[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] Fully FOSS Tails OS
From: |
Denis 'GNUtoo' Carikli |
Subject: |
Re: [GNU-linux-libre] Fully FOSS Tails OS |
Date: |
Sun, 15 Jan 2017 22:46:51 +0100 |
On Sun, 15 Jan 2017 09:46:50 +0100
Jaromil <address@hidden> wrote:
> > Assuming that this is done, and that the distribution is FSDG
> > compliant, and listed in the fsf website, it is strongly advised to
> > find a way to verify if the websites that are being visited can
> > distinguish between Tails[3] and it's FSDG counterpart. Asking the
> > tor developers about it on their mailing list might be a good way to
> > find out.
>
> we'll take care of positioning once a stable version is out. Our
> effort is non-profit so visibility and marketing is not as much a
> priority as the quality of our results, but your concern on percepted
> distinction is a valid one, we'll eventually need a hand also in case
> the persistent-tails distro insists in using the heads name.
I was not talking about marketting at all, I was talking about something
completely different and related to deanonimization:
As you probably know, using Firefox/Icecat/Iceweasel-libre with Tor
instead of using tor-browser breaks the anonimization[1]: Each user
will have a unique browser configuration on panopticlick[2]. The
tor-browser heavily modify Firefox to prevent leaking configuration
that can uniquely identify the user by its configuration.
Since we need to make tor-browser FSDG compliant, we need to make sure
that such changes doesn't allow an attacker or a website to know if the
user is running tor-browser or tor-browser-libre.
If that happens, the probability of deanonimizing tor-browser-libre
users are way bigger...
With:
> it is strongly advised to find a way to verify if the websites
> that are being visited can distinguish between Tails[3] and it's FSDG
> counterpart.
I only refered to the issue I just described above, and meant that,
once everything is done and that the distribution is FSDG compliant, we
could ask the Tor developers if the modifications made to the
tor-browser to become FSDG compliant breaks the anonimity (by allowing
an attacker to distinguish if the user is using tor-browser or the
modified FSDG version) or not.
References:
-----------
[1]It still may protect the user's location from the website. This can
be useful in some cases.
Denis.