Re: [liberationtech] Chromebooks for Risky Situations?
2. Abandon all-singing all-dancing applications. They're enormous. They use massive code bases which in turn use massive libraries. And to borrow from the quoted passage above, they make it harder to peek under the hood. So: no GUI. Don't tell me it can't be done -- I've done it. Anyone who can use Thunderbird can use mutt, for example. And given the enormous reduction in attack surface as well as required system resources, this effort should go as far as possible. Even if the average activist could master mutt (I use it regularly, and still feel like a noob :) ), it only applies to devices that have a keyboard. If we're talking about phones and tablets (not many people carry a notebook in a demonstration, when they witness violence, etc.), GUI is not a nicety. GUI should be as streamlined as possible, and this means html-based (like Mozilla's B2G), but it's not easy to minimize the attack surface: - We need a subset of javascript (or even a rewrite) that has fine-grained permissions for everything. - Interface with low-level services (e.g. telephony, address book), subject to strict permissions (e.g. notepad doesn't need gps) - Most important: enable users control over these complex permission systems in a way that is not too complex (that's the hard part, because these things *are* complex) - Also important (and missing in existing platforns): ability to log how these permissions are used (e.g. cloud storage service has permission to access network. does it also do it when it wasn't supposed to?). End users aren't supposed to understand the data they log, but they *should* be able to generate forensic logs and submit them to geeks/orgs they trust for inspection. Of course - we shouldn't allow remote activation of logging, and this functionality should be password protected :) 3. Abandon the idea of application installation, updates, etc. These mechanisms present an attack surface. So don't have them, period. Make the entire distribution, OS and applications, one monolithic self-contained entity. No app downloads. No updates. No choices. (Of course this is additional motivation to make it as small as possible.) You want a new version? Then you get a new version, in its entirety. There are too many use cases: If a community decides to use alternatives to social media like ostatus or gnu concensus, they need such an app. If they don't - they shouldn't have it on their phones (less is more secure). Does this mean that each such community needs a local distro? What happens if there's a security upgrade of one of the apps, does everyone upgrade the entire distro? This could make zero-day last a lot longer. What if an activist is a member of 2 communities (one uses ostatus, the other - gnu concensus). Does she need a custom distro? Who would maintain it? This could also stifle innovation. Suppose someone invents a new app (e.g. broken-cam redundancy storage). They'd have to reach all local distro czars and convince them to add the app, how would the peer-review process work? We'll end up with Vatican-scale internal politics :) I agree that freedom also means freedom to shoot yourself in the leg, but the ability to choose more than a single clearing house (a-la apt sources) as opposed to a single who's your daddy app store (let alone an monolithic distro) is healthier: Clearing houses don't need to be responsible for everything (e.g. they can specialize in sms, video, etc.), and users can authorize a minimal set of sources covering their needs, and then install *some* of what these sources provide (just like apt etc.). Sorry to sound corny, but bazaars still beat cathedrals. This never stopped being true, it's just that the invention of the smart phone raised a whole generation of users who've never seen a bazaar, and they're the 99% :( -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Tue, Feb 12, 2013 at 09:01:37AM +0100, Andreas Bader wrote: So why not create a own OS that is really small because of its security? Chrome OS is small because it's cheap. If you were right then Android was the most secure system. Aren't there any Android viruses? RedHat seems to have less security holes than Chrome OS. http://ertos.nicta.com.au/research/l4.verified/ The L4.verified project A Formally Correct Operating System Kernel In current software practice it is widely accepted that software will always have problems and that we will just have to live with the fact that it may crash at the worst possible moment: You might be on a deadline. Or, much scarier, you might be on a plane and there's a problem with the board computer. Now think what we constantly want from software: more features, better performance, cheaper prices. And we want it everywhere: in mobile phones, cars, planes, critical infrastructure, defense systems. What do we get? Mobile phones that can be hacked by SMS. Cars that have more software problems than mechanical ones. Planes where computer problems have lead to serious incidents. Computer viruses spreading through critical infrastructure control systems and defense systems. And we think See, it happens to everybody. It does not have to be that way. Imagine your company is commissioning a new vending software. Imagine you write down in a contract precisely what the software is supposed to do. And then — it does. Always. And the developers can prove it to you — with an actual mathematical machine-checked proof. Of course, the issue of software security and reliability is bigger than just the software itself and involves more than developers making implementation mistakes. In the contract, you might have said something you didn't mean (if you are in a relationship, you might have come across that problem). Or you might have meant something you didn't say and the proof is therefore based on assumptions that don't apply to your situation. Or you haven't thought of everything you need (ever went shopping?). In these cases, there will still be problems, but at least you know where the problem is not: with the developers. Eliminating the whole issue of implementation mistakes would be a huge step towards more reliable and more secure systems. Sounds like science fiction? The L4.verified project demonstrates that such contracts and proofs can be done for real-world software. Software of limited size, but real and critical. We chose an operating system kernel to demonstrate this: seL4. It is a small, 3rd generation high-performance microkernel with about 8,700 lines of C code. Such microkernels are the critical core component of modern embedded systems architectures. They are the piece of software that has the most privileged access to hardware and regulates access to that hardware for the rest of the system. If you have a modern smart-phone, your phone might be running a microkernel quite similar to seL4: OKL4 from Open Kernel Labs. We prove that seL4 implements its contract: an abstract, mathematical specification of what it is supposed to do. Current status: completed successfully. Availablility Binaries of seL4 on ARM and x86 architectures are available for academic research and education use. The release additionally contains the seL4 formal specification, user-level libraries and sample code, and a para-virtualised Linux (x86) Click here to download seL4 More information: What we prove and what we assume (high level, some technical background assumed) Statistics (sizes, numbers, lines of code) Questions and answers (high-level, some technical background assumed) Verification approach (for technical audience) Scientific publications (for experts) Acknowledgements and team What does a formal proof look like? [pdf] Contact For further information, please contact Gerwin Klein (project leader): gerwin.klein(at)nicta.com.au -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Incidentally, NICTA are the same researchers hired by DARPA to make the U.S. drone fleet safe from hackers. Looks like there might be some open source tools emerging from the effort. http://www.theregister.co.uk/2012/11/19/nicta_develops_drone_protection/ gf On 2/13/13 6:54 AM, Eugen Leitl wrote: On Tue, Feb 12, 2013 at 09:01:37AM +0100, Andreas Bader wrote: So why not create a own OS that is really small because of its security? Chrome OS is small because it's cheap. If you were right then Android was the most secure system. Aren't there any Android viruses? RedHat seems to have less security holes than Chrome OS. http://ertos.nicta.com.au/research/l4.verified/ The L4.verified project A Formally Correct Operating System Kernel In current software practice it is widely accepted that software will always have problems and that we will just have to live with the fact that it may crash at the worst possible moment: You might be on a deadline. Or, much scarier, you might be on a plane and there's a problem with the board computer. Now think what we constantly want from software: more features, better performance, cheaper prices. And we want it everywhere: in mobile phones, cars, planes, critical infrastructure, defense systems. What do we get? Mobile phones that can be hacked by SMS. Cars that have more software problems than mechanical ones. Planes where computer problems have lead to serious incidents. Computer viruses spreading through critical infrastructure control systems and defense systems. And we think See, it happens to everybody. It does not have to be that way. Imagine your company is commissioning a new vending software. Imagine you write down in a contract precisely what the software is supposed to do. And then — it does. Always. And the developers can prove it to you — with an actual mathematical machine-checked proof. Of course, the issue of software security and reliability is bigger than just the software itself and involves more than developers making implementation mistakes. In the contract, you might have said something you didn't mean (if you are in a relationship, you might have come across that problem). Or you might have meant something you didn't say and the proof is therefore based on assumptions that don't apply to your situation. Or you haven't thought of everything you need (ever went shopping?). In these cases, there will still be problems, but at least you know where the problem is not: with the developers. Eliminating the whole issue of implementation mistakes would be a huge step towards more reliable and more secure systems. Sounds like science fiction? The L4.verified project demonstrates that such contracts and proofs can be done for real-world software. Software of limited size, but real and critical. We chose an operating system kernel to demonstrate this: seL4. It is a small, 3rd generation high-performance microkernel with about 8,700 lines of C code. Such microkernels are the critical core component of modern embedded systems architectures. They are the piece of software that has the most privileged access to hardware and regulates access to that hardware for the rest of the system. If you have a modern smart-phone, your phone might be running a microkernel quite similar to seL4: OKL4 from Open Kernel Labs. We prove that seL4 implements its contract: an abstract, mathematical specification of what it is supposed to do. Current status: completed successfully. Availablility Binaries of seL4 on ARM and x86 architectures are available for academic research and education use. The release additionally contains the seL4 formal specification, user-level libraries and sample code, and a para-virtualised Linux (x86) Click here to download seL4 More information: What we prove and what we assume (high level, some technical background assumed) Statistics (sizes, numbers, lines of code) Questions and answers (high-level, some technical background assumed) Verification approach (for technical audience) Scientific publications (for experts) Acknowledgements and team What does a formal proof look like? [pdf] Contact For further information, please contact Gerwin Klein (project leader): gerwin.klein(at)nicta.com.au -- Gregory Foster || gfos...@entersection.org @gregoryfoster http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Wed, Feb 13, 2013 at 05:22:39PM +0700, Uncle Zzzen wrote: Even if the average activist could master mutt (I use it regularly, and still feel like a noob :) ), it only applies to devices that have a keyboard. We've used to have chording keyboards like http://www.youtube.com/watch?v=k-zThJX920w back in 1990s. Depending on whether Google glass begets useful hardware, musings like http://eugen.leitl.org/tt/msg21433.html might become relevant again. If we're talking about phones and tablets (not many people carry a notebook in a demonstration, when they witness violence, etc.), GUI is not a nicety. GUI should be as streamlined as possible, and this means html-based (like Mozilla's B2G), but it's not easy to minimize the attack surface: -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 02/12/2013 12:46 AM, Rich Kulawiec wrote: On Mon, Feb 11, 2013 at 05:54:19PM +0100, Andreas Bader wrote: Don't you think that e.g. DSL (Damn Small Linux) has less code than Android? I don't know. While I'm somewhat familiar with DSL, I don't use Android and know very little about it. I just did a little searching and see various figures cited for both, but nothing that seems to be recent/comprehensive/accurate. I suspect that my reaction to both, though, would be too many. ;-) DSL has a size of 50 MB, Puppy is also small. Chrome OS seems to be much bigger (maybe Jake can tell us details). I think that if you compile your own small kernel and kick out all the needless stuff you can create a much smaller (and more secure?) kernel. I mean you can't simplify that by saying This System is the most secure if you mean this system is the smallest.. You're right. We can't. But if we accept as a starting premise that to a first approximation the number of security holes is roughly proportional to the size of the system -- and that usually seems to be true -- then smaller is probably better. So why not create a own OS that is really small because of its security? Chrome OS is small because it's cheap. If you were right then Android was the most secure system. Aren't there any Android viruses? RedHat seems to have less security holes than Chrome OS. I think you have to achieve a good compromise between security and simplicity. I don't think so: I think the best way to achieve security IS simplicity. That's why, for example, I suggest having *no* update mechanism other than a complete reinstall of everything -- or more likely, a 1-for-1 swap of the readonly device holding the OS. If there is no update mechanism, then it can't be broken. It can't be used to feed in malware. It can't be used to figure out who's running the OS. It doesn't exist, so all of the possible things that could go wrong with it don't exist either. I contend that this is simpler than trying to build one and then solve all the problems that its existence creates. Chrome OS is not an OS optimized for security. An OS optimized for security is an own OS. What if users want to use stuff like FDE, PGP, different certificates, all the software you use for secure information and communication. They depend on Google. They have to release it and allow you to use it on their OS. And we have to respect that, because it is a requirement for their working security. Andreas -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Tue, Feb 12, 2013 at 10:01 AM, Andreas Bader noergelpi...@hotmail.de wrote: So why not create a own OS that is really small because of its security? http://dee.su/liberte-build -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
