Feature #5505
investigate deanonymization potential by the desktop user
Start date:
Due date:
% Done:
0%
Description
Arbitrary code execution as the desktop (amnesia
) user gives ways to an attacker to deanonymize a Tails user. This is a problem we might want to fix.
Roadmap
- research how easy it is to conduct such attacks via the Tor controller, once given arbitrary code exec as the
amnesia
user (The desktop user is allowed to fiddle with Tor settings with Vidalia. E.g. a selection of bridges picked by the attacker is probably enough to deanonymize the user.) - research what other kinds of deanonymization attacks are available to an attacker who can run arbitrary code as the
amnesia
user - Then, think what kind of defenses we can set up against these classes of attacks, cost/benefit analysis etc.
Subtasks
Related issues
Is duplicate of Tails - Feature #7072: Research potential for deanonymization by a compromised "amnesia" user | Confirmed | 2018-06-04 |
History
#1 Updated by intrigeri 2014-03-25 09:00:43
- Description updated
- Priority changed from High to Elevated
- Starter set to No
#2 Updated by intrigeri 2014-04-17 10:30:29
- is duplicate of Feature #7072: Research potential for deanonymization by a compromised "amnesia" user added
#3 Updated by intrigeri 2014-04-17 10:30:42
- Status changed from Confirmed to Duplicate