Tails

#2 Updated by quiliro 2013-08-12 14:14:09

Please do not divert the issue over etymology of the words free or opensource.

The point is that TAILS cannot be secure if it includes software that does not come with the source code because it is not auditable. It could come with software that spies its users. Is that too hard to understand?

#3 Updated by akuckartz 2013-08-15 12:37:24

Which non-free software is contained in Tails? Why? Are users informed/warned before that software is executed?

#4 Updated by Kurtis 2016-01-08 07:32:13

What are the blockers to meeting the FSF requirements? Would it be difficult or desireable for the Tail team to fork Tails and have a version that meets the FSF requirements, even though a lot of novices wouldn’t use it?

#5 Updated by Kurtis 2016-07-05 18:49:56

Would Tails ever consider also packaging Tails with the linux-libre kernal and having two releases for those that want to be more free as in freedom? I understand not wanting to take the whole project exclusively on the free software path so that people that have nonfree software periferals and wifi cards can still use it, but this seems pretty important to me. Do ya’ll agree?

http://gnu.org/s/linux-libre

Tails

Tails uses the vanilla version of Linux, which contains nonfree firmware blobs.

Debian GNU/Linux

Debian’s Social Contract states the goal of making Debian entirely free software, and Debian conscientiously keeps nonfree software out of the official Debian system. However, Debian also provides a repository of nonfree software. According to the project, this software is “not part of the Debian system,” but the repository is hosted on many of the project’s main servers, and people can readily find these nonfree packages by browsing Debian’s online package database and its wiki.

There is also a “contrib” repository; its packages are free, but some of them exist to load separately distributed proprietary programs. This too is not thoroughly separated from the main Debian distribution.

Previous releases of Debian included nonfree blobs with Linux, the kernel. With the release of Debian 6.0 (“squeeze”) in February 2011, these blobs have been moved out of the main distribution to separate packages in the nonfree repository. However, the problem partly remains: the installer in some cases recommends these nonfree firmware files for the peripherals on the machine.

https://www.gnu.org/distros/common-distros.html

Free Software for Freedom!

#6 Updated by intrigeri 2016-07-16 05:25:39

> Would Tails ever consider also packaging Tails with the linux-libre kernal and having two releases for those that want to be more free as in freedom?

Given enough new, additional energy put into the project (and in particular, in streamlining our release and QA processes, plus finding out how to present that additional choice to users without harming UX for 99% of them), I’d personally welcome this. Not sure my team-mate would agree, as we’re talking of a great amount of additional work here, and everybody on the team will be impacted somehow.

#7 Updated by Kurtis 2016-10-06 00:00:20

Did you ask your team-mate about this? If you welcome this, can you change the status of this issue so it doesn’t say “resolved”? Software freedom is important. Also, I’d imaging that some free software activists and developers would help with this work if concrete plans were announced. What can I do, as a free software advocate that doesn’t know how to code, to move this issue forward?

#8 Updated by Kurtis 2017-01-15 03:49:36

I was told on the gnu-linux-libre mailing list[1] that someone named parazyd has decided to create Heads[2], The humble (?) amnesic devuan system. They have a git repo[3], but it doesn’t look to be very developed. Some other good commentary was provided on the list as well. Here’s an excerpt from the commentary post[4]:

This is great! I hope it will respect the free software distribution guidelines(FSDG). If so we could have freedom and privacy.

Having to choose between both is a very difficult dylema. It also often leads to lot of ultra complicated and time consuming discussions, which could be avoided in the first place if there was no such dylema. Ideally we want to live in a world which protects bot freedom and privacy , and here the dylema is just the result of the absence of browsers(like the tor-browser) and distributions(like tails) that respects the Free Software Distribution Guidelies(FSDG).

Fixing the dylema technically is probably faster than waiting for an outcome of such discussions.

I really think it would be best for Tails to do this 100% free software version of Tails internally. Obviously, figuring out how to present that additional choice to users without harming UX for 99% of them will be somewhat hard, but giving users the ability to run Tails in 100% freedom is worth the cost! If the Tails project doesn’t do this, it seems like helping the Heads project succeed will be the only option for users that insist on only running free software. It’d be great if people didn’t have to choose between Heads and Tails. Even if Heads succeeds in getting some initial ISOs sublished that are 100% free software, it won’t have the institutional knowledge and resources to provide a high level of security right off the bat like Tails already has. In short, freedom and security shouldn’t be reduced to the binary option of one side of the coin or the other. We need a coin that has Heads (freedom) and Tails (security) on both sides! There’s probably a better way to express this metaphor, but that’s the best I have right now.

