Bug #15767

Inserting encrypted USB drive does not prompt for decryption

Added by huertanix 2018-08-06 23:50:53 . Updated 2019-01-28 18:50:33 .

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2018-08-06
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

While training journalists on using Tails and transferring documents offline between Tails workstations with LUKS-encrypted USB drives, journalists assume something went wrong / didn’t work when they insert a working encrypted USB drive and no notification or prompt appears.

A side note: Even once I point out the drive on the Nautilus side bar, trainees almost always assume that the eject symbol is what they need to click in order to decrypt+mount, because that is the only thing resembling something clickable next to the drive name. They end up ejecting it instead and then have to start over by re-inserting the drive. It would be great to bypass having to deal with Nautilus and the confusion it causes.

UX recommendations:

  • Show a prompt to decrypt+mount a drive immediately when it is inserted. Once the drive has been decrypted and mounted, open a Nautilus window showing the contents of the now-decrypted drive. Other Gnome-centric distros (Kali Linux) show a prompt once a drive is inserted to enter a decryption passphrase and mount the drive, not sure if this is a Gnome setting or something they custom-made, but Kali is FOSS and sharing is caring:
  • Create a shortcut for each USB drive inserted, on the desktop, as macOS does, for example.

Subtasks


Related issues

Related to Tails - Feature #15628: Consider re-enabling automounting to improve VeraCrypt UX Resolved 2018-05-30
Related to Tails - Feature #5314: wheezy: dont automount external storage devices Resolved
Related to Tails - Feature #14544: Spend software developer time on smallish UX improvements In Progress 2018-08-31
Related to Tails - Feature #9569: Research available protections against rogue USB devices Confirmed 2015-06-13
Blocked by Tails - Feature #15900: Consider mounting external drives automatically (enable automount) Confirmed 2018-09-02

History

#1 Updated by taowa 2018-08-10 16:06:49

I’d be inclined to keep this behaviour. tails.boum.org states that “[Tails] aims at preserving your privacy and anonymity, and helps you to: […] leave no trace on the computer you are using unless you ask it explicitly.”

While mounting a USB key that’s plugged in isn’t technically leaving a trace on the computer, it might still be detectable to someone who analyzes the USB key. Because of this, I think that waiting until a user explicitly asks that the drive be mounted (by clicking on it in Nautilus) is good.

#2 Updated by Anonymous 2018-08-16 10:21:17

  • related to Feature #15628: Consider re-enabling automounting to improve VeraCrypt UX added

#3 Updated by Anonymous 2018-08-16 10:21:26

  • related to Feature #5314: wheezy: dont automount external storage devices added

#4 Updated by Anonymous 2018-08-16 10:22:47

I agree with both reasonings: yes, this is unexpected behavior when you first use Tails. And yes, it’s about privacy and was deactivated by default in Feature #5314.

I’ll leave this ticket open for some more comments.

#5 Updated by mercedes508 2018-08-16 15:45:52

  • Status changed from New to Confirmed
  • Assignee set to sajolida

#6 Updated by mercedes508 2018-08-16 15:48:29

  • Status changed from Confirmed to New

#7 Updated by sajolida 2018-08-17 08:46:20

  • Status changed from New to Confirmed
  • Assignee changed from sajolida to intrigeri
  • QA Check set to Info Needed

Thanks huertanix for bringing more input in this problem! We discussed this recently while working on VeraCrypt, see Feature #15628.

I agree with you and the usability/security trade-off is really not that clear to me here.

I also understand from your report that if people have a hard time opening an encrypted USB stick, they would similarly have a hard time opening an unencrypted USB stick (because the feedback and workflow is the same until you get to the password prompt).

Regarding your proposed solutions:

  • A. Show a prompt to decrypt+mount a drive immediately when it is inserted. That’s the default behavior in GNOME and we disabled it, see Feature #15628#note-1.
  • B. Create a shortcut for each USB drive.

Other ideas:

  • C. Display a notification offering to mount the USB drive. Like GNOME has for when the USB drive is mounted.

To me this issue looks like Feature #15678 where we eroded a bit the usability of the core of the OS in the name of security without investigating the real consequences or having a real plan on how to get this lost usability back.

intrigeri: If you think this fits in the FT triaging work, I’d like some insight on how hard it would be to implement B or C.

#8 Updated by intrigeri 2018-08-26 06:04:56

  • Assignee changed from intrigeri to segfault

I think segfault knows this sort of things better than me. segfault, can you please take a look and answer sajolida’s question (not more than 30 min) as part of your FT work? TIA!

#9 Updated by sajolida 2018-09-02 14:16:04

  • related to Feature #15900: Consider mounting external drives automatically (enable automount) added

#10 Updated by sajolida 2018-09-02 16:48:56

  • related to Feature #14544: Spend software developer time on smallish UX improvements added

#11 Updated by segfault 2018-09-04 19:48:37

> B. Create a shortcut for each USB drive.

Where should this shortcut be and what should it do?

> C. Display a notification offering to mount the USB drive. Like GNOME has for when the USB drive is mounted.

Seems doable to me. We could use signals from UDisks or GVolumeMonitor for this. Could probably reuse some code from VeraCrypt Mounter Unlock VeraCrypt Volumes. Shouldn’t take more than a few hours.

#12 Updated by segfault 2018-09-04 19:48:49

  • Assignee changed from segfault to sajolida

#13 Updated by intrigeri 2018-09-05 09:01:36

>> B. Create a shortcut for each USB drive.

> Where should this shortcut be and what should it do?

FTR the future of desktop icons is uncertain and we already have a tentative agreement to drop some of them whenever they become too problematic to maintain, so let’s not make decisions that imply relying more on these icons. Now, if we’re talking about shortcuts in the Places menu, fine :)

#14 Updated by intrigeri 2018-09-19 14:36:54

  • related to deleted (Feature #15900: Consider mounting external drives automatically (enable automount))

#15 Updated by intrigeri 2018-09-19 14:37:01

  • blocked by Feature #15900: Consider mounting external drives automatically (enable automount) added

#16 Updated by intrigeri 2018-09-19 14:37:54

IMO we should make a decision on Feature #15900 before spending too much time here based on the assumption that we won’t re-enable automount.

#17 Updated by sajolida 2019-01-23 13:24:57

  • related to Feature #9569: Research available protections against rogue USB devices added

#19 Updated by sajolida 2019-01-28 18:50:18

  • Assignee deleted (sajolida)

#20 Updated by sajolida 2019-01-28 18:50:33

  • QA Check deleted (Info Needed)