A good alternative for what use cases? The problem I find with flat statements such as something like that would be a good alternative to ChromeOS for activists is that it fails to address what uses its providing a good alternative for. IE you fail to demonstrate the threat model based on real use cases. Which is not to say you are wrong, I simply want to ask for clarification as to your intended meaning. eg: Would it be a good alternative for activists already using Google Apps (as Nathan at the beginning of this thread suggested Chromebooks might be?)? Would it be a good alternative for media activists who need to be able to edit video and photo content of actions or documentation of human rights violations? Would it be a good alternative for activists who intend to disseminate updates, reports, and propaganda via Facebook and other social networks? I certainly have no idea. These are serious questions, not intended to be sarcastic or confrontational. I'd really like to know for what real-world uses its deemed this or any other super small OS would be good solutions for activists. Certainly for hacktivists, hackers, and users only engaged in online communications I'm sure these are great solutions, but I hope you can detail more how a DSL or Liberte Linux provide good solutions to the multifaceted needs/use cases of activists. best Brian On Tue, Feb 12, 2013 at 5:05 AM, Andreas Bader noergelpi...@hotmail.dewrote: On 02/12/2013 01:42 PM, Maxim Kammerer wrote: On Tue, Feb 12, 2013 at 10:01 AM, Andreas Bader noergelpi...@hotmail.de wrote: So why not create a own OS that is really small because of its security? http://dee.su/liberte-build Thanks, something like that would be a good alternative to ChromeOS for activists. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 02/12/2013 06:41 PM, Brian Conley wrote: A good alternative for what use cases? The problem I find with flat statements such as something like that would be a good alternative to ChromeOS for activists is that it fails to address what uses its providing a good alternative for. IE you fail to demonstrate the threat model based on real use cases. Which is not to say you are wrong, I simply want to ask for clarification as to your intended meaning. eg: Would it be a good alternative for activists already using Google Apps (as Nathan at the beginning of this thread suggested Chromebooks might be?)? Yes, you can use all Google Apps in the Chrome Browser. And I think that there are not many activists that use only Google Apps for communication and information. Would it be a good alternative for media activists who need to be able to edit video and photo content of actions or documentation of human rights violations? I am sure that I can edit photo and video better on my Ubuntu Workstation than on a Chromebook. Would it be a good alternative for activists who intend to disseminate updates, reports, and propaganda via Facebook and other social networks? In that case chromebooks would be possible, but only if you work only online. And the telecommunication infrastructure is not everywhere that great like in Europe and USA. I certainly have no idea. These are serious questions, not intended to be sarcastic or confrontational. I'd really like to know for what real-world uses its deemed this or any other super small OS would be good solutions for activists. Certainly for hacktivists, hackers, and users only engaged in online communications I'm sure these are great solutions, but I hope you can detail more how a DSL or Liberte Linux provide good solutions to the multifaceted needs/use cases of activists. If you want ONE solution for all these cases I'd prefer something like Ubuntu, Debian or Open Suse. They have the best (free) support for users and are pretty stable. Also they are pretty good configurable and expandable (Design- and Videoediting-Software, easy TOR usage, different Browsers etc.). I don't think that lots of those people want to use a Terminal OS with Lynx to Browse, but I am sure that they also want no Toy Touch OS with quick access to the newest Angry Birds game. Those systems are facebook and twitter machines, optimized for modern socializing. But not really secure. Andreas -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Mon, Feb 11, 2013 at 12:54:27AM +0700, Uncle Zzzen wrote: Obviously systems are too complex for most people to really figure out what's exactly running on their computer, and modern systems (from smart phones to unity) make it harder and harder for users (even power users) to peek under the hood. Agreed. Further, complexity == insecurity. The way that you build secure systems isn't by adding code: it's by taking as much away as you possibly can, by stripping them down to the absolute minimum required to accomplish the required computing tasks. Why? Because we don't know how to write secure code. Therefore, to a first approximation, the less code is in play, the better chance we have. (That's an unhappy statement, but I really do think the last 10, 20, 30 years bear it out. Even when we think we've written secure code...we probably haven't. Timely example: Lucky Thirteen: Breaking the TLS and DTLS Record Protocols http://www.isg.rhul.ac.uk/tls/ In that case, the code is insecure because the spec is insecure. Oops.) So if I were trying to design a secure operating system and application environment for liberationtech, I would do several things that are, depending on how you look at them, either a radical departure or a return to a time when simplicity was recognized as a virtue. 1. Abandon the idea that a full-blown general-purpose operating system is required. It's not. Start with something that's fairly lean and which has a focus on security (e.g., OpenBSD) and start figuring out what can be stripped out of it (based on target devices and application environment). This includes not just the kernel, but *everything*: if there isn't a need for the C compiler in the target environment, then it shouldn't be there. Neither should /usr/include. Or the applicable man pages. Ruthlessly strip out every file, every line of code that isn't needed. 2. Abandon all-singing all-dancing applications. They're enormous. They use massive code bases which in turn use massive libraries. And to borrow from the quoted passage above, they make it harder to peek under the hood. So: no GUI. Don't tell me it can't be done -- I've done it. Anyone who can use Thunderbird can use mutt, for example. And given the enormous reduction in attack surface as well as required system resources, this effort should go as far as possible. 3. Abandon the idea of application installation, updates, etc. These mechanisms present an attack surface. So don't have them, period. Make the entire distribution, OS and applications, one monolithic self-contained entity. No app downloads. No updates. No choices. (Of course this is additional motivation to make it as small as possible.) You want a new version? Then you get a new version, in its entirety. 4. Onboard bidirectional default-deny firewall. Make the user explicitly authorize any/all traffic in either direction. Scream like hell when something is trying to get in, and just as loudly when something is trying to get out. 5. Design to run off read-only media. Thus (as an adjunct to 3) the way that you upgrade is to replace that media. Design to use external media for storage so that nothing is ever present on the system itself. What I have in mind is something small enough to fit the entire distribution on a 64M USB stick/memory card or smaller. Yes, this approach presents some problems of its own. I know. I could spend the next hundred lines enumerating just the obvious ones. But it also solves (or at least makes credible attempts at solving) a different set of problems that I think are more important. And I think it has a fighting chance of reducing the code base and thus the attack surfaces to a tractable size. Maybe. Possibly. On a good day. ---rsk -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 02/11/2013 04:15 PM, Rich Kulawiec wrote: On Mon, Feb 11, 2013 at 12:54:27AM +0700, Uncle Zzzen wrote: Obviously systems are too complex for most people to really figure out what's exactly running on their computer, and modern systems (from smart phones to unity) make it harder and harder for users (even power users) to peek under the hood. Agreed. Further, complexity == insecurity. The way that you build secure systems isn't by adding code: it's by taking as much away as you possibly can, by stripping them down to the absolute minimum required to accomplish the required computing tasks. Why? Because we don't know how to write secure code. Therefore, to a first approximation, the less code is in play, the better chance we have. (That's an unhappy statement, but I really do think the last 10, 20, 30 years bear it out. Even when we think we've written secure code...we probably haven't. Timely example: Lucky Thirteen: Breaking the TLS and DTLS Record Protocols http://www.isg.rhul.ac.uk/tls/ In that case, the code is insecure because the spec is insecure. Oops.) So if I were trying to design a secure operating system and application environment for liberationtech, I would do several things that are, depending on how you look at them, either a radical departure or a return to a time when simplicity was recognized as a virtue. 1. Abandon the idea that a full-blown general-purpose operating system is required. It's not. Start with something that's fairly lean and which has a focus on security (e.g., OpenBSD) and start figuring out what can be stripped out of it (based on target devices and application environment). This includes not just the kernel, but *everything*: if there isn't a need for the C compiler in the target environment, then it shouldn't be there. Neither should /usr/include. Or the applicable man pages. Ruthlessly strip out every file, every line of code that isn't needed. 2. Abandon all-singing all-dancing applications. They're enormous. They use massive code bases which in turn use massive libraries. And to borrow from the quoted passage above, they make it harder to peek under the hood. So: no GUI. Don't tell me it can't be done -- I've done it. Anyone who can use Thunderbird can use mutt, for example. And given the enormous reduction in attack surface as well as required system resources, this effort should go as far as possible. 3. Abandon the idea of application installation, updates, etc. These mechanisms present an attack surface. So don't have them, period. Make the entire distribution, OS and applications, one monolithic self-contained entity. No app downloads. No updates. No choices. (Of course this is additional motivation to make it as small as possible.) You want a new version? Then you get a new version, in its entirety. 4. Onboard bidirectional default-deny firewall. Make the user explicitly authorize any/all traffic in either direction. Scream like hell when something is trying to get in, and just as loudly when something is trying to get out. 5. Design to run off read-only media. Thus (as an adjunct to 3) the way that you upgrade is to replace that media. Design to use external media for storage so that nothing is ever present on the system itself. What I have in mind is something small enough to fit the entire distribution on a 64M USB stick/memory card or smaller. Yes, this approach presents some problems of its own. I know. I could spend the next hundred lines enumerating just the obvious ones. But it also solves (or at least makes credible attempts at solving) a different set of problems that I think are more important. And I think it has a fighting chance of reducing the code base and thus the attack surfaces to a tractable size. Maybe. Possibly. On a good day. Don't you think that e.g. DSL (Damn Small Linux) has less code than Android? I mean you can't simplify that by saying This System is the most secure if you mean this system is the smallest.. I think you have to achieve a good compromise between security and simplicity. Andreas -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Brian Conley: snip My point was for something off the shelf, I know of nothing better and as far as it goes... I'd say it's a step up for a lot people who should be using more secure IT technologies and methods than they are (such as some journalists), and they can take that step with minimal investment in time and energy and a chromebook will meet their needs. I'd suggest users have no hard disk and boot off of a Tails USB disk. Now we've reduced the attack surface to the BIOS/EFI layer - something that I suspect is pretty crappy all across the board. snip I would love to be a fly on the wall of the IDF customs agent you have to explain this to. I see no OPSEC problem whatsoever in travelling with a laptop that has no hard disk. I cannot imagine any customs agent or other two-bit security bureaucrat having a problem with that. // See what I just did there? I attacked the specific *text* of your response, rather than what I believe to be true about you. I assume you'd not ever recommend that interpretation of your words to someone, so how does it help dialogue/discussion/liberation for me to engage in that line of reasoning? Having had a laptop with no hard drive taken and inspected by US customs, I'd like to say that it was a lot smoother than the time I brought a Chromebook (with a (blank) disk) through customs. In any case, you can do whatever you'd like with the drive in the system - the point is simply to treat the disk internally as not part of the operational plan for using the laptop. I would actually suggest a used windows install that is forensically imaged before a trip. This will later allow you to see if they compromised the machine in an obvious manner while say, you were out at the pool or not near the laptop. