Incognito succeeded by Amnesic Incognito Live System

The (Amnesic) Incognito Live System.

Anonym annouced the succession on the Incognito website and released version 0.5 of the Amnesic Live System (CD and USB) on May 1, 2010.

Warning: Like Tor, this is alpha software, do not rely on it for strong anonymity!

-- Tom

 

Interesting stuff, anyone tried it?

 

When I clicked on that website I got this:



And then when I tried to continue I got this:



Can someone explain this to me?

 

Thanks for that. However, for me that is like looking at some tablet recovered from an alien spacecraft.... So does this mean that the website is safe?

 

Hi caspian,

Given that anonym is behind both Ingonito (based on Gentoo), and amnesia(c) is now based on Debian and it is all about anonymity - the website is safe, and the software is not as strong as Xerobank's anonymity. So, yes, it is safe - to answer your question.

-- Tom

 

It looks like amnesia uses the Firefox clone IceWeasel version 3.0.6 which is an old version since IceWeasel was superceeded by IceCat which is now at version 3.6.4 as of June 23, 2010. I assume IceWeasel is a left over from the original Incognito.

Another change from the original Incognito is the use of Vidalia in the Gnome environment on a Debian release vs the orginal use of Tork in a KDE environment in a Gentoo derivative.

One thing I have to mention is that the memory wipe at shutdown from the original Incognito took a long time (I have 4GB RAM installed, only 3GB user available). However, the memory wipe at shutdown in amnesia is very fast - I'll have to look at how it's implemented which is what I did in the original Incognito and figured out a way to incorporate it in my own Live CD environment.

Amnesia runs Linux kernel 2.6.26-2-686, an older kernel than currently available. I have not yet figured out where it issues the smem command to securely wipe memory at the end of shutdown, but that is the executable, probably with the -ll parameter that just zeros out memory. The package is either in the repositories for Debian or can be downloaded from thc.org with other tools like sfill.

-- Tom

 

Thanks for that. Is this something like Tor that works with your browser?

 

Thank you so much for explaining that to me. I will have to read up a little on ssl certificates when I get a chance.

 

Hi caspian,

Not exactly. It is a self-contained Live CD system (about 500 MB in size) which is being specially crafted for both security and anonymity using Tor for all Internet connections - email, IRC, etc. and uses the Debian Firefox 3.0.6 browser.

-- Tom

 

Actually you're referring to some other IceWeasel (yeah i know..)

http://wiki.debian.org/Iceweasel

Debian's Iceweasel has not been superseded by anything, although rumor has it that it may return to Firefox again, pending on some changes in Firefox or something.

If it's 3.0.6 then it's likely based on Debian stable, Lenny. Or may be mixed.

 

Thanks for that. I added it. Very cool!.. I'm surprised that I haven't seen it mentioned here...

 

That sounds really cool. So since this is a Live CD, does this allow you to use flash and all of the fun stuff that you ordinarily can't use with Tor? I wonder what happens if you fire it up while connected to Xerobank? Would it tunnel through Xerobank or would it create a separate connection and bypass it?

 

Hi caspian,

What makes you think Flash can't be used with Tor - it depends on the browser you use. I have used Gnuzilla/Icecat with Flash over Tor - not recommended due to privacy concerns, but it can be done if you add the Flash plugin.

Since you would be using Tor at this point, with the Amnesia Live CD, the tunnel would be through Tor. If you are using a VM approach and have Amnesia booted up as a guest OS, I am not sure if the Xerobank tunnel would apply to another guest OS OTOH, using Amnesia would require a separate OS bootup, and I don't know if it would be possible to fire up a Xerobank connection from withing Amnesia as all of the Internet connections are forced through Tor from it.

-- Tom

 

Hi Pedro,

Right you are about two IceWeasels and about Debian's Lenny IceWeasel. However, I believe that the original Incognito used the Gnu version of IceWeasel which is now up to version 3.6.4 of a derivative clone of Firefox. Gnuzilla Icecat uses a .gnuzilla directory in the user's home directory rather than the directory name .mozilla for the user's profile state.

I suppose anonym is starting with Debian's IceWeasel, and since it is based on Firefox 3.0.6 - it is also way out-of-date for Firefox updates and improvements, as is Gnu/Icecat 3.6.4 at this point without the recent upgrade of separate processes for add-ons in FF 3.6.6 - I bet the Gnuzilla development team is waiting for FF 4.0 (of which Beta 2 is due out this coming Thursday) - and, that probably means that FF 4.0 release won't be far behind, maybe in August or September.