I’m now going to make a post in the Linux-Libre mailing list[5] now to see if anyone there can help enumerate what needs to be done with Tails in order to have it use the Linux-Libre kernel and ask if there are any volunteers that can help flesh out this Feature request a bit more.

I’m really curious though, Tails developers, are you in?

[1] https://lists.nongnu.org/archive/html/gnu-linux-libre/2017-01/msg00015.html
[2] https://heads.dyne.org/
[3] https://git.devuan.org/heads/
[4] https://lists.nongnu.org/archive/html/gnu-linux-libre/2017-01/msg00016.html
[5] http://www.fsfla.org/pipermail/linux-libre/

#10 Updated by melikamp 2017-03-10 19:39:26

sajolida, do you really find it a bit sad Heads went over your heads, or are you just saying that? I wish nothing but the best to the Tails project, but I gotta tell you: you people are in denial. You state all over the place that security and privacy is your focus, just as you distribute spyware to users. Yes, the onus is on YOU to prove that proprietary blobs you distribute within the Linux kernel are spyware-free, and if you refuse to accept this responsibility, then you are, at best, incompetent in the security area, or have malicious intent at worst.

Here, for example, almost a year ago, all you summarily refused to discuss this issue:

https://mailman.boum.org/pipermail/tails-support/2016-March/000345.html

Not only you completely stonewalled my attempts to gain insight on your own estimate of spyware presence within your distro, you also refused to admit to lying on the main page:

https://tails.boum.org/

Where it says, “Tails is Free Software”, that’s a lie. Because that page links to another page, and from there “Free Software” links to the FSF page. But FSF has made it abundantly clear Tails is not free software, and so you’ve been defiantly lying to your users for about a year now, since I pointed out this bug in the mailing list thread cited above.

Are you still sad that Heads developers chose to bypass you? What choice did they have? To begin with, you people seem to be hostile to FSF, since you willfully misrepresent what FSF means by free software. How can they possibly even begin to work with you on technical issues, when there seems to be a radical disagreement on what security is, and what your responsibility to your users is?

#11 Updated by cypherpunks 2017-03-11 00:12:27

melikamp wrote:
> sajolida, do you really find it a bit sad Heads went over your heads, or are you just saying that? I wish nothing but the best to the Tails project, but I gotta tell you: you people are in denial. You state all over the place that security and privacy is your focus, just as you distribute spyware to users. Yes, the onus is on YOU to prove that proprietary blobs you distribute within the Linux kernel are spyware-free, and if you refuse to accept this responsibility, then you are, at best, incompetent in the security area, or have malicious intent at worst.

I can’t make heads or tails of most of this rant, but I’ll try my best, since it seems to be out of genuine concern, and not just an attempt to troll. Anyway…

There is no evidence that anything in the Linux kernel is spyware. The firmware blobs are loaded into devices which need them to function. The alternative is for them to be present in the device from the beginning, as I explain later.

> Here, for example, almost a year ago, all you summarily refused to discuss this issue:
>
> https://mailman.boum.org/pipermail/tails-support/2016-March/000345.html

In that thread, you linked to a paper on DMA malware. Note that the blobs in question are typically firmware for PCI devices, usually NICs. DMA malware works by abusing the bus master bit and becoming bus master, allowing DMA requests. Most modern UEFI/BIOS come with ACPI tables built in, which contains one table, the DMAR table, which can be used by the IOMMU to restrict the addresses a device with bus master is allowed to access. If you boot with intel_iommu=on or amd_iommu=force, and your DMAR table is valid, then DMA malware, if it is loaded after the IOMMU enforces its restrictions, is effectively crippled. Tails unfortunately does not enable the IOMMU by default, as it breaks a lot of hardware with broken DMAR tables (BIOS vendors suck, don’t they?), but it’s trivial to enable it yourself.

> Not only you completely stonewalled my attempts to gain insight on your own estimate of spyware presence within your distro, you also refused to admit to lying on the main page:
>
> https://tails.boum.org/
>
> Where it says, “Tails is Free Software”, that’s a lie. Because that page links to another page, and from there “Free Software” links to the FSF page. But FSF has made it abundantly clear Tails is not free software, and so you’ve been defiantly lying to your users for about a year now, since I pointed out this bug in the mailing list thread cited above.