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Brian Conley: On Wed, Feb 6, 2013 at 2:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote: Brian Conley: Micah, Perhaps you can tell us the secret to convince all family members and colleagues to become Linux hackers able to be completely self-sufficient managing their own upgrades and modifications indefinitely? Stop supporting the use of non-free software? We're all part of the problem when we help people to be less free and to use proprietary software or proprietary services. This is both an education and a problem with enabling. We all suffer from it, I think. What's funny about this, is that you appear to think I disagree with you on this. My point is, if *YOU* (any you out there of the many yous on this here libtech list) want to advise someone who is at risk to use free software, YOU should take responsibility for stewarding them through the process and making sure they know enough not to get themselves into trouble. When we encourage people to say, buy a Macbook or a Chromebook because we're happy to support it over say, Windows, we're making things worse. Largely because the choice is actually between Free Software and proprietary software or free software on devices where we're not actually able to exercise all of our freedoms. I don't know a great deal about Linux. I know enough to know that smart people I know seem to think it is better for a variety of reasons from a security standpoint. Unfortunately where it is *not* better is for people engaged in multimedia. It would be great if someone would support the development of better linux-based multimedia tools. I'm not that person. Oh, except for the last year I've been working with the good folks at the Guardian Project and others on a secure-by-design multimedia reporting app based in Android, and a large portion of our relatively meager funding has been directed at UI/UX design and graphics and content in the training portion. Thus, when we aren't helping people to get off of the non-free platforms or to reduce our dependency on non-free software, we're basically not doing a great job at educating people that we care about and otherwise wish to support. When we pass the buck, we're enabling them with harmful, sometimes seriously so, solutions. See above. I am certainly doing a lot more than I used to be doing in this realm. I hope you're not trying to suggest that I am passing the buck. I actually think that we all pass the buck. It is part of the current discourse - perhaps the only person that doesn't pass the buck is Micah. He's like some kind of Gnu/Saint, really. My point is that if knowledgeable individuals are not willing to spend the time to assist less knowledgeable people to get the first leg up in the much-less-than-obvious world of FOSS/FLOSS/Whatever, then they are just as responsible for security risks and endangerment as people who ignorantly recommend windows, mac, etc because as you put it When we encourage people to say, buy a Macbook or a Chromebook because we're happy to support it over say, Windows, we're making things worse. I disagree. The packaging system alone for most systems encourages a safe way to install nearly all software. Thanks to the nearly impossible UX choices, we don't see a lot of accidental malware on GNU/Linux systems. I wish I was kidding but this is actually an improvement over say, Windows or Mac OS X software packages that promote downloading anything and everything insecurely, running it and then updating willy nilly over the same insecure channels. Again, just as I still haven't heard a strong argument why google hangout is as bad or worse than Skype, I don't yet see good arguments why Chromebook is such a bad option for many use cases. In fact, I don't see why a lot of mobile devices that are wifi only might be such bad options. However, don't worry, I won't be advocating for you to use a windows mobile or apple tablet anytime soon. This is the wrong framing entirely. Allow me to re-frame it: I haven't heard a strong argument as to why Google or Skype is safe at all. Thus, I'll conclude that neither are very safe for anything at all, though they may thwart some people with little time on their hands. Otherwise what is your point? This essay seems like a longer version of what Micah has expressed: http://www.gnu.org/philosophy/free-sw.html http://www.gnu.org/philosophy/right-to-read.html I also suggest reading these two essays by RMS: http://www.gnu.org/philosophy/shouldbefree.html http://www.gnu.org/philosophy/when_free_software_isnt_practically_better.html I will definitely read up, though by pointing me in this direction, you open yourself up to replying to relevant and serious clarification questions as follow up. (the Gunner clause ;) ) Happy to help. :) He is also talking about how the threats to a user might include Google itself (eg: my legal cases!) or
Re: [liberationtech] Chromebooks for Risky Situations?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 micah anderson: I can't wait for the day when Google accidentally pushes an update out that actually bricks their devices, because when that happens, there is no way to simply reinstall the OS from scratch. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech Funny you should mention that. I have a Galaxy Nexus and I accepted an OTA update 4.2 or 4.2.1 I forget. Anyway that particular device had file system encryption enabled. After the update it was in a permanent reboot loop and I had to re-flash the entire device with the stock ROM. Fortunately I'd backed up my data with Titanium Backup so restoration was easy. Another handset I have also a Galaxy Nexus without encryption upgraded properly without any issues. Likewise with a Nexus 7 I also own. Maybe this was an example of a Google update going awry. I do agree though Ubuntu wouldn't be the best solution (although I do use Kubuntu on my workstation). I know my way around Linux, and it's not mission critical. If it screwed up I'd have time to fix it, others in hot areas trying to do a news report might not. :) The other thing is Unity is distribution specific, Ubuntu's packages are based off Debian testing/unstable. This is actually one of the reasons I like KDE very much because they haven't aligned themselves with a linux provider. In my opinion it also contains the right amount of ease of use and reconfigurability to remain useful, unlike some other environments aimed at being easy to use. For stable desktop usage something like CentOS or Debian stable would probably be better. That said hardening those systems does take some knowledge of Linux. I guess if you really wanted to use Ubuntu, you'd have to stick to LTS releases those tend to be a fair bit more conservative. - -- scarp | A4F7 25DB 2529 CB1A 605B 3CB4 5DA0 4859 0FD4 B313 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJRE32mAAoJEF2gSFkP1LMTW5AP/2Haa+jqdQBzB+3L455kji6K d9b7CuFJrbC2JFogT631wVS2ZH+yiImHDXHDfYlvtgO8PvwHW3eztrdB01bQaG9e VqI4tCvw8pA7zRc+V0fOhjeaRxP5LLPlLkN9vF8cv4xjtD73L81ysvwLUQigr35X MsW2cn2rcG8mAZU60l7DYSZpazNaP2NmNhKzy/ulBpMq9JPYeJ697VIGJsfI3Aw2 LEHn94NhwCLccXonHAn+V61EtebkP3s9QWkbI642htZFWHGjOiOHOcQG6ofr7Vyi lSBYlvCL1pnwKZwH1a2PL+wUZ5mAihj4vMo+IxxiQ86RxzehWSg++2llyNV8qufC 4LWZz2WpAtNkYAJaoEenrPkyULWPMlzSa8qKxr6LvFWgRFeNDcplvZIUOxYVu2bm JAy99Iydt+kf799tfmJzoQ7BRVhtxAo0nCEh39WeUr7e+8Jg4pLuN7SSkqLVeMmw J4jsaqEfmCR46LnNPcarDH9IpID+nfYcmSD6INLq+Y5SW5jY4NsDs/zEXeFG4m+u sUSXAx+i72prsugg92kAcGCPV7EcrN87Et5iF6g8BvCwII2pHLem5lg2eqhdY6ud gjMNiEeTwvpWRbSt6//n6PNflCcRXK4Z6FwyWatC3zFtSaHv63t5FVVb3s5UwPh0 eiSUp/4ej9f/fnbdTCFp =OT+R -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Ali-Reza Anghaie a...@packetknife.com wrote: A VZW employee was nice enough to reach out off list - wanted to remain anonymous - says that the international SIMs they send for you to put in overseas Nexus devices won't tether. Ever. No matter what I'm told otherwise. Anyhow.. enough of that. Cheers, -Ali Nate was talking about using the phone to tether onto a local wifi network, not onto the phone's 3G+ network. Though it still wouldn't work with stock OS, since the phone must be rooted and support iptables.[1] ~Griffin [1] http://code.google.com/p/android-wifi-tether/ On Wed, Feb 6, 2013 at 1:28 AM, Nathan of Guardian nat...@guardianproject.info wrote: You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Brian Conley: Micah, Perhaps you can tell us the secret to convince all family members and colleagues to become Linux hackers able to be completely self-sufficient managing their own upgrades and modifications indefinitely? Stop supporting the use of non-free software? We're all part of the problem when we help people to be less free and to use proprietary software or proprietary services. This is both an education and a problem with enabling. We all suffer from it, I think. When we encourage people to say, buy a Macbook or a Chromebook because we're happy to support it over say, Windows, we're making things worse. Largely because the choice is actually between Free Software and proprietary software or free software on devices where we're not actually able to exercise all of our freedoms. Thus, when we aren't helping people to get off of the non-free platforms or to reduce our dependency on non-free software, we're basically not doing a great job at educating people that we care about and otherwise wish to support. When we pass the buck, we're enabling them with harmful, sometimes seriously so, solutions. Otherwise what is your point? This essay seems like a longer version of what Micah has expressed: http://www.gnu.org/philosophy/free-sw.html http://www.gnu.org/philosophy/right-to-read.html I also suggest reading these two essays by RMS: http://www.gnu.org/philosophy/shouldbefree.html http://www.gnu.org/philosophy/when_free_software_isnt_practically_better.html He is also talking about how the threats to a user might include Google itself (eg: my legal cases!) or perhaps even the network you're using (hint: ChromeOS has no way to protect you against such an attacker, so no, it isn't safe to use everywhere or perhaps anywhere depending on your trust of the local network). It seems like you are being needlessly confrontational or outright ignoring the quite reasonable counter arguments to various linux OSes,Ubuntu/gentoo/ etc etc being made here. Most of arguments I've heard here boil down to privileged wealthy people complaining that learning and mutual aid or solidarity is simply too hard. The worst is when people who train people in risky situations make those kinds of statements. It's frankly, really and seriously embarrassing. All the best, Jake On Feb 6, 2013 7:09 PM, micah anderson mi...@riseup.net wrote: Andy Isaacson a...@hexapodia.org writes: On Wed, Feb 06, 2013 at 10:52:23AM -0500, micah anderson wrote: - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. I would be surprised if you actually 'bricked' these systems, since neither operating system you mention involves a procedure that has the risk of bricking a device. I suspect this is hyperbole? I've had dist-upgrade (or the GUI equivalent) make an Ubuntu system unbootable and unrecoverable without recourse to a rescue-image and deep magic grub hacking, etc. That counts as bricked when the easiest course of action is to simply reinstall the OS from scratch. It's not bricked in the sense that an Android install gone awry can require specialized hardware (JTAG dongle etc) and crypto keys to fix, but it's equivalent from a user's point of view. I understand where you are going with this, but when it comes to terminology, I think it serves to confuse the issue to misuse the term 'brick'. You cannot, as you say, simply reinstall the OS from scratch on a device that has been bricked. I can't wait for the day when Google accidentally pushes an update out that actually bricks their devices, because when that happens, there is no way to simply reinstall the OS from scratch. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
T N: The word Linux doesn't refer to anything, other than maybe the kernel. Chrome OS is linux. But it's a massively stripped down distribution that has a radical design, including the fact that it will ONLY run if all of the cryptographic checks are verified from the root of trust. That root of trust is Google's massively large PKI public key that is burned into the firmware. It runs software that is in Debian, the GNU/Linux operating system. I know, I've written some of it (eg: tlsdate). They do a good job of locking things down but it is basically just another distribution of Linux. For a journalist in the field, that's a great reassurance. Take your Chromebook to China. The Chinese government can not alter what you are running without either (a) modifying your hardware, which means they take possession of it for a period of time and manage to do something that is tricky to do (i.e. circumstances under which you'd no longer trust your computer anyways) or (b) you will know they tried to hack it and your Chromebook will refuse to boot, and will instead wipe away the hacks and update itself and won't boot unless the update is a legitimate one signed by Google. This is hilarious. I would *never* use a laptop that lacks a way to protect all your traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious surveillance as an at risk person. Not only because the remote systems will have your exact geographic location and because a lack of anonymity allows for targeted attacks, but also because the local network is well known to be seriously hostile! A persistent backdoor on your Chromebook is not actually impossible. I have a few ideas for how to make it happen and I've discuss security/development issues with the ChromeOS team on a nearly daily basis. Yes, you can't compare Chrome OS's attack surface to a typical linux distribution, or even a highly customized linux install which doesn't have the hardware root of trust. Actually, I think you can compare it - one major advantage is that you can protect your network traffic and compartmentalize your risk with any Secure Boot enabled Linux distro. You can also do it without secure boot and it isn't terribly hard as long as you draw arbitrary lines like the EFI firmware blobs and hardware are out of scope which is what happens with Secure Boot systems anyway. All the best, Jake On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi na...@nadim.cc wrote: The biggest (and very important) difference between Linux and Chromebooks is the hugely smaller attack surface. NK On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley bri...@smallworldnews.tvwrote: Andreas, Plenty of Syrians do have internet access, and use it on a regular basis. Also, lack of appropriateness for one use-case doesn't necessitate lack of appropriateness across the board. Linux is a great solution for many use cases, but as has been elaborated, quite a terrible one for many others. Brian On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader noergelpi...@hotmail.dewrote: On 02/06/2013 04:24 PM, Tom Ritter wrote: Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS was *designed* to have you logout, and hand the device over to someone else to login, and get no access to your stuff. Extreme Hardware attacks aside, it works pretty well. - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. - Verified Boot, automatic FDE, tamper-resistant hardware Something I'm curious about is, if any less-popular device became popular amoung the activist community - would the government view is as an indicator of interest? Just like they block Tor, would they block Chromebooks? It'd have to get pretty darn popular first though. -tom -- But you can't use it for political activists e.g. in Syria because of its dependence on the internet connection. This fact is authoritative. For Europe and USA and so on it might be a good solution. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News
Re: [liberationtech] Chromebooks for Risky Situations?
