Researchers plan to disclose critical bugs to TAILS team soon

http://threatpost.com/researchers-plan-to-disclose-critical-bugs-to-tails-team-soon

 

http://www.theverge.com/2014/7/22/5927917/the-worlds-most-secure-os-may-have-a-serious-problem

 

If you want to be safe when using a computer then don't use one. There is a reason why the Germans and Russians want to go back to manual typewriters. The three letter agencies (that includes non-US affiliated ones as well) have nearly infinite amount of money when compared to the TAILS developer/community. So it's always going to be cat and mouse game with the cat always catching up.

 

http://threatpost.com/researchers-demo-tails-flaw-exploit-disclose-details-to-developers

 

... and Exodus' post:

http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/

 

Yes, even vice president of Exodus is saying, we should not trust any software:
“Our main goal…was to bring attention to the fact that no software is infallible and those seeking anonymity should not blindly trust a software recommendation (even if it is from Snowden),” Portnoy said via email.

 

It also depends on how interesting you are to target in the first place. World population is around 7 billion.

 

I said it in another thread as well, but that line of thinking is as dead as security by obscurity. Global surveillance isn't about interesting targets, it's about mass. The idea is that by keeping tabs on everyone, threats are more likely to be stopped. Preferably before they even begin, which is why you're seeing folks get tagged for "interesting" Google searches, etc. That idea is not working and the intelligence community knows it. But, naturally, they don't want to get rid of their toys of course and as always higher ups make the decisions for the real experts. So, the programs keep chugging along and more and more money is thrown at it.

Hqsec pointed out a statement that I believe everyone should remember as well. Snowden isn't the end all, be all of security and can't tell you every nook and cranny of every piece of software on earth. He doesn't make software and isn't a security "god". Snowden has become a sort of hero, a symbol of "patriotism". Yes, he stood up and said "enough", but so have hundreds of other people. Many a former agent has warned of what has been going on for years and years, only to be discounted as a nut or told to sit down and shut up. Many of us who have connections inside these agencies have repeatedly said something was wrong, but were dumped in the FUD/Tinfoil hat trashcan. Go through this forum alone and look at posts and threads of years past. He's one guy in an enormous machine, and not even his revelations are going to change things where they need changing. You cannot rely on anything to keep you safe. No VPN, no TOR or Tails or chaining all of them together can guarantee you anything. Of course I expect that opinion to be trashed as well, which is okay. I can already see "But, math!" coming a mile away to counter it. I'll simply wait for another "revelation" to come around and be proven right.

 

I'd say that using Tails (or TOR in general) makes you a target for certain government agencies...

 

To both of you: I know all of this. More than half my posts echo what you're saying.
https://www.wilderssecurity.com/threads/i-dont-like-opting-out.366310/#post-2393026
https://www.wilderssecurity.com/thr...abetting-tlas-boycot-tor.366193/#post-2392949

There's the automation and collection of the masses, but then there's the actual agents/contractors/people/teams that work against one particular target.

http://blogs.computerworld.com/encr...-better-encryption-save-us-surveillance-state

There's vulnerabilities in all software, there always will be. The Tails devs know this:

https://tails.boum.org/news/On_0days_exploits_and_disclosure/index.en.html

Basically, I agree with the mindset of "the only way to win is not to play the game (by having an internet connection, or a computer)". But I also think that all these massive groups against privacy put their pants on one leg at a time like the rest of us. They can not censor or control every one of the billions of people. We ain't North Korea, yet.

 

That's my point. How much of a target for harassment you become by using Tor/TAILS vs doing regular searches on daily basis.

 

https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/index.en.html

Again it can be protected against by the age old "use Noscript". The browser is always going to be the targeted thing with Tor.

But it's far from being the end of the world.

 

http://threatpost.com/tails-team-recommends-workarounds-for-flaw-in-i2p

 

https://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release

So I expect that Tails should be updated soon.