Being free software, and being endorsed by the Free Software Foundation are different things. By many definitions, something can still be FOSS even if it distributes blobs which run on NICs for example, as long as those blobs do not run on the CPU alongside the kernel. In the case that they run as firmware, they are effectively no different than an updatable ROM. If you select an FSF-endorsed distro, you are still running the same type of blob. The only difference is that it is bunt into your hardware, not in the kernel. If there is a backdoor, as you worry about, it will not be neutered just because it is distributed through a ROM rather than loaded by the kernel. If anything, loading through the kernel is safer, because people are more willing to reverse engineer it or audit it (yes, closed source blobs can be reverse engineered and audited), whereas something burnt into a ROM will likely never be touched.

> Are you still sad that Heads developers chose to bypass you? What choice did they have? To begin with, you people seem to be hostile to FSF, since you willfully misrepresent what FSF means by free software. How can they possibly even begin to work with you on technical issues, when there seems to be a radical disagreement on what security is, and what your responsibility to your users is?

That is primarily due to philosophical reasons, and possibly misunderstandings. I can completely understand the philosophical ideology behind “Fine, let the hardware manufacturers distribute the blobs, but I don’t want my distro to take part in it at all!”, but you’d be deluding yourself to say that it improves your security. The only way to improve your security (or at least the openness of the whole software ecosystem) is to get the firmware/ROM source to be open, not simply be content with it being burnt into your hardware.

But in the end, if you’re really worried about covert backdoors on this level, why are you singling out what really amounts to just NIC firmware, most of which boils down to just a few brands? There’s so much more which puts people at risk if an adversary with these capabilities is after them. After all, the Linux kernel is huge, takes patches from many people, and is poorly audited. Adding a mistake (bugdoor) would not be hard. I don’t mean something obvious like if (uid = 0) from the old wait4() backdoor attempt either. There’s also the fact that, no matter how open your software is, you’re running on entirely closed hardware. Who cares about the Intel Manageability Engine or the Embedded Controller Firmware when the entirety of the immensely complex processor is closed.

Now start porting Tails to seL4 or INTEGRITY-178B, and run it entirely on OpenSPARC, and then you can be happy. :P

But seriously though, if you’re this passionate about this, learn how to use r2 and get to reverse engineering those blobs.

#12 Updated by melikamp 2017-03-11 01:13:38

> There is no evidence that anything in the Linux kernel is spyware.

This alone tells me you do not understand what I am trying to say. I am saying, since you, Tails, claim to focus on privacy and security, you should accept full responsibility for making sure Tails does not contain spyware. Your users tend to think it’s is YOUR job to make sure Tails has no spyware. Are you reverse-engineering those blobs? No, you just pass them on. With spyware, which is there. I don’t need a smoking gun to make this statement, it’s is based on Bayesian probability. Blobs spy on users because it is profitable and de facto legal. You can be sure the spyware and the unfixed (but disclosed to the law enforcement) zero-days are there, or you are a fool. If you are asked to sign a legally binding contract without reading it and you do it, you are a fool. What you pass onto your users is like a contract which is physically binding.

One year ago I asked Tails what do you think the chances are you distribute malware, and none of you had an opinion. I guess the Tails project thinks such attitude is par the course, and that’s entirely within the project’s purview, but I am telling you, a lot of people within the free software movement (FSF’s meaning) tend to strongly disagree. A lot of people expect you to make reasonably sure you do not include malware, and by your own admission you are failing to do so, since you are not able to see the source. You are failing to provide any evidence these blobs are benign, when people have every reason to believe the spyware and the exploitable backdoors are already there. Why do we have a reason to believe so? Because no big corporation has ever really gotten punished for putting and leaving them there. The law enforcement around the globe openly endorses and encourages this behavior. Tails’ ongoing refusal to accept the responsibility for removing all spyware may just be one of the reasons why Heads decided to act unilaterally. Since you don’t seem to care or even understand the issue, they would be fools to trust your judgment.

> Being free software, and being endorsed by the Free Software Foundation are different things.