On Wed, Feb 6, 2013 at 5:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote: Most of arguments I've heard here boil down to privileged wealthy people complaining that learning and mutual aid or solidarity is simply too hard. The worst is when people who train people in risky situations make those kinds of statements. It's frankly, really and seriously embarrassing. What? All the best, Jake On Feb 6, 2013 7:09 PM, micah anderson mi...@riseup.net wrote: Andy Isaacson a...@hexapodia.org writes: On Wed, Feb 06, 2013 at 10:52:23AM -0500, micah anderson wrote: - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. I would be surprised if you actually 'bricked' these systems, since neither operating system you mention involves a procedure that has the risk of bricking a device. I suspect this is hyperbole? I've had dist-upgrade (or the GUI equivalent) make an Ubuntu system unbootable and unrecoverable without recourse to a rescue-image and deep magic grub hacking, etc. That counts as bricked when the easiest course of action is to simply reinstall the OS from scratch. It's not bricked in the sense that an Android install gone awry can require specialized hardware (JTAG dongle etc) and crypto keys to fix, but it's equivalent from a user's point of view. I understand where you are going with this, but when it comes to terminology, I think it serves to confuse the issue to misuse the term 'brick'. You cannot, as you say, simply reinstall the OS from scratch on a device that has been bricked. I can't wait for the day when Google accidentally pushes an update out that actually bricks their devices, because when that happens, there is no way to simply reinstall the OS from scratch. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Wed, Feb 6, 2013 at 5:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote: This is hilarious. I would *never* use a laptop that lacks a way to protect all your traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious surveillance as an at risk person. Not only because the remote systems will have your exact geographic location and because a lack of anonymity allows for targeted attacks, but also because the local network is well known to be seriously hostile! Thankfully, while Chrome does not support better solutions (such as Tor), it does in fact support VPN connections: http://support.google.com/chromeos/bin/answer.py?hl=enanswer=1282338 On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi na...@nadim.cc wrote: The biggest (and very important) difference between Linux and Chromebooks is the hugely smaller attack surface. NK On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley bri...@smallworldnews.tv wrote: Andreas, Plenty of Syrians do have internet access, and use it on a regular basis. Also, lack of appropriateness for one use-case doesn't necessitate lack of appropriateness across the board. Linux is a great solution for many use cases, but as has been elaborated, quite a terrible one for many others. Brian On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader noergelpi...@hotmail.de wrote: On 02/06/2013 04:24 PM, Tom Ritter wrote: Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS was *designed* to have you logout, and hand the device over to someone else to login, and get no access to your stuff. Extreme Hardware attacks aside, it works pretty well. - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. - Verified Boot, automatic FDE, tamper-resistant hardware Something I'm curious about is, if any less-popular device became popular amoung the activist community - would the government view is as an indicator of interest? Just like they block Tor, would they block Chromebooks? It'd have to get pretty darn popular first though. -tom -- But you can't use it for political activists e.g. in Syria because of its dependence on the internet connection. This fact is authoritative. For Europe and USA and so on it might be a good solution. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Wed, Feb 6, 2013 at 5:16 PM, Jacob Appelbaum ja...@appelbaum.netwrote: A persistent backdoor on your Chromebook is not actually impossible. As Nate (?) pointed out, hardware backdoors wouldn't be all that difficult to implement, especially for someone who travels a lot. A ten minute delay in releasing checked luggage, and the secure boot could be lot less secure. Most of arguments I've heard here boil down to privileged wealthy people complaining that learning and mutual aid or solidarity is simply too hard. The worst is when people who train people in risky situations make those kinds of statements. As someone who is neither privileged nor wealthy, and who enjoys teaching people tech, I'm gonna chime in. It's untrue and assumes a LOT about motivation for both users and people training them. Chrome is not right for everyone. I don't use a chromebook and don't recommend it for most people. It's a vast improvement over Windows, particularly for people who wind up with backdoored bootleg XP-like operating systems. Jake, you absolutely cannot equivocate your situation with most at-risk people for several reasons. You're at a high risk, moreso than most at-risk users. You're also highly intelligent and self-educated (and have the resources to educate yourself). You exist in a milieu where there are many who can give guidance on technology and security. You also have the economic advantage of being able to jettison software if you suspect it's been tampered with. There are many different types of privilege at play, and not everyone is in the same situation. It's important (IMO) to customize recommendations rather than make broad statements. Would it be great if we could move everyone using malware-riddled Windows setups to Ubuntu, Debian, or BSD? Absolutely. If I could convince everyone I know to switch to Ubuntu, that would be fucking amazing. But I've tried to convince numerous people to make the switch, and only a few were willing to try the USB stick. I think two have committed to dual-booting. And that's just the reality. ~Griffin -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Jake, you absolutely cannot equivocate your situation with most at-risk people for several reasons. Er, correction, I meant that you cannot treat the situations equally. And by jettison software, I meant jettison Hardware. Sorry, I can't brain today, I have the dumb. best, Griffin -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Nadim Kobeissi: On Wed, Feb 6, 2013 at 5:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote: This is hilarious. I would *never* use a laptop that lacks a way to protect all your traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious surveillance as an at risk person. Not only because the remote systems will have your exact geographic location and because a lack of anonymity allows for targeted attacks, but also because the local network is well known to be seriously hostile! Thankfully, while Chrome does not support better solutions (such as Tor), it does in fact support VPN connections: http://support.google.com/chromeos/bin/answer.py?hl=enanswer=1282338 This is a new (to me) feature; thanks for pointing it out. I'm glad to see it finally landed and is in production. Would someone with a ChromeOS device test the VPN to see if it leaks the way that we described in our vpwned[0] paper? It should be rather straight forward to see if it leaks with trivial tests. Killing the VPN to see if it fails open should also be straight forward. I would be pleasantly surprised if they were not vulnerable to either of those issues. I asked a ChromeOS security person their thoughts on the matter and passed them our paper; we'll see what they say. All the best, Jake [0] https://www.usenix.org/system/files/conference/foci12/foci12-final8.pdf On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi na...@nadim.cc wrote: The biggest (and very important) difference between Linux and Chromebooks is the hugely smaller attack surface. NK On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley bri...@smallworldnews.tv wrote: Andreas, Plenty of Syrians do have internet access, and use it on a regular basis. Also, lack of appropriateness for one use-case doesn't necessitate lack of appropriateness across the board. Linux is a great solution for many use cases, but as has been elaborated, quite a terrible one for many others. Brian On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader noergelpi...@hotmail.de wrote: On 02/06/2013 04:24 PM, Tom Ritter wrote: Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS was *designed* to have you logout, and hand the device over to someone else to login, and get no access to your stuff. Extreme Hardware attacks aside, it works pretty well. - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. - Verified Boot, automatic FDE, tamper-resistant hardware Something I'm curious about is, if any less-popular device became popular amoung the activist community - would the government view is as an indicator of interest? Just like they block Tor, would they block Chromebooks? It'd have to get pretty darn popular first though. -tom -- But you can't use it for political activists e.g. in Syria because of its dependence on the internet connection. This fact is authoritative. For Europe and USA and so on it might be a good solution. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Griffin Boyce: On Wed, Feb 6, 2013 at 5:16 PM, Jacob Appelbaum ja...@appelbaum.netwrote: A persistent backdoor on your Chromebook is not actually impossible. As Nate (?) pointed out, hardware backdoors wouldn't be all that difficult to implement, especially for someone who travels a lot. A ten minute delay in releasing checked luggage, and the secure boot could be lot less secure. I'm not talking about a hardware backdoor. What happens when you install a Chrome extension that does bad stuff? Their hardware security model doesn't really come into play with such a vector. Yeah, a hardware backdoor is also a problem but I was speaking specifically about how ChromeOS doesn't actually reduce things to a hardware tampering attack. Most of arguments I've heard here boil down to privileged wealthy people complaining that learning and mutual aid or solidarity is simply too hard. The worst is when people who train people in risky situations make those kinds of statements. As someone who is neither privileged nor wealthy, and who enjoys teaching people tech, I'm gonna chime in. It's untrue and assumes a LOT about motivation for both users and people training them. Chrome is not right for everyone. I don't use a chromebook and don't recommend it for most people. It's a vast improvement over Windows, particularly for people who wind up with backdoored bootleg XP-like operating systems. Free Software was my point, I couldn't really care less about Chrome. Jake, you absolutely cannot equivocate your situation with most at-risk people for several reasons. You're at a high risk, moreso than most at-risk users. You're also highly intelligent and self-educated (and have the resources to educate yourself). You exist in a milieu where there are many who can give guidance on technology and security. You also have the economic advantage of being able to jettison software if you suspect it's been tampered with. There are many different types of privilege at play, and not everyone is in the same situation. It's important (IMO) to customize recommendations rather than make broad statements. Actually, I can and I just did so for a very good set of reasons. The 2703(d) order for my gmail account is exactly the same legal tool that will and was likely used against others on this mailing list. The exception is the attention and not the technique! Would it be great if we could move everyone using malware-riddled Windows setups to Ubuntu, Debian, or BSD? Absolutely. If I could convince everyone I know to switch to Ubuntu, that would be fucking amazing. But I've tried to convince numerous people to make the switch, and only a few were willing to try the USB stick. I think two have committed to dual-booting. And that's just the reality. The reason that they won't is because people either lack the support (in terms of software, human time, hardware drivers, etc) or they simply don't understand *or* care about the reasons we've discussed endlessly on this list. All the best, Jake ~Griffin -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Wed, Feb 6, 2013 at 2:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote: It runs software that is in Debian, the GNU/Linux operating system. I know, I've written some of it (eg: tlsdate). They do a good job of locking things down but it is basically just another distribution of Linux. I don't agree it's basically just another linux distribution in that most distros (zero?) aren't using the dm-verity Google mostly wrote and contributed upstream for their purposes. The distro's could use it. Chrome OS is also totally stripped down compared to a typical linux distribution. It's runs X but the window manager is customized and their own (open source, but nonetheless). But yes- it's a Linux kernel with an admixture of userland things, some of which are GNU, some of which are not. This is hilarious. I would *never* use a laptop that lacks a way to protect all your traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious surveillance as an at risk person. It has ssh and supports a number of VPN protocols. What's so funny? Not only because the remote systems will have your exact geographic location and because a lack of anonymity allows for targeted attacks, but also because the local network is well known to be seriously hostile! A persistent backdoor on your Chromebook is not actually impossible. I have a few ideas for how to make it happen and I've discuss security/development issues with the ChromeOS team on a nearly daily basis. Good luck with that. Maybe you want to make some money this year at Pwnium? Yes, you can't compare Chrome OS's attack surface to a typical linux distribution, or even a highly customized linux install which doesn't have the hardware root of trust. Actually, I think you can compare it - one major advantage is that you can protect your network traffic and compartmentalize your risk with any Secure Boot enabled Linux distro. You can also do it without secure boot and it isn't terribly hard as long as you draw arbitrary lines like the EFI firmware blobs and hardware are out of scope which is what happens with Secure Boot systems anyway. I think you're seriously missing the point here. My remarks were well qualified. Conditionals have to met: - IF you want low cost (time is money, so efforts to set up a Linux secure laptop that are time consuming are expensive, as is all the time you spent to learn how to do these things in the first place) - IF you want a somewhat naive user to use the device (eg. journalist) - etc. All you're saying is that If I'm a total techie weenie with nothing but time on my hands I can do way better than a Chromebook. Well of course. I don't disagree with something along those lines. But that's not the practical use cases I was trying to summons. That said, to the extent that I sort of implied a Chromebook is some kind of safe thing to use in China for a person at risk... well no. I would not want to stand on that! And I actually agree with what you're saying as far as that goes. My point was for something off the shelf, I know of nothing better and as far as it goes... I'd say it's a step up for a lot people who should be using more secure IT technologies and methods than they are (such as some journalists), and they can take that step with minimal investment in time and energy and a chromebook will meet their needs. Trever All the best, Jake On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi na...@nadim.cc wrote: The biggest (and very important) difference between Linux and Chromebooks is the hugely smaller attack surface. NK On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley bri...@smallworldnews.tv wrote: Andreas, Plenty of Syrians do have internet access, and use it on a regular basis. Also, lack of appropriateness for one use-case doesn't necessitate lack of appropriateness across the board. Linux is a great solution for many use cases, but as has been elaborated, quite a terrible one for many others. Brian On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader noergelpi...@hotmail.de wrote: On 02/06/2013 04:24 PM, Tom Ritter wrote: Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS
Re: [liberationtech] Chromebooks for Risky Situations?
