Liberté Linux or Tails?

Discussion in 'privacy technology' started by lucygrl, Dec 3, 2013.

Thread Status:
Not open for further replies.
  1. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Which do people here think is more anonymous and secure, Liberté Linux or Tails?
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Whonix ;)

    I say that because of the gateway-workspace isolation. Based on what Snowden has released, it appears that Tor is most vulnerable through userland exploits. Neither Tails nor Liberté Linux isolate Tor from userland.

    Even better would be Qubes, because it isolates more securely.

    Also better would be installing Whonix gateway and workstation on separate hardware.
     
  3. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Thankyou, in regards to Whonix Im just starting to look at that now. Am I correct in saying that I need to place Whonix inside a virutual box and that virtual box needs to sit inside a Linux OS? If so, what Linux or Unix would you recommend?
    Should I use Qubes?
    Also, what do you think of OpenBSD?
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Yes, Whonix is a pair of virtual machines, designed to run in VirtualBox.

    I like VirtualBox in Linux, and prefer the Debian lineage (including Ubuntu, Xubuntu, Mint, Crunchbang, etc). Ubuntu is a good choice for ones first Linux. But it doesn't matter very much, because you'll be working in VMs. VirtualBox is also available for Windows, but I don't trust Windows as much.

    I don't recommend starting with Qubes.

    I also don't recommend starting with OpenBSD. Learn Linux first, then the BSDs. You could say the opposite, of course, but you'll have more company in Linux-land. PC-BSD is cool, though :)
     
  5. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    I started with Ubuntu, then switched to Linux Mint based on the Ubuntu stable version. Ill stay with that for the moment till I learn more. After nearly 20 years of windows Im having a few problems with Linux.

    Was just thinking, it would be a good idea if someone could put all this together in a package, that is linux, virtual box, whonix, tor, etc and make it available in one simple download. Id even be happy to pay for the convenience. Im guessing because its open source this would be ok, but correct me if im wrong.
     
    Last edited: Dec 4, 2013
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Well, that's what Whonix does for Tor. All you need to run Whonix is VirtualBox, which isn't that hard to install. And the OS, of course.

    I'm pretty sure that doing all that in a modified installation iso is possible. But it would be very difficult.
     
  7. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Can you please explain about the separate hardware? How to set this up and why?

    Thankyou.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Notwithstanding theoretical protocol vulnerabilities, it seems from experience that Tor users are most vulnerable through attacks on browsers, Javascript, etc. In NSA presentations mentioning Tor, the focus is on zero-days and such, not on traffic analysis. The FBI deanonymized visitors to sites on Freedom Hosting (a Tor hidden service hosting site) through a Firefox vulnerability.

    I don't believe that any known attack would have succeeded against Whonix users. Even though the Whonix workstation would have been compromised, it could not have reached the Internet except through the Tor network, because the Tor client is in a separate Tor gateway VM.

    The Whonix gateway and workstation VMs are potentially connected in two ways: 1) through the host machine; and 2) through their shared private network. The first potential connection includes both overt compromise of guest-host isolation, and also side-channel leaks (by modulating CPU load and such). Putting the Whonix gateway and workstation on separate physical machines prevents all of that.

    There's still the possibility that adversaries could compromise the Whonix workstation, and then compromise the gateway's firewall. While that risk is unavoidable, it's also common in all networks, so vulnerabilities tend to get identified and patched quickly.

    There are instructions at https://www.whonix.org/wiki/Physical_Isolation.
     
  9. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    Liberte Linux is much better programmed than WHOINX & TALIS and I trust it more. It is a hardened Gentoo OS with GRsecurity/Pax patches that harden's the OS.

    The problem is the Author/Coder is concentrating on mobile app's and not updating Liberte at this moment.

    Someone needs to fork Liberte because it's a great LiveCD/OS.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Perhaps, but userland and Tor are still in the same OS. If an adversary roots Liberte through some browser zero-day, what stops them from messing with Tor?

    Are you arguing that Liberte isolates browser etc from Tor better than Whonix does?
     
  11. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Mirimir, I have a slight problem with the install. I need to use the pluggable transports bundle, but it does not install this automaticaly, it seems I need do this manually. Can I download that bundle direct into Whonix? Sorry, IM just confused how to do this.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I don't know.

    Ask in tor.stackexchange.com
     
  13. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Will the Author be returning to do further work on Liberte? Can Liberte be installed in virtual box?
     
  14. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202

    Thankyou, I sorted it out. Now, im just wondering, after using Ubuntu, then changing to Mint (based on Ubunbtu) , what are the best Linux Systems I should now be looking at in terms of privacy? I read a lot of people say Debian, some say Gentoo and others say Open BSD. I do not have time to try everything, and I do not want to stay with my Mint because I have some doubts about privacy security. What do people recommend?

    thankyou.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    @lucygrl

    I find adrelanos' arguments for Debian persuasive.
     
  16. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Thankyou, I will go with Debian, there seems a lot of strong support to use this one.
     
  17. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    I notice Liberte use the Epiphany browser, what are the reasons why the developer chose this browser over Firefox?
     
Loading...
Thread Status:
Not open for further replies.