Which definition is Tails using on its web site? The FSF’s definition, seeing how there’s a direct link to FSF from the words “Free Software”. I really don’t understand why Tails needs to keep making excuses for what was obviously a bug, and has now become a lie. If you dislike FSF’s definition, you could fix it by removing all such links or correcting the statement. Right now the Tails website is unequivocally stating it uses FSF’s definition, so the statement “Tails is Free Software” is a lie. I am not saying all this to convince you to get approved by FSF, I believe that’s entirely up to you. I am just saying, your front page is lying to your users, and you seem to think that’s ok. This may just be another reason why Heads decided to act unilaterally.

I am in no way affiliated with Heads, but I thought I would let you know, their strategy makes perfect sense to me, at least, and I did my best to explain to you why.

#13 Updated by cypherpunks 2017-03-11 02:19:54

melikamp wrote:
> > There is no evidence that anything in the Linux kernel is spyware.
>
> This alone tells me you do not understand what I am trying to say. I am saying, since you, Tails, claim to focus on privacy and security, you should accept full responsibility for making sure Tails does not contain spyware. Your users tend to think it’s is YOUR job to make sure Tails has no spyware. Are you reverse-engineering those blobs? No, you just pass them on. With spyware, which is there. I don’t need a smoking gun to make this statement, it’s is based on Bayesian probability. Blobs spy on users because it is profitable and de facto legal. You can be sure the spyware and the unfixed (but disclosed to the law enforcement) zero-days are there, or you are a fool. If you are asked to sign a legally binding contract without reading it and you do it, you are a fool. What you pass onto your users is like a contract which is physically binding.

I am not Tails or affiliated with Tails, and I cannot and do not accept full responsibility. I am just a random, anonymous person on the internet who wants to improve the security of Tails against a specific group of adversaries because my daughter and many of my friends use Tails. I have plenty of criticisms of the distro or project myself. That’s why I’m working on it rather than complaining. Some things can be fixed (getting rid of the vanilla kernel and adding grsecurity), and some can’t (getting rid of Debian, so as to no longer use such a poorly hardened userland and kernel where practically nothing in the config is =n).

Unfortunately, it seems you didn’t read what I posted. Not distributing firmware in the kernel does not affect the risk of “spyware” whatsoever. If there is going to be a backdoor, it can also exist burnt into the ROM. Not having firmware blobs in the kernel does not mean they do not still exist. It just means they are distributed in a different way. Do you think that a Realtek NIC that does not need uploaded firmware, but does use a burnt in ROM, cannot have a backdoor in its built in firmware, but a Broadcom NIC that requires firmware and does not use burnt in ROM can? That’s just silly. If you moved in on this from a philosophical point of view, you could have a point, but you are not.

Furthermore, all the blobs in the kernel are only loaded for the people who are using the specific hardware which requires it. If you are not using the tg3 driver, you will not be loading the tg3 firmware. So if someone uses tg3, they will not be able to use a “libre” Tails. If someone uses r8192, they won’t be using firmware blobs for their NIC regardless of whether they use a “libre” Tails or current Tails. Simply put, people who do not use blob-requiring hardware will not be using blobs, regardless. People who do need blobs will either be using nothing, or an NIC that loads blobs. Those people are screwed anyway, whereas people who are using NICs which don’t need blobs don’t have to worry.

> Which definition is Tails using on its web site? The FSF’s definition, seeing how there’s a direct link to FSF from the words “Free Software”. I really don’t understand why Tails needs to keep making excuses for what was obviously a bug, and has now become a lie. If you dislike FSF’s definition, you could fix it by removing all such links or correcting the statement. Right now the Tails website is unequivocally stating it uses FSF’s definition, so the statement “Tails is Free Software” is a lie. I am not saying all this to convince you to get approved by FSF, I believe that’s entirely up to you. I am just saying, your front page is lying to your users, and you seem to think that’s ok. This may just be another reason why Heads decided to act unilaterally.

Then you should open a ticket to get that changed, if you believe that linking to FSF for the definition of free software, while using that to define Tails as free software is incorrect, if Tails does not match the FSF’s definition. That sounds perfectly reasonable. Don’t tell me I have to change it. It’s not my front page, and I don’t have access to modify it.

#14 Updated by melikamp 2017-03-11 02:29:25

> Don’t tell me I have to change it. It’s not my front page, and I don’t have access to modify it.

Sorry if there was a misunderstanding. It was not my intention to imply that you personally are affiliated with Tails. In that entire paragraph “you” is in reference to Tails project as a whole, not any particular person.