The other things I meant to add: Most Linux distro's are not running with their executable code on a readonly filesystem, and it takes some effort to convert to a RO configuration. Also you can not login to a stock Chrome OS device as root. That account has logins disabled. You have to flip to dev mode, in which case, the machine will complain at every boot that it's mode has been switched (so you know). Trever On Thu, Feb 7, 2013 at 2:41 PM, T N trr...@gmail.com wrote: On Wed, Feb 6, 2013 at 2:16 PM, Jacob Appelbaum ja...@appelbaum.netwrote: It runs software that is in Debian, the GNU/Linux operating system. I know, I've written some of it (eg: tlsdate). They do a good job of locking things down but it is basically just another distribution of Linux. I don't agree it's basically just another linux distribution in that most distros (zero?) aren't using the dm-verity Google mostly wrote and contributed upstream for their purposes. The distro's could use it. Chrome OS is also totally stripped down compared to a typical linux distribution. It's runs X but the window manager is customized and their own (open source, but nonetheless). But yes- it's a Linux kernel with an admixture of userland things, some of which are GNU, some of which are not. This is hilarious. I would *never* use a laptop that lacks a way to protect all your traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious surveillance as an at risk person. It has ssh and supports a number of VPN protocols. What's so funny? Not only because the remote systems will have your exact geographic location and because a lack of anonymity allows for targeted attacks, but also because the local network is well known to be seriously hostile! A persistent backdoor on your Chromebook is not actually impossible. I have a few ideas for how to make it happen and I've discuss security/development issues with the ChromeOS team on a nearly daily basis. Good luck with that. Maybe you want to make some money this year at Pwnium? Yes, you can't compare Chrome OS's attack surface to a typical linux distribution, or even a highly customized linux install which doesn't have the hardware root of trust. Actually, I think you can compare it - one major advantage is that you can protect your network traffic and compartmentalize your risk with any Secure Boot enabled Linux distro. You can also do it without secure boot and it isn't terribly hard as long as you draw arbitrary lines like the EFI firmware blobs and hardware are out of scope which is what happens with Secure Boot systems anyway. I think you're seriously missing the point here. My remarks were well qualified. Conditionals have to met: - IF you want low cost (time is money, so efforts to set up a Linux secure laptop that are time consuming are expensive, as is all the time you spent to learn how to do these things in the first place) - IF you want a somewhat naive user to use the device (eg. journalist) - etc. All you're saying is that If I'm a total techie weenie with nothing but time on my hands I can do way better than a Chromebook. Well of course. I don't disagree with something along those lines. But that's not the practical use cases I was trying to summons. That said, to the extent that I sort of implied a Chromebook is some kind of safe thing to use in China for a person at risk... well no. I would not want to stand on that! And I actually agree with what you're saying as far as that goes. My point was for something off the shelf, I know of nothing better and as far as it goes... I'd say it's a step up for a lot people who should be using more secure IT technologies and methods than they are (such as some journalists), and they can take that step with minimal investment in time and energy and a chromebook will meet their needs. Trever All the best, Jake On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi na...@nadim.cc wrote: The biggest (and very important) difference between Linux and Chromebooks is the hugely smaller attack surface. NK On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley bri...@smallworldnews.tv wrote: Andreas, Plenty of Syrians do have internet access, and use it on a regular basis. Also, lack of appropriateness for one use-case doesn't necessitate lack of appropriateness across the board. Linux is a great solution for many use cases, but as has been elaborated, quite a terrible one for many others. Brian On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader noergelpi...@hotmail.dewrote: On 02/06/2013 04:24 PM, Tom Ritter wrote: Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with
Re: [liberationtech] Chromebooks for Risky Situations?
UAE - Etisalat, nexus 4 - tethering was easy once the data plan was procured. That, however, ain't simple - took time and some significant documentation. Only thing they did not ask for was my first-born son. On Feb 6, 2013, at 15:31, Brian Conley bri...@smallworldnews.tv wrote: What Android OS are you using, Ali? It's a snap with Google Nexus running 4.0. Perhaps its an OS version or carrier-rolled OS that is the problem? Brian On Wed, Feb 6, 2013 at 12:26 PM, Ali-Reza Anghaie a...@packetknife.com wrote: I'm glad people have had luck with tethering their Android phones internationally. I've had absolutely zero - I'll have to give it another run with a locally renter provider I suppose. Anyone try in the UAE recently? Provider, hardware? Egypt? Curious. -Ali On Feb 6, 2013 3:19 PM, Griffin Boyce griffinbo...@gmail.com wrote: On Wed, Feb 6, 2013 at 1:28 AM, Nathan of Guardian nat...@guardianproject.info wrote: On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote: How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. Using an android phone as a tether seems much more normal and fits the profile of an international traveler. Carrying a router around might not be the best option for staying low-profile. I like Chrome OS but am addicted to Pidgin with OTR. It's really the only thing keeping me from trying out a Chromebook. (Even Photoshop is available 'in the cloud'). If you need to install a few programs locally but like the overall idea and features, JoliOS looks to be a good option: http://www.jolicloud.com/jolios Somewhat off-topic: I reject the idea that because something isn't right for Syrians, that it's not useful. There is an incredible spectrum of threat models to consider. And usability is a factor. It's worth considering that state-sponsored Windows spyware is a major problem. But people still use it because the realistic alternative is more difficult to use (even Ubuntu has a sharp learning curve). Best, Griffin Boyce -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
T N: On Wed, Feb 6, 2013 at 2:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote: It runs software that is in Debian, the GNU/Linux operating system. I know, I've written some of it (eg: tlsdate). They do a good job of locking things down but it is basically just another distribution of Linux. I don't agree it's basically just another linux distribution in that most distros (zero?) aren't using the dm-verity Google mostly wrote and contributed upstream for their purposes. The distro's could use it. Chrome OS is also totally stripped down compared to a typical linux distribution. It's runs X but the window manager is customized and their own (open source, but nonetheless). ChromeOS is just a distribution of Linux with the Linux kernel and with a user space that performs a bunch of the same functionality as any distro. They take more care with security than most distros but until they're running a BSD kernel or something and drop all the code in common with other distros, I don't see major differences. Their main difference comes from a focus on security in a holistic sense and I respect their efforts. This is mostly splitting hairs but not every Linux distro is a sysV unix clone, ChromeOS is another variant and a reasonable one. But yes- it's a Linux kernel with an admixture of userland things, some of which are GNU, some of which are not. Most of the positive security model comes from isolation and the idea that the ChromeOS team scoped out a specific specification for each thing they wished to solve. I appreciate the effort and I hope that most of their work is adopted by other distros. This is hilarious. I would *never* use a laptop that lacks a way to protect all your traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious surveillance as an at risk person. It has ssh and supports a number of VPN protocols. What's so funny? As I said in another thread, I hadn't seen that they supported any VPN endpoints; my original ChromeOS device had no VPN support at all. I'm glad to see that they support IPSEC and OpenVPN (gladly no PPTP!). Ideally, I would like to see them offer an SSH setup wizard where it also uses OpenSSH as a VPN transport. I plan to look into their VPN setup - I would love to see that they're not vulnerable to the issues in our recent vpnwed paper. Not only because the remote systems will have your exact geographic location and because a lack of anonymity allows for targeted attacks, but also because the local network is well known to be seriously hostile! A persistent backdoor on your Chromebook is not actually impossible. I have a few ideas for how to make it happen and I've discuss security/development issues with the ChromeOS team on a nearly daily basis. Good luck with that. Maybe you want to make some money this year at Pwnium? Weaponizing an exploit and persisting something malicious aren't the same problem. Consider a Chrome extension that logs all the urls one visits in the browser, will the ChromeOS security model prevent it? Yes, you can't compare Chrome OS's attack surface to a typical linux distribution, or even a highly customized linux install which doesn't have the hardware root of trust. Actually, I think you can compare it - one major advantage is that you can protect your network traffic and compartmentalize your risk with any Secure Boot enabled Linux distro. You can also do it without secure boot and it isn't terribly hard as long as you draw arbitrary lines like the EFI firmware blobs and hardware are out of scope which is what happens with Secure Boot systems anyway. I think you're seriously missing the point here. My remarks were well qualified. Conditionals have to met: - IF you want low cost (time is money, so efforts to set up a Linux secure laptop that are time consuming are expensive, as is all the time you spent to learn how to do these things in the first place) Download Tails and boot it up. - IF you want a somewhat naive user to use the device (eg. journalist) - etc. Ditto. I train journalists all the time and the only people who have issues are journalists with Macbooks, as there is a specific problem with new apple hardware and booting from a USB disk. In those cases, a DVD is read only and does just fine. All you're saying is that If I'm a total techie weenie with nothing but time on my hands I can do way better than a Chromebook. Well of course. I don't disagree with something along those lines. But that's not the practical use cases I was trying to summons. I'm not making that statement at all. That said, to the extent that I sort of implied a Chromebook is some kind of safe thing to use in China for a person at risk... well no. I would not want to stand on that! And I actually agree with what you're saying as far as that goes. Ok. My point was for something off the shelf, I know of nothing better and as far as it goes...
