of Tor are potentially vulnerable to NSA and GCHQ attacks.
Specifically, they lack the capability to deanonymize individual targets upon request and according to the slides leaked by Snowden they are only able to deanonymize a very small fraction of the traffic and usually have to rely on attacking surrounding software, such as the Firefox browser bundled with Tor.
A global passive adversary would be a person or an entity able to monitor at the same time the traffic between all the computers in a network. By studying, for example, the timing and volume patterns of the different communications across the network, it would be statistically possible to identify Tor circuits and thus matching Tor users and destination servers.
It is part of Tor's initial trade-off not to address such a threat in order to create a low-latency communication service usable for web browsing, Internet chat or SSH connections.
> One way is to record the fact that from your home computer originated some Tor traffic at almost the same time the Google search took place.
This either implies someone already suspects you and are monitoring you or that you are the only person searching on Google using Tor at that particular moment. I find the latter hard to believe. Even if it is true, it can be mitigated by more people using tor at the same time.
You might want to run a non-exit node at your home. That way you have a lot of Tor traffic all the time, and the one time you really do need anonymity, it doesn't show up as anything unusual.
I don't quite know how this works, so forgive me if this is a stupid question, but couldn't someone just take the difference between your inbound and outbound tor traffic to find how much traffic originates from your computer?
If the in/out rate of your bridge was both constant And lower than the max in/out rate of your connection, but it seems a bit of a stretch.
(And of course they wouldn't know that it was your traffic to whatever site they're surveilling, they'd just have evidence that was not inconsistent with you actively using Tor to do Something Or Other at that time.)
Google searching no, but an IRC room or being logged into something would be good for metadata. Especially a forum or chat room where you reveal timezone or other geolocation info. "It's snowing here"
Would not take long to grep ISP logs and find the known Tor bridges, Obfsproxy bridges, relays and who might have used them.
If you tunneled Tor traffic through a VPN exiting Russia then your local ISP has no Tor timing metadata to give, unless you're Snowden and your adversary is global. Running an internal relay would help obfuscate your own traffic too if you can connect to it on a local network it would be a lot harder to prove you logged into IRC channel #blowuptheembassy on the Al Qaeda IRC freenode server.
Another Debian based boot-from-CD OS that used to be quite popular is Knoppix [1]. I remember that was a big thing in the times of Win98 viruses when people used it for system recovery. In Germany they distributed it as add-on to computer magazines.
Knoppix was my first introduction to Linux. The boot-from-CD aspect amazed me. At first the only thing I used it for was recovering data from a screwed up Windows install but eventually I got more into it and started installing other distress (starting with Ubuntu I think).
For some perspective, this was back in the days where it was actually quite a bit of work to get get linux configured and running correctly on your at home desktop. Knoppix was quite a miracle.
Knoppix came out in 2000, a lot of time had passed since it was "actually quite a bit of work to get get linux configured and running correctly on your at home desktop." If you were mot using a thinkpad or ibook a laptop could still cause some trouble.
I started using linux around 2004 and it still required quite a lot of technical knowledge to get working. Drivers were a big issue around sound, graphics, and network.
What I found most delightful about knoppix was that with zero configuration on the first boot every single one of my hardware devices was recognized correctly.
Knoppix and Slax were my first foray into Linux as a teenager. The latter also introduced me to the terminal, in my quest force it to boot from a HDD... Many a partition died that week.
Knoppix was really innovative for it's time, the first live CD OS that I know of, it was great for accessing drives that were toasted or even mounting other linux volumes. All the stuff we do with USBs now, but back in the early 2000s it wasn't an easy thing for them to accomplish.
Some alternatives: Whonix: (vm isolated or hardware device isolated, tor) https://www.whonix.org/ and Qubes OS: (sandboxing different processes, needs torVM to do tor things) http://qubes-os.org/trac
Even wired don't know what an OS is. Or rather the definition of OS has changed. A strange time when your industry jargon enters the popular lexicon but always slightly twisted.
You can't even call yourself a Troll in the UK now without people thinking you go on Facebook and mock the dead to their nearest and dearest.
Yes, the BBC News at Ten told us that "the website Mumsnet has warned its 1.5 million users that their data may have been hacked as a result of the Heartbleed computer bug. It's the first time the virus has been found on a British website"
I have found the BBC's Technology reporting particularly irksome. Their website is filled with re-hashed press releases. I even re-wrote an article concerning turning urea into electricty for them to show what it could have been like if they had put half an hour's effort into it, naturally I didn't even get a response.
Of course not. They thought that you were taking the piss in a shocking way.
I did once mail a correction to a story about a new EU regulation which had been a high profile item across BBC News. It was quite a fundamental thing, and I got a short mail from a senior editor, thanking me and angrily lamenting that it wasn't a difficult thing for his reporter to check, state of journalists these days, etc etc. The story was changed.
This depends. technically linux isn't an OS, just a kernel (hence the whole GNU/linux stuff). But even the GNU + linux isn't really a full OS. I feel calling a distribution an OS is pretty valid (though it is a member of the linux family and based off of debian).
I guess the main thing would be the OS is everything which isn't an application, and Tails is definitely not a single application, though it is specialised.
> How do we now it isn’t some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it’s bad for the NSA, it’s safe to say it’s good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play.
It does not follow that either, or both, of these points (Open source, an NSA complaint slide) make this "snare proof". I'm not saying that it isn't, but there is no logic in the Wired article's assertions.
I think users would prefer that covert government agencies not know where to find the authors, either to avoid undue influence or surreptitious hacking of their development machines to insert backdoors and other nefarious things.
Plus, as TFA states, the code is all out there in the open and able to be reviewed. Does it matter who wrote it at that point?
Found late, and found in a an error-prone environment.
This weakens the oft-implied "proof by open-sourceness", and has brought up some criticism on how open source projects are ran and incentivized.
Doesn't mean "Open Source sux", just some nuanced criticism, ok?
I assume that no one in its right mind would refute a nuanced criticism of Open Source, but the grandparent just didn't think it necessary to be nuanced or elaborate or make some concrete point at all. He just went for the quick pun and is being down-voted for it.
The audit occurred because testing revealed the presence of a problem. Shutting the stable door after the horse has bolted is no vindication of open source.
The vulnerability was first found by a fuzzer, which would have worked equally well on closed-source software. And I believe the fuzz tester (part of Codenomicon's "Defensics") is also closed-source.
You misunderstand - how would the public have found out about the results of that audit? There is no incentive to release this information for a closed product; very much the opposite.
This point is important. Testing came first and then auditing. In other words, black box testing and then white box testing. Why pretend you are better off just because you have millions of lines of inscrutable source?
Your encrypted data and sensitive files are often accessible via memory forensics even if you shut your computer down. Including the websites you visited. Your encryption keys can be in your computers memory for weeks and is easily accessible via a memory dump.
This is why people say that with physical access your computer can always be owned. Even if it's encrypted. Tails is the only one I know that handles this attack vector by default.
https://tails.boum.org/contribute/design/memory_erasure/