Tails

#4 Updated by boyska 2014-06-29 21:20:19

I agree with the general idea, but I have doubts about the specific {user,hostname,fqdn} choice: are they picked trying to imitate a widespread system? I think it should.

I’m assuming that those informations will be leaked (otherwise there would be no point in changing them), so it’s better if it’s not immediately associated to an “anonymity improving distribution”.

If we assume that our network fingerprint is different from windows’one, we can’t use windows default user and hostname.

IIRC, the default hostname on debian is “debian”, so that could be a good hostname? Another one could be just “localhost” ([[https://superuser.com/questions/123698/networking-conflict-what-is-the-most-common-default-computer-name-for-windows#comment125753_123700|[default on redhat]])

#6 Updated by intrigeri 2014-08-15 08:20:32

boyska wrote:
> I’m assuming that those informations will be leaked (otherwise there would be no point in changing them), so it’s better if it’s not immediately associated to an “anonymity improving distribution”.

Agreed.

> IIRC, the default hostname on debian is “debian”, so that could be a good hostname? Another one could be just “localhost” ([[https://superuser.com/questions/123698/networking-conflict-what-is-the-most-common-default-computer-name-for-windows#comment125753_123700|[default on redhat]])

I’m fine with either debian or localhost.

However, there’s another possible strategy: using a random hostname (Feature #7061), that was chosen for subgraph OS. It comes with its own problems, like offensive hostnames.

As often, we have to choose between:

1. shared username+hostname: build a large anonymity set with all users of anonymity-oriented distros; better for anonymity, worse for hiding that you’re using such a distro (but e.g. at Tails we’re not really trying to hide that at the moment);
2. random username+hostname: good for hiding that you’re using an anonymity-oriented distro, but creates a per-user identifier, that can unfortunately help an attacker link activities with each other. In Tails, the identifier’s lifetime would be one session only; in non-amnesic systems (e.g. Whonix), it should probably be the same, and then changed at every boot.

On the short term, moving to a shared username+hostname would clearly be an improvement over the current situation. On the long term, I’m personally not sure what’s best.

#7 Updated by intrigeri 2014-08-15 08:30:17

Forwarded the discussion to tails-dev@, Cc’ing members of all anonymity-oriented distros we’re working with. I’ll sum it up here, better discuss over email to start with.

#8 Updated by Anonymous 2014-12-03 22:05:33

> As often, we have to choose between:
>
> # shared username+hostname: build a large anonymity set with all users of anonymity-oriented distros; better for anonymity, worse for hiding that you’re using such a distro (but e.g. at Tails we’re not really trying to hide that at the moment);
> # random username+hostname: good for hiding that you’re using an anonymity-oriented distro, but creates a per-user identifier, that can unfortunately help an attacker link activities with each other. In Tails, the identifier’s lifetime would be one session only; in non-amnesic systems (e.g. Whonix), it should probably be the same, and then changed at every boot.
>
> On the short term, moving to a shared username+hostname would clearly be an improvement over the current situation. On the long term, I’m personally not sure what’s best.

During the latest contributor meeting, we have again come to the conclusion that we’d rather have a shared username+hostname, and no random names and that we still want to have a shared name between all privacy distros.

People were in favour of “debian” as a hostname as this is the default for many live distributions and also the default Debian installation hostname.

#10 Updated by intrigeri 2016-02-04 10:46:48

Same topic on the Subgraph OS front: https://github.com/subgraph/subgraph-os-issues/issues/26

> During the latest contributor meeting, we have again come to the conclusion that we’d rather have a shared username+hostname, and no random names and that we still want to have a shared name between all privacy distros.

FTR, https://tails.boum.org/contribute/meetings/201412/#index2h1 explains why.

#12 Updated by Anonymous 2016-02-04 11:39:46

intrigeri wrote:
> I’ve summed up the process and current state on https://mailman.boum.org/pipermail/tails-dev/2016-February/010194.html.
>
> Next step is to decide between “host” (as agreed initially) and “debian” (as preferred in this 201412 meeting) hostname. I’ve asked Whonix what they do currently, my goal here is to turn this ticket into something actionable.

Great idea. I now think that at that point in time we did not really think about OSs which are not Debian based, so “debian” as a host name seems a bit too restrictive to me after all and I’d now vouch for “host”.

#18 Updated by Anonymous 2018-08-17 16:08:09

It seems this ticket is sort of actionable. We should confirm this again though before implementing it. The cost/benefit ratio might be kind of low though.

#19 Updated by sajolida 2018-08-21 14:33:02

Seeing that the other distributions who would go on this boat with us have user bases that are orders of magnitude smaller than the Tails user base, I’d like to be careful to not choose something that ends up being more confusing to our users. See Bug #15830.