Re: [liberationtech] Chromebooks for Risky Situations?
T N: The other things I meant to add: Most Linux distro's are not running with their executable code on a readonly filesystem, and it takes some effort to convert to a RO configuration. If someone has root on the machine or physical access, I guess that it won't matter as much as we'd like unless the physical media is actually Read Only, say with a DVD. Also you can not login to a stock Chrome OS device as root. That account has logins disabled. You have to flip to dev mode, in which case, the machine will complain at every boot that it's mode has been switched (so you know). If the dev switch is flipped, one may simply gain root, no? All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Brian Conley bri...@smallworldnews.tv writes: Perhaps you can tell us the secret to convince all family members and colleagues to become Linux hackers able to be completely self-sufficient managing their own upgrades and modifications indefinitely? I never suggested that all family members and collegues need to do any such thing, so why should I come up with that secret? Is that what this thread is about? I thought this thread was a Chromebook advertising clownfest, but I see I am wrong! It is actually about how people are defensive about their compromises to freedom and want to fight about that. Otherwise what is your point? I have a hard time responding to that question when you don't bother citing whatever it is you are disagreeing with and instead just top post on top of what I wrote. It seems like you are being needlessly confrontational or outright ignoring the quite reasonable counter arguments to various linux OSes,Ubuntu/gentoo/ etc etc being made here. ok, you are probably right, it is just so wrong in so many ways, that I can't do anything but snipe and run away. So I give up. I can't even begin to start unpacking what is wrong in many of the things I've read here, so I give up. I'm turning off the internet, everyone out. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Wed, Feb 6, 2013 at 2:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote: Brian Conley: Micah, Perhaps you can tell us the secret to convince all family members and colleagues to become Linux hackers able to be completely self-sufficient managing their own upgrades and modifications indefinitely? Stop supporting the use of non-free software? We're all part of the problem when we help people to be less free and to use proprietary software or proprietary services. This is both an education and a problem with enabling. We all suffer from it, I think. What's funny about this, is that you appear to think I disagree with you on this. My point is, if *YOU* (any you out there of the many yous on this here libtech list) want to advise someone who is at risk to use free software, YOU should take responsibility for stewarding them through the process and making sure they know enough not to get themselves into trouble. When we encourage people to say, buy a Macbook or a Chromebook because we're happy to support it over say, Windows, we're making things worse. Largely because the choice is actually between Free Software and proprietary software or free software on devices where we're not actually able to exercise all of our freedoms. I don't know a great deal about Linux. I know enough to know that smart people I know seem to think it is better for a variety of reasons from a security standpoint. Unfortunately where it is *not* better is for people engaged in multimedia. It would be great if someone would support the development of better linux-based multimedia tools. I'm not that person. Oh, except for the last year I've been working with the good folks at the Guardian Project and others on a secure-by-design multimedia reporting app based in Android, and a large portion of our relatively meager funding has been directed at UI/UX design and graphics and content in the training portion. Thus, when we aren't helping people to get off of the non-free platforms or to reduce our dependency on non-free software, we're basically not doing a great job at educating people that we care about and otherwise wish to support. When we pass the buck, we're enabling them with harmful, sometimes seriously so, solutions. See above. I am certainly doing a lot more than I used to be doing in this realm. I hope you're not trying to suggest that I am passing the buck. My point is that if knowledgeable individuals are not willing to spend the time to assist less knowledgeable people to get the first leg up in the much-less-than-obvious world of FOSS/FLOSS/Whatever, then they are just as responsible for security risks and endangerment as people who ignorantly recommend windows, mac, etc because as you put it When we encourage people to say, buy a Macbook or a Chromebook because we're happy to support it over say, Windows, we're making things worse. Again, just as I still haven't heard a strong argument why google hangout is as bad or worse than Skype, I don't yet see good arguments why Chromebook is such a bad option for many use cases. In fact, I don't see why a lot of mobile devices that are wifi only might be such bad options. However, don't worry, I won't be advocating for you to use a windows mobile or apple tablet anytime soon. Otherwise what is your point? This essay seems like a longer version of what Micah has expressed: http://www.gnu.org/philosophy/free-sw.html http://www.gnu.org/philosophy/right-to-read.html I also suggest reading these two essays by RMS: http://www.gnu.org/philosophy/shouldbefree.html http://www.gnu.org/philosophy/when_free_software_isnt_practically_better.html I will definitely read up, though by pointing me in this direction, you open yourself up to replying to relevant and serious clarification questions as follow up. (the Gunner clause ;) ) He is also talking about how the threats to a user might include Google itself (eg: my legal cases!) or perhaps even the network you're using (hint: ChromeOS has no way to protect you against such an attacker, so no, it isn't safe to use everywhere or perhaps anywhere depending on your trust of the local network). Again, depending on your threat model. Who said everywhere or anywhere for everyone? It seems like you are being needlessly confrontational or outright ignoring the quite reasonable counter arguments to various linux OSes,Ubuntu/gentoo/ etc etc being made here. Most of arguments I've heard here boil down to privileged wealthy people complaining that learning and mutual aid or solidarity is simply too hard. The worst is when people who train people in risky situations make those kinds of statements. LOL. I'm, frankly, quite offended if you are indeed suggesting that I am making those statements. Also, remember that I'm currently involved in developing what is probably the first FOSS(FLOSS?) tool for mobile multimedia reporting that is built on secure-by-design
Re: [liberationtech] Chromebooks for Risky Situations?
snip My point was for something off the shelf, I know of nothing better and as far as it goes... I'd say it's a step up for a lot people who should be using more secure IT technologies and methods than they are (such as some journalists), and they can take that step with minimal investment in time and energy and a chromebook will meet their needs. I'd suggest users have no hard disk and boot off of a Tails USB disk. Now we've reduced the attack surface to the BIOS/EFI layer - something that I suspect is pretty crappy all across the board. snip I would love to be a fly on the wall of the IDF customs agent you have to explain this to. I see no OPSEC problem whatsoever in travelling with a laptop that has no hard disk. I cannot imagine any customs agent or other two-bit security bureaucrat having a problem with that. // See what I just did there? I attacked the specific *text* of your response, rather than what I believe to be true about you. I assume you'd not ever recommend that interpretation of your words to someone, so how does it help dialogue/discussion/liberation for me to engage in that line of reasoning? Brian -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 02/06/2013 07:28 AM, Nathan of Guardian wrote: On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote: How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. +n -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS was *designed* to have you logout, and hand the device over to someone else to login, and get no access to your stuff. Extreme Hardware attacks aside, it works pretty well. - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. - Verified Boot, automatic FDE, tamper-resistant hardware Something I'm curious about is, if any less-popular device became popular amoung the activist community - would the government view is as an indicator of interest? Just like they block Tor, would they block Chromebooks? It'd have to get pretty darn popular first though. -tom -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 02/06/2013 04:24 PM, Tom Ritter wrote: Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS was *designed* to have you logout, and hand the device over to someone else to login, and get no access to your stuff. Extreme Hardware attacks aside, it works pretty well. - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. - Verified Boot, automatic FDE, tamper-resistant hardware Something I'm curious about is, if any less-popular device became popular amoung the activist community - would the government view is as an indicator of interest? Just like they block Tor, would they block Chromebooks? It'd have to get pretty darn popular first though. -tom -- But you can't use it for political activists e.g. in Syria because of its dependence on the internet connection. This fact is authoritative. For Europe and USA and so on it might be a good solution. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Tom Ritter t...@ritter.vg writes: On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all Can you say what you mean here? What is SOP in this context? - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. I would be surprised if you actually 'bricked' these systems, since neither operating system you mention involves a procedure that has the risk of bricking a device. I suspect this is hyperbole? - Verified Boot, automatic FDE, tamper-resistant hardware All of this reminds me of this post: http://mjg59.dreamwidth.org/22465.html which concludes: Some people don't like Secure Boot because they don't trust Microsoft. If you trust Google more, then a Chromebook is a reasonable choice. But some people don't like Secure Boot because they see it as an attack on user freedom, and those people should be willing to criticise Google's stance. Unlike Microsoft, Chromebooks force the user to choose between security and freedom. Nobody should be forced to make that choice. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/02/13 15:52, Rich Kulawiec wrote: Many operating systems and applications and even application extensions (e.g., Firefox extensions) now attempt to discover the presence of updates for themselves either automatically or because a user instructs them to do. Is there any published research on the security consequences of doing so? (What I'm thinking of is an adversary who observes network traffic and thus can ascertain operating system type/version/patch level, installed application base/version/patch level, etc.) I'd be interested to hear about rollback attacks on such mechanisms. For example, Debian's security updates are signed, but they're fetched over an unauthenticated channel. Can an attacker fool a Debian system into believing that no updates are available? Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREoCaAAoJEBEET9GfxSfMWtQH/jfcN0wynzMtAfVJ91S4y84f qiHbKYaNswQFjvLRzxTGw9J9GYwhaZF/I1BbfYvd6f5q7Vj+b44SkndQT8SDjsHt 4Bj96rD+K5u5lGWXJjVvJHR1k5EGg+MREKe/6Kj4SKT8gRPLY8Scs7A3ZkxoGkNj S58e664+5Zb0lyezbnXqtf/smZ8jZ4IERam5JLpn0I0dTVeeT6r9W2h6gQoNZzHG mp8X08r0xsV3vY3o2qrSPiA4EllKnxzam/HOOWIcLDKQzkRARI/wgZ67dkw0b3lE kireffjEHGuwl64xrOUDrP0+LoyvQAnswlPphpyxrUCrP3ufMQ5wG1qEa9vm4Zo= =S4z6 -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS was *designed* to have you logout, and hand the device over to someone else to login, and get no access to your stuff. Extreme Hardware attacks aside, it works pretty well. - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. - Verified Boot, automatic FDE, tamper-resistant hardware I think SL, Debian, Suse or CentOS are not less secure than ChromeOS. And if there is a secure problem then you have enough control to fix the system. I have never bricked my LUKS encrypted Debian System. Running on an old Lenovo X61s. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 6 February 2013 10:52, micah anderson mi...@riseup.net wrote: Can you say what you mean here? What is SOP in this context? ChromeOS's 'Apps' are all extensions or webpages. One can't interact with any other do to the standard Same Origin Policy browsers enforce. It's what stops evilco.com from reading your logged in gmail.com tab in FF/Chrome/IE/any browser today. I would be surprised if you actually 'bricked' these systems, since neither operating system you mention involves a procedure that has the risk of bricking a device. I suspect this is hyperbole? Well, I have a colleague rebuilding a FDE Ubuntu computer right now because we can't figure out how to repair its partition table and get it to boot without a LiveCD. It's probably possible, but we're pretty technical people and we made the call it would take less time to recreate the machine than 'fix' it. Similarly, I recently paid the gentoo tax while upgrading udev and not having a kernel switch turned on - wouldn't boot, requiring me to LiveCD it, enable the setting, recompile the kernel and replace it. So bricked in the sense of it's now a brick and might as well be sold for parts - you're right, that's hyperbole. But for a non-technical person, with no access to someone to repair a machine for him/her - I don't know, I think it might as well be bricked. They can't fix it on their own, and it's not going to boot. - Verified Boot, automatic FDE, tamper-resistant hardware All of this reminds me of this post: http://mjg59.dreamwidth.org/22465.html which concludes: Some people don't like Secure Boot because they don't trust Microsoft. If you trust Google more, then a Chromebook is a reasonable choice. But some people don't like Secure Boot because they see it as an attack on user freedom, and those people should be willing to criticise Google's stance. Unlike Microsoft, Chromebooks force the user to choose between security and freedom. Nobody should be forced to make that choice. I don't disagree with the notion that Chromebooks, Windows 8, iOS, and other examples make you choose between Insecure and running your own stuff and Secure and running their stuff. I completely agree with it. I do disagree with a phrase of your except Chromebooks force the user to choose between security and freedom - I would rephrase it Chromebooks force the user to choose between freedom and Google's stewardship. My gender-inspecific-nontechnical-family-member is not interesting in running after-market app stores or tethering apps on their phone, so if security was the only concern I would recommend iPhone because it is harder to root. Similarly, if an activist is not going to run third party apps or 'jailbreak' their device (and nobody is going to take the responsibility to do it for them and then be full time tech support) - choosing a more secure, albeit stewarded by Google/Apple, system makes sense. I know some people don't believe this, and I know some people (like RMS) say we should always fight the good fight and never give way... But if you nailed me down and said Make a computer recommendation, someone's life may depend on it. Depending on who their adversary is, I would probably not make the Free OS recommendation. On 6 February 2013 10:52, Rich Kulawiec r...@gsp.org wrote: On Wed, Feb 06, 2013 at 10:24:28AM -0500, Tom Ritter wrote: - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. Concur on this point, and wish to ask a related question: Many operating systems and applications and even application extensions (e.g., Firefox extensions) now attempt to discover the presence of updates for themselves either automatically or because a user instructs them to do. Is there any published research on the security consequences of doing so? (What I'm thinking of is an adversary who observes network traffic and thus can ascertain operating system type/version/patch level, installed application base/version/patch level, etc.) I don't know of any research to point you to. Obviously any automatic or manual upgrade process is fraught with peril, as it is essentially designed to be an endpoint for remote code execution. It would be nice if Google or Microsoft did a case study on how they architected their update systems. Obviously MSFT's went screwy with Flame, but I still think there's lessons we can learn. To Michael's point, how these systems deal with rollbacks and network isolation is interesting. I've heard that Tor Project's Thandy is an implementation of a research paper that covers this and other topics, but I can't find a reference. Maybe someone can find it and provide one. On 6 February 2013 11:23, Andreas Bader noergelpi...@hotmail.de wrote: I think SL, Debian, Suse or CentOS are not less secure than ChromeOS. And if there is a secure problem then you have enough control to fix the system. I
Re: [liberationtech] Chromebooks for Risky Situations?