-- Tom

 

You're right, but there's a reason for that. It's a stable version, no new features are introduced until the stable branch is updated, and security fixes are maintained by the Debian security team.

It's a way to fix security bugs, bugs in general really, and maintain compatibility between thousands of programs, and twelve architectures.

 

Hello,

I would appreciate some advice on an issue:

I would like to use a Live CD in conjunction with a True Crypt volume on a hard drive. (I assume that is possible since True crypt is part of the package) However, the TC documentation warns against data leaks:

"When a TrueCrypt volume is mounted, the operating system and third-party applications may write to unencrypted volumes (typically, to the unencrypted system volume) unencrypted information about the data stored in the TrueCrypt volume (e.g. filenames and locations of recently accessed files, databases created by file indexing tools, etc.), or the data itself in an unencrypted form (temporary files, etc.), or unencrypted information about the filesystem residing in the TrueCrypt volume. Note that Windows automatically records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. "

(http://www.truecrypt.org/docs/)

and suggests that one should:

"download or create a "live CD" version of your operating system (i.e. a "live" system entirely stored on and booted from a CD/DVD) that ensures that any data written to the system volume is written to a RAM disk"

also,

"Mount hidden volumes only when such a "live CD" system is running. During the session, only filesystems that reside in hidden TrueCrypt volumes may be mounted in read-write mode (outer or unencrypted volumes/filesystems must be mounted as read-only or must not be mounted/accessible at all). If you cannot use such a "live CD" version of the operating system or if you are not able to ensure that applications and the standard version (as opposed to a "live CD" version) of your operating system do not write the above types of sensitive data to non-hidden volumes (or filesystems), you should not mount or create hidden TrueCrypt volumes under Linux. "


Does Incognito protect against leaking data to outer/unencrypted volumes, or allow one to choose not to access them?

 

Hi Aiyzan,

I use my own custom Live CD environment based on the latest Ubuntu (10.10). Whenever, my network is live, non of my hard drives are mounted. If I download something, I want to save to hard drive, I disable the computer connection to the network first, do the save to hard drive, destroy the in-RAM copy, and then re-enable the network connection to the Internet. Incognito can be used in this way standalone. Since I have 4GB RAM (3GB usable), all of my data are initially written to the RAM-based file system.

Having no experience using either TrueCrypt or any of the virtual sandbox solutions, I do not feel qualified to answer that part of your question.

I do know that with enough disk space, the remastersys tool can be used to concoct a Live version of your system (CD/DVD).

Incognito would allow one to choose not to access any unmounted volumes inclulding (outer/encrypted) or otherwise.

Since all of the session is booted up via Incognito, unless you mount a drive - no one can access it.

-- Tom

 

Hi Tom,

Thanks for the advice, I'll give it a try.

 

I have found that this Live CD does not contain Truecrypt. Would it be possible to modify it somehow to include it? Or are there alternatives (other Live CDs or instructions on how to create one) that include Truecrypt or other trustworthy encryption programs that support plausible deniability?

Also, this Live CD does not include instructions on how to mount a hard drive partition or how to disable TOR, and I am not familiar with the operating system.

Sorry for the noob questions, I am not familiar with Live CD's but I would like a solution that offers plausible deniability and permanent storage other than the TrueCrypt hidden operating system (which is cumbersome to use).

 

Source?

Aiyzan: remastersys has already been mentioned. Together with an easy to use Linux distro like Ubuntu anything you asked for can be done.
You can get further help on the UNIX forum.

 

Hi katio,

The source for my comment "the software is not as strong as Xerobank's anonymity" is basically that Tor (upon which both Incognito and Amnesic are based) is weaker due to the exit node potential to be snooped vs Xerobank's closed network to access your destination (Note: trust of the provider is an issue here, but maybe less so than with Tor which can be a crap shoot). Additionally, with all of the attributes/features of the technology that Xerobank provides to manifest anonymity in a secure way, I'd be interested in seeing a side-by-side comparison with Tor to further refine the assessment - the cost difference notwithstanding, although I think I have heard of cheaper alternative subscriptions which do not provide the full 3-hop capability (1 hop), but get mixed into the exit node traffic to make traffic analysis more difficult to do.

-- Tom