Tails

#3 Updated by mercedes508 2015-04-29 04:28:10

> > We should either make it epxlicit on the website,
>
> Do you think that documenting this limitation on https://tails.boum.org/doc/anonymous_internet/Tor_Browser/ would be good enough?

Yes it would.

#14 Updated by sajolida 2015-06-05 17:14:03

For the record, we received a WB report (4268c3dccc34b7a6fb01d1d5d1860adb) from someone trying to download the ISO from DVD on a computer with 1GB of RAM and couldn’t do it.

#15 Updated by BitingBird 2015-06-06 15:34:31

Well, of course, since Tails itself runs in RAM, the “available” RAM is less than the computer RAM.

#16 Updated by tailor 2015-06-12 15:23:09

>mercedes508 - since Tor Browser confinement with AppArmor, it’s not possible anymore to download directly to another device…

Sorry to barge in on this thread. Comments refer to using Tails DVD without admin access.

Find this a very restrictive policy which is causes a lot of extra work and inconvenience. It’s quite absurd that I could not save Tails 1.4 while using the 1.3x DVD and had to boot back into Windows to download it to my computer.

Why can’t TorBrowser be configured in AppArmor to accept downloads to any USB stick or removable drive without the need for persistence? What harm will it do or likely to cause?

>Tor Browser in Tails is confined with AppArmor to protect the system and your data from some types of attack against Tor Browser.

What system? Tails? If no access is allowed to hard drives when logged in without root access what system can be affected?

What sort of attack? Presumably with the Tails DVD all program installations (apart from extensions) rogue or otherwise are impossible when working from the DVD so what extra protection is AppArmor providing?

In what ways is Tor Browser vulnerable to attack from outside the browser through allowing downloads to external media? Saving web pages? What’s stopping an attack from taking place from the /home/amnesia Tor Browser directory?

You can’t even use Print to file in the Print menu - it says Can’t read contents of amnesia - Permission denied.

The only concern I have is whether in using a DVDRW rather than a DVDR which I do, opens the system to potential manipulation?

What system files on a USB/removable drive could be affected?

#17 Updated by intrigeri 2015-06-12 16:15:28

> It’s quite absurd that

I would appreciate if you refrained from such subjective judgment calls. I’m assuming good faith once again, and will spend quite some time replying to your questions below, but it would make me more enjoyable for me to engage in such discussions if I didn’t have to endure that. Thanks in advance for your understanding!

> I could not save Tails 1.4 while using the 1.3x DVD and had to boot back into Windows to download it to my computer.

Note that given enough RAM, this use-case is perfectly supported in theory: only the combination of (low memory + no persistence) is affected (didn’t try myself recently, though).

> Why can’t TorBrowser be configured in AppArmor to accept downloads to any USB stick or removable drive without the need for persistence? What harm will it do or likely to cause?

Allowing Tor Browser to do that gives it read-write access to all private files stored on removable media that the user may plug. Such files may contain sensitive information. The main point of confining Tor Browser in Tails is precisely to avoid giving it access to such data: Tor Browser is probably the most used and the most dangerous piece of software that’s included in Tails.

In the long run, there’s work happening to improve this (see the User experience matters section on https://tails.boum.org/contribute/design/application_isolation/ for details), but the technology to allow such things in a way that’s both safe and 100% transparent to the user simply doesn’t exist yet.

>>Tor Browser in Tails is confined with AppArmor to protect the system and your data from some types of attack against Tor Browser.

> What system? Tails?

Exactly.

> You can’t even use Print to file in the Print menu - it says Can’t read contents of amnesia - Permission denied.

I’m sorry about this user experience problem. We’re aware of it, but didn’t manage to find a solution => help is welcome.

Still, note that you can very well print to file if you choose a destination directory that Tor Browser has access to, such as those where it can download files (that’s actually something we check for in our automated test suite, FWIW).

#18 Updated by tailor 2015-06-13 04:40:04

> it’s quite absurd that

Please intrigeri don’t take things personally, relax. It was in reaction to support who told me:

> I am afraid that currently is not possible to download the ISO imagefile from the same computer when you run Tails from a DVD. You should use a USB stick to upgrade, and then create a new DVD from it.

After a lengthy spell not using Tails it came as a surprise to me and I was dismayed and thus as a result an expression of frustration and exasperation which you in turn I am sure will understand. Particularly as I am stuck still using XP and after having being hacked loath to spend any great length of time connected to the net with it but for routine maintenance and essential program updates.

Subjective no doubt, judgment call? I have my doubt as to who is making one.

I may be new here but there is no need or reason for you to doubt my intentions or indeed to assume anything else but trust that the motives for my comments are to bring to light and question aspects of distribution which from a user perspective I feel might need exploring, improving, refining or adjusting to its betterment and not to waste your time and effort on trivialities.

Criticism yes but friendly criticism and hopefully constructive as I use and become acquainted with different aspects of the project but equally to find out how things work, to study, to evaluate, to be informed and to contribute towards its on going success but always amicably discussed with occasional bits of humour thrown in. Can’t be serious all of the time.

In case that I omitted to express it or that it is not clear, I am in awe of the altruistic dedication and sweat that you and your team have put and continue to put in to provide us with this stupendous, invaluable project in light of others of a similar vein that have been abandoned or curtailed. Only wished I had your skills, depth of knowledge and commitment.

One of my most cherished credos is open and honest communication and it gratifying to know and be appreciative of the fact that I can bring these things to your attention in such manner in this forum and that they will be considered sincerely, fairly and objectively.

So let bygones be bygones and I will strive to be more aware of your sensitivities in the future. As I stated in the clipboard thread ignore what you feel might be slights or insults as they are not intentional.

Phew!!! - glad that’s out of the way.

I will let you digest my long-winded discourse and reserve the queries and suggestions that I still have on this topic for another time.

Thanks and cheers.