Just FYI: Chrome OS devices are not subject to roll back attacks because the verified boot does not allow that. Google has extensive documentation on this, and you can review the implementation by viewing the source code. Rollback attacks were an attack vector they specifically designed to prevent. In fact as a chrome OS user this is as much an disadvantage as it an advantage: updates are forced- you can not go back and bug regressions which don't effect security but that are annoying can occur and there isn't anything you can do about that. Also, it isn't just verified boot an attacker would have to overcome. The DM verity means any OS and onboard application code must checksum correctly or it will never run, this is true at all times. Realize as well that all of this code is always running off read only file systems. Note that the builtin data partition (not executable code, in fact data filesystem is mounted no exec) encryption is defeatable in the minimal sense that Chrome OS does allow users to choose to not have to login when waking from sleep, so user stupidity allows a small opening here. Heh- happened to me. Lost my chromebook and could not remember if I had left it locked (long story!), but I knew it was asleep. Finderay have had access to my login session, albeit og little use since I changed my password and I believe this deactivated access to current email login, eg. Also enterprise administrators may have the option of overriding user choice here, saving users from their stupidity. Another interesting point: the onboard ssh client is implemented partially in javavscript (the terminal portion). Before you whince, know that Google argues this is more secure than normal ssh Unix clients because in addition to all the usual ssh protections, it is necessarily running in a Chrome sandbox! They are probably right about that? I think so. Finally, I wrote up some stuff on their wiki: you can run in dev mode but still have fully verified boot and auto update. This gives the machine a larger local attack surface (not remote though), but opens access to some Unix user land such as the onboard openssl which you could use for additional encryption. Not too that chrome is devices share well and do while totally protecting users from each other. Not a security expert myself. But I have been administering Unix systems fulltime for over 15 years. No question in my mind that these things are more secure BY FAR than any other off the shelf solution you can buy as a consumer. That a normal Unix distro could be made to be as secure is IMO not true as well. Google has of course just made Chrome OS the target for their Pawnium challenge this year. Should be interesting! Trever On Feb 6, 2013 8:31 AM, Tom Ritter t...@ritter.vg wrote: On 6 February 2013 10:52, micah anderson mi...@riseup.net wrote: Can you say what you mean here? What is SOP in this context? ChromeOS's 'Apps' are all extensions or webpages. One can't interact with any other do to the standard Same Origin Policy browsers enforce. It's what stops evilco.com from reading your logged in gmail.com tab in FF/Chrome/IE/any browser today. I would be surprised if you actually 'bricked' these systems, since neither operating system you mention involves a procedure that has the risk of bricking a device. I suspect this is hyperbole? Well, I have a colleague rebuilding a FDE Ubuntu computer right now because we can't figure out how to repair its partition table and get it to boot without a LiveCD. It's probably possible, but we're pretty technical people and we made the call it would take less time to recreate the machine than 'fix' it. Similarly, I recently paid the gentoo tax while upgrading udev and not having a kernel switch turned on - wouldn't boot, requiring me to LiveCD it, enable the setting, recompile the kernel and replace it. So bricked in the sense of it's now a brick and might as well be sold for parts - you're right, that's hyperbole. But for a non-technical person, with no access to someone to repair a machine for him/her - I don't know, I think it might as well be bricked. They can't fix it on their own, and it's not going to boot. - Verified Boot, automatic FDE, tamper-resistant hardware All of this reminds me of this post: http://mjg59.dreamwidth.org/22465.html which concludes: Some people don't like Secure Boot because they don't trust Microsoft. If you trust Google more, then a Chromebook is a reasonable choice. But some people don't like Secure Boot because they see it as an attack on user freedom, and those people should be willing to criticise Google's stance. Unlike Microsoft, Chromebooks force the user to choose between security and freedom. Nobody should be forced to make that choice. I don't disagree with the notion that Chromebooks, Windows 8, iOS, and other examples make you choose between Insecure and running your own stuff and
Re: [liberationtech] Chromebooks for Risky Situations?
Andreas, Plenty of Syrians do have internet access, and use it on a regular basis. Also, lack of appropriateness for one use-case doesn't necessitate lack of appropriateness across the board. Linux is a great solution for many use cases, but as has been elaborated, quite a terrible one for many others. Brian On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader noergelpi...@hotmail.dewrote: On 02/06/2013 04:24 PM, Tom Ritter wrote: Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS was *designed* to have you logout, and hand the device over to someone else to login, and get no access to your stuff. Extreme Hardware attacks aside, it works pretty well. - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. - Verified Boot, automatic FDE, tamper-resistant hardware Something I'm curious about is, if any less-popular device became popular amoung the activist community - would the government view is as an indicator of interest? Just like they block Tor, would they block Chromebooks? It'd have to get pretty darn popular first though. -tom -- But you can't use it for political activists e.g. in Syria because of its dependence on the internet connection. This fact is authoritative. For Europe and USA and so on it might be a good solution. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
The biggest (and very important) difference between Linux and Chromebooks is the hugely smaller attack surface. NK On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley bri...@smallworldnews.tvwrote: Andreas, Plenty of Syrians do have internet access, and use it on a regular basis. Also, lack of appropriateness for one use-case doesn't necessitate lack of appropriateness across the board. Linux is a great solution for many use cases, but as has been elaborated, quite a terrible one for many others. Brian On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader noergelpi...@hotmail.dewrote: On 02/06/2013 04:24 PM, Tom Ritter wrote: Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS was *designed* to have you logout, and hand the device over to someone else to login, and get no access to your stuff. Extreme Hardware attacks aside, it works pretty well. - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. - Verified Boot, automatic FDE, tamper-resistant hardware Something I'm curious about is, if any less-popular device became popular amoung the activist community - would the government view is as an indicator of interest? Just like they block Tor, would they block Chromebooks? It'd have to get pretty darn popular first though. -tom -- But you can't use it for political activists e.g. in Syria because of its dependence on the internet connection. This fact is authoritative. For Europe and USA and so on it might be a good solution. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Wed, Feb 6, 2013 at 1:28 AM, Nathan of Guardian nat...@guardianproject.info wrote: On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote: How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. Using an android phone as a tether seems much more normal and fits the profile of an international traveler. Carrying a router around might not be the best option for staying low-profile. I like Chrome OS but am addicted to Pidgin with OTR. It's really the only thing keeping me from trying out a Chromebook. (Even Photoshop is available 'in the cloud'). If you need to install a few programs locally but like the overall idea and features, JoliOS looks to be a good option: http://www.jolicloud.com/jolios Somewhat off-topic: I reject the idea that because something isn't right for Syrians, that it's not useful. There is an incredible spectrum of threat models to consider. And usability is a factor. It's worth considering that state-sponsored Windows spyware is a major problem. But people still use it because the realistic alternative is more difficult to use (even Ubuntu has a sharp learning curve). Best, Griffin Boyce -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
I'm glad people have had luck with tethering their Android phones internationally. I've had absolutely zero - I'll have to give it another run with a locally renter provider I suppose. Anyone try in the UAE recently? Provider, hardware? Egypt? Curious. -Ali On Feb 6, 2013 3:19 PM, Griffin Boyce griffinbo...@gmail.com wrote: On Wed, Feb 6, 2013 at 1:28 AM, Nathan of Guardian nat...@guardianproject.info wrote: On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote: How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. Using an android phone as a tether seems much more normal and fits the profile of an international traveler. Carrying a router around might not be the best option for staying low-profile. I like Chrome OS but am addicted to Pidgin with OTR. It's really the only thing keeping me from trying out a Chromebook. (Even Photoshop is available 'in the cloud'). If you need to install a few programs locally but like the overall idea and features, JoliOS looks to be a good option: http://www.jolicloud.com/jolios Somewhat off-topic: I reject the idea that because something isn't right for Syrians, that it's not useful. There is an incredible spectrum of threat models to consider. And usability is a factor. It's worth considering that state-sponsored Windows spyware is a major problem. But people still use it because the realistic alternative is more difficult to use (even Ubuntu has a sharp learning curve). Best, Griffin Boyce -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
What Android OS are you using, Ali? It's a snap with Google Nexus running 4.0. Perhaps its an OS version or carrier-rolled OS that is the problem? Brian On Wed, Feb 6, 2013 at 12:26 PM, Ali-Reza Anghaie a...@packetknife.comwrote: I'm glad people have had luck with tethering their Android phones internationally. I've had absolutely zero - I'll have to give it another run with a locally renter provider I suppose. Anyone try in the UAE recently? Provider, hardware? Egypt? Curious. -Ali On Feb 6, 2013 3:19 PM, Griffin Boyce griffinbo...@gmail.com wrote: On Wed, Feb 6, 2013 at 1:28 AM, Nathan of Guardian nat...@guardianproject.info wrote: On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote: How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. Using an android phone as a tether seems much more normal and fits the profile of an international traveler. Carrying a router around might not be the best option for staying low-profile. I like Chrome OS but am addicted to Pidgin with OTR. It's really the only thing keeping me from trying out a Chromebook. (Even Photoshop is available 'in the cloud'). If you need to install a few programs locally but like the overall idea and features, JoliOS looks to be a good option: http://www.jolicloud.com/jolios Somewhat off-topic: I reject the idea that because something isn't right for Syrians, that it's not useful. There is an incredible spectrum of threat models to consider. And usability is a factor. It's worth considering that state-sponsored Windows spyware is a major problem. But people still use it because the realistic alternative is more difficult to use (even Ubuntu has a sharp learning curve). Best, Griffin Boyce -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
