Feature #5505

investigate deanonymization potential by the desktop user

Added by Tails 2013-07-18 07:42:02 . Updated 2014-04-17 10:30:42 .

Status:
Duplicate
Priority:
Elevated
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

Arbitrary code execution as the desktop (amnesia) user gives ways to an attacker to deanonymize a Tails user. This is a problem we might want to fix.

Roadmap

  1. research how easy it is to conduct such attacks via the Tor controller, once given arbitrary code exec as the amnesia user (The desktop user is allowed to fiddle with Tor settings with Vidalia. E.g. a selection of bridges picked by the attacker is probably enough to deanonymize the user.)
  2. research what other kinds of deanonymization attacks are available to an attacker who can run arbitrary code as the amnesia user
  3. Then, think what kind of defenses we can set up against these classes of attacks, cost/benefit analysis etc.

Subtasks


Related issues

Is duplicate of Tails - Feature #7072: Research potential for deanonymization by a compromised "amnesia" user Confirmed 2018-06-04

History

#1 Updated by intrigeri 2014-03-25 09:00:43

  • Description updated
  • Priority changed from High to Elevated
  • Starter set to No

#2 Updated by intrigeri 2014-04-17 10:30:29

  • is duplicate of Feature #7072: Research potential for deanonymization by a compromised "amnesia" user added

#3 Updated by intrigeri 2014-04-17 10:30:42

  • Status changed from Confirmed to Duplicate