Kanotix Requests - Linux Security and government/corporate spying.(On Topic).
userx - 04.09.2012, 10:55 Uhr
Titel: Linux Security and government/corporate spying.(On Topic).
Kanotix is an excellent distro that is about as easy to use as Linux Mint or Ubuntu, and has some advantages over Ubuntu/Mint in that it is able to use a live persistant mode that is also capable of loading the proprietary drivers. This is awesome.
However, while many distros are built for "home networking" or merely pile desktop functions onto distros built for servers, I think Kanotix could find a useful nitch by moving AWAY from cloud computing and remote networking, and instead focusing on building a 'noob friendly' distro that is more focused on maintaining privacy/anonymity without too steep of a learning curve.
"Security" is a relative concept. The definition of security depends on your threat model. A server needs to secure parts of its system while allowing heavy traffic to read its files selectively. A live desktop user does not want ANYONE to read their home directory unless they explicitly choose to share something. A server needs to make sure certain traffic is encrypted and verified and limited and 'secure'. A home user needs to make sure that nobody is trying to remotely login, unless this is explicitly setup; and that nobody is treating their private computer like a 'server' to crackers or state agents. "Encryption" and verification tools that are practical for a server are not as beneficial to a home desktop user, and in fact may only hide what is happening to inexperienced users.....I have no interest in helping remote loggers encrypt their activities on MY system from ME in my own file system, and would rather that door be closed entirely unless I go out of my way to open it on my end.
Remote login should be impossible unless you explicitly set it up for that. It should not be easy for hackers to gain a streaming image of from desktop session or wecam or microphone. Keyboard logging should be made difficult. Your machine should not advertise itself or hardware or uuids beyond the bare minimum for functionality, while still offering an easy-to-use conventional desktop experience.
A tool to erase history from ram would be an extra bonus.
[Rationale for this suggestion]
1. A live distro in persistant mode is already highly desireable to people who want to maintain their privacy. Kanotix is in many ways more practical than Puppy for this purpose because it is faster and more automated to boot up. Not many distros are able to offer a fully functional live environment that boots into ram, yet can also be installed to hard drive to be remastered for special purposes. The niche of people who would most appreciate this are likely to be more privacy oriented than people who are installing Ubuntu or Linux Mint.
2. While 'cloud computing' was the popular 'new thing' in Linux for a while, I am noticing that many people are feeling uncomfortable with their technology being externally controlled. Yes, it is cool that you can use your cell phone to open your car door if you happen to lock your keys but not your phone in the car.....But that also means that the government or other criminal hackers can unlock and shut down your vehicle remotely. While it is a bit easier to set up a home network with Ubuntu/Mint, the default privacy settings are horrible. The two classes of people who benefit most from insecure networking are government spies and malicious hackers/crackers.....and neither are likely to reveal their own credentials while they are digging through yours.
3. A live session is not meant to be installed long term. The situations where you would want to enable remote access are few and far between. It should be technically possible using persistant mode, but not something that is enabled by default.....Now remotely controlling OTHER systems is a different story, but the live system should not be setup to be externally controlled itself.
4. Many of the Stallman-esque distros are unsuitable. A live system should already have all possible hardware support. Many of the fanatically free distros do not offer the tools necessary to take full advantage of Cuda, or even to connect to wifi in order to GET the necessary drivers in the first place....If I am stranded and need to get online, I am going to favor practicality over purity since getting online is the more immediate priority. I think free software should be favored when all else is equal, because it is an advantage to be able to audit and hack your system, but it is not an advantage if you cannot even get online to look for a solution.
5. People want to feel secure, which is why many are using Linux over Windows. Sometimes this is a false sense of security.
1. The director of the FBI recently said that he wishes to spy on civilian citizens through their televisions and 'smart appliances'. We should assume that they already are evesdropping on our webcams and microphones.
2. In China, many systems have been hijacked by the government in order to spy on them. Webcams can be activated (without the light going on), even on Linux and especially on Ubuntu.
3. A number of hackers have already found ways to exploit the 'remote access' functionality of the latest ubuntu. This means that your privacy can be unknowingly compromised during private moments.
4. This is real and I am not making it up. It is not paranoia if its true.
5. Torrenting sites like the Pirate Bay and Demonoid have been under heavy persecution from states and corporations. This forces users to resort to methods like Freenet, I2p, and other newer alternatives. File sharers are not hurting anyone, though the corporations imagine that every downloaded file is a lost sale (not true). Governments have been unfavorable to torrenting since it has been used to distribute Wikileaks style material.
Regular file sharers are often subject to having their hard-drive snooped on just for VISITING a torrent site, on the basis of 'looking for evidence'. The remote access exploits only make it easier for them to snoop on us, illegally or otherwise.
Since Tor is unsuitable for torrenting, I2P and freenet are the more stable alternatives currently. Tor additionally has a bad habit of auto-starting at boot, which is bad in so many ways. Tor also gives a false sense of security in that the outproxy can read your output even if your IP is somewhat hidden. People do not realize that by logging into facebook with Tor that they are actually LESS secure and private than using an unencrypted http connection in Internet Explorer with no addons.....The moment you login to something that IDs you then not only is your anonymity blown but you ALSO could have somebody doing man-in-the-middle on the outproxy. Tor is useful in the right hands if you know how (and when) to use it, but most users would be safer using networks that are built for staying inside of the darknets and avoiding unknown third party outproxy as much as possible. It would be nice to see Freenet and I2P included in more distros, and for Tor NOT to autostart if you did not ask it to.
Bottom line is that there are very real threats to home users, and that their security needs are not properly addressed by server distros or by distros that are built for open-networking and cloud computing.
Please consider all this and help make your distro suitable for people who do not want to be spied on, and who may have experienced cracking and remote login attempts first hand
Seriously, I have seen remote login history in my logs when I never even intended to set this up to begin with, and seen personal documents in my text editor history that I never opened with those editors. Just today somebody turned on my computer remotely, but they were unable to turn it off before I got home thanks to my removal of packages (which also partially broke my system in the process). Most people are probably more under the radar, but everyone is being logged and profiled these days.
A totally secure system is probably not possible, but ideally we want to make it as difficult and expensive as possible to violate peoples privacy. People need to collectively start caring about data-mining and wifi-cracking spy drones, or the future will be looking pretty bleak.
coyotl - 12.10.2012, 10:20 Uhr
Thanks for your informative post. I for one could definetely get more active securing my pc. Now I use mobile internet which makes me a little harder to get at. But recently I made a big mistake, an internet shop asked for card details per mail which i stupidly sent by Yahoo mail, probably the most insecure of the big ones. Lost some money, will get it back though, and was able to get some back straight away by contacting shops. Got the hackers name/adress and gave it to police, shops, paypal etc etc.
Alle Zeiten sind GMT + 1 Stunde