The word Linux doesn't refer to anything, other than maybe the kernel. Chrome OS is linux. But it's a massively stripped down distribution that has a radical design, including the fact that it will ONLY run if all of the cryptographic checks are verified from the root of trust. That root of trust is Google's massively large PKI public key that is burned into the firmware. For a journalist in the field, that's a great reassurance. Take your Chromebook to China. The Chinese government can not alter what you are running without either (a) modifying your hardware, which means they take possession of it for a period of time and manage to do something that is tricky to do (i.e. circumstances under which you'd no longer trust your computer anyways) or (b) you will know they tried to hack it and your Chromebook will refuse to boot, and will instead wipe away the hacks and update itself and won't boot unless the update is a legitimate one signed by Google. Yes, you can't compare Chrome OS's attack surface to a typical linux distribution, or even a highly customized linux install which doesn't have the hardware root of trust. On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi na...@nadim.cc wrote: The biggest (and very important) difference between Linux and Chromebooks is the hugely smaller attack surface. NK On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley bri...@smallworldnews.tvwrote: Andreas, Plenty of Syrians do have internet access, and use it on a regular basis. Also, lack of appropriateness for one use-case doesn't necessitate lack of appropriateness across the board. Linux is a great solution for many use cases, but as has been elaborated, quite a terrible one for many others. Brian On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader noergelpi...@hotmail.dewrote: On 02/06/2013 04:24 PM, Tom Ritter wrote: Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS was *designed* to have you logout, and hand the device over to someone else to login, and get no access to your stuff. Extreme Hardware attacks aside, it works pretty well. - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. - Verified Boot, automatic FDE, tamper-resistant hardware Something I'm curious about is, if any less-popular device became popular amoung the activist community - would the government view is as an indicator of interest? Just like they block Tor, would they block Chromebooks? It'd have to get pretty darn popular first though. -tom -- But you can't use it for political activists e.g. in Syria because of its dependence on the internet connection. This fact is authoritative. For Europe and USA and so on it might be a good solution. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Always Nexus Verizon stock. My alternate ROMs don't travel with me. Verizon contacted ahead of time per their suggestions. Tethering in US and Canada fine. UK or elsewhere is no-joy. I gave up after a while and just carry my wipe'a'router and but use local WiFi. My advantage being I'm in tent data centers and hotels. I'll give the activist shuffle a try again next trip. -Ali On Feb 6, 2013 3:31 PM, Brian Conley bri...@smallworldnews.tv wrote: What Android OS are you using, Ali? It's a snap with Google Nexus running 4.0. Perhaps its an OS version or carrier-rolled OS that is the problem? Brian On Wed, Feb 6, 2013 at 12:26 PM, Ali-Reza Anghaie a...@packetknife.comwrote: I'm glad people have had luck with tethering their Android phones internationally. I've had absolutely zero - I'll have to give it another run with a locally renter provider I suppose. Anyone try in the UAE recently? Provider, hardware? Egypt? Curious. -Ali On Feb 6, 2013 3:19 PM, Griffin Boyce griffinbo...@gmail.com wrote: On Wed, Feb 6, 2013 at 1:28 AM, Nathan of Guardian nat...@guardianproject.info wrote: On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote: How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. Using an android phone as a tether seems much more normal and fits the profile of an international traveler. Carrying a router around might not be the best option for staying low-profile. I like Chrome OS but am addicted to Pidgin with OTR. It's really the only thing keeping me from trying out a Chromebook. (Even Photoshop is available 'in the cloud'). If you need to install a few programs locally but like the overall idea and features, JoliOS looks to be a good option: http://www.jolicloud.com/jolios Somewhat off-topic: I reject the idea that because something isn't right for Syrians, that it's not useful. There is an incredible spectrum of threat models to consider. And usability is a factor. It's worth considering that state-sponsored Windows spyware is a major problem. But people still use it because the realistic alternative is more difficult to use (even Ubuntu has a sharp learning curve). Best, Griffin Boyce -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
A VZW employee was nice enough to reach out off list - wanted to remain anonymous - says that the international SIMs they send for you to put in overseas Nexus devices won't tether. Ever. No matter what I'm told otherwise. Anyhow.. enough of that. Cheers, -Ali On Wed, Feb 6, 2013 at 3:52 PM, Ali-Reza Anghaie a...@packetknife.comwrote: Always Nexus Verizon stock. My alternate ROMs don't travel with me. Verizon contacted ahead of time per their suggestions. Tethering in US and Canada fine. UK or elsewhere is no-joy. I gave up after a while and just carry my wipe'a'router and but use local WiFi. My advantage being I'm in tent data centers and hotels. I'll give the activist shuffle a try again next trip. -Ali On Feb 6, 2013 3:31 PM, Brian Conley bri...@smallworldnews.tv wrote: What Android OS are you using, Ali? It's a snap with Google Nexus running 4.0. Perhaps its an OS version or carrier-rolled OS that is the problem? Brian On Wed, Feb 6, 2013 at 12:26 PM, Ali-Reza Anghaie a...@packetknife.comwrote: I'm glad people have had luck with tethering their Android phones internationally. I've had absolutely zero - I'll have to give it another run with a locally renter provider I suppose. Anyone try in the UAE recently? Provider, hardware? Egypt? Curious. -Ali On Feb 6, 2013 3:19 PM, Griffin Boyce griffinbo...@gmail.com wrote: On Wed, Feb 6, 2013 at 1:28 AM, Nathan of Guardian nat...@guardianproject.info wrote: On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote: How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. Using an android phone as a tether seems much more normal and fits the profile of an international traveler. Carrying a router around might not be the best option for staying low-profile. I like Chrome OS but am addicted to Pidgin with OTR. It's really the only thing keeping me from trying out a Chromebook. (Even Photoshop is available 'in the cloud'). If you need to install a few programs locally but like the overall idea and features, JoliOS looks to be a good option: http://www.jolicloud.com/jolios Somewhat off-topic: I reject the idea that because something isn't right for Syrians, that it's not useful. There is an incredible spectrum of threat models to consider. And usability is a factor. It's worth considering that state-sponsored Windows spyware is a major problem. But people still use it because the realistic alternative is more difficult to use (even Ubuntu has a sharp learning curve). Best, Griffin Boyce -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Wed, Feb 06, 2013 at 10:52:23AM -0500, micah anderson wrote: - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. I would be surprised if you actually 'bricked' these systems, since neither operating system you mention involves a procedure that has the risk of bricking a device. I suspect this is hyperbole? I've had dist-upgrade (or the GUI equivalent) make an Ubuntu system unbootable and unrecoverable without recourse to a rescue-image and deep magic grub hacking, etc. That counts as bricked when the easiest course of action is to simply reinstall the OS from scratch. It's not bricked in the sense that an Android install gone awry can require specialized hardware (JTAG dongle etc) and crypto keys to fix, but it's equivalent from a user's point of view. -andy -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
T N trr...@gmail.com writes: The word Linux doesn't refer to anything, other than maybe the kernel. Chrome OS is linux. But it's a massively stripped down distribution that has a radical design, including the fact that it will ONLY run if all of the cryptographic checks are verified from the root of trust. That root of trust is Google's massively large PKI public key that is burned into the firmware. For a journalist in the field, that's a great reassurance. Take your Chromebook to China. The Chinese government can not alter what you are running without either (a) modifying your hardware, which means they take possession of it for a period of time and manage to do something that is tricky to do (i.e. circumstances under which you'd no longer trust your computer anyways) or (b) you will know they tried to hack it and your Chromebook will refuse to boot, and will instead wipe away the hacks and update itself and won't boot unless the update is a legitimate one signed by Google. Yes, you can't compare Chrome OS's attack surface to a typical linux distribution, or even a highly customized linux install which doesn't have the hardware root of trust. ...but you can compare it to a Windows tablet, which doesn't let you modify the boot sector either, but I wouldn't want to be caught recommending Windows anymore than I would want to recommend Google. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Andy Isaacson a...@hexapodia.org writes: On Wed, Feb 06, 2013 at 10:52:23AM -0500, micah anderson wrote: - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. I would be surprised if you actually 'bricked' these systems, since neither operating system you mention involves a procedure that has the risk of bricking a device. I suspect this is hyperbole? I've had dist-upgrade (or the GUI equivalent) make an Ubuntu system unbootable and unrecoverable without recourse to a rescue-image and deep magic grub hacking, etc. That counts as bricked when the easiest course of action is to simply reinstall the OS from scratch. It's not bricked in the sense that an Android install gone awry can require specialized hardware (JTAG dongle etc) and crypto keys to fix, but it's equivalent from a user's point of view. I understand where you are going with this, but when it comes to terminology, I think it serves to confuse the issue to misuse the term 'brick'. You cannot, as you say, simply reinstall the OS from scratch on a device that has been bricked. I can't wait for the day when Google accidentally pushes an update out that actually bricks their devices, because when that happens, there is no way to simply reinstall the OS from scratch. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Micah, Perhaps you can tell us the secret to convince all family members and colleagues to become Linux hackers able to be completely self-sufficient managing their own upgrades and modifications indefinitely? Otherwise what is your point? It seems like you are being needlessly confrontational or outright ignoring the quite reasonable counter arguments to various linux OSes,Ubuntu/gentoo/ etc etc being made here. On Feb 6, 2013 7:09 PM, micah anderson mi...@riseup.net wrote: Andy Isaacson a...@hexapodia.org writes: On Wed, Feb 06, 2013 at 10:52:23AM -0500, micah anderson wrote: - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. I would be surprised if you actually 'bricked' these systems, since neither operating system you mention involves a procedure that has the risk of bricking a device. I suspect this is hyperbole? I've had dist-upgrade (or the GUI equivalent) make an Ubuntu system unbootable and unrecoverable without recourse to a rescue-image and deep magic grub hacking, etc. That counts as bricked when the easiest course of action is to simply reinstall the OS from scratch. It's not bricked in the sense that an Android install gone awry can require specialized hardware (JTAG dongle etc) and crypto keys to fix, but it's equivalent from a user's point of view. I understand where you are going with this, but when it comes to terminology, I think it serves to confuse the issue to misuse the term 'brick'. You cannot, as you say, simply reinstall the OS from scratch on a device that has been bricked. I can't wait for the day when Google accidentally pushes an update out that actually bricks their devices, because when that happens, there is no way to simply reinstall the OS from scratch. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 02/06/2013 08:36 PM, Brian Conley wrote: Andreas, Plenty of Syrians do have internet access, and use it on a regular basis. Also, lack of appropriateness for one use-case doesn't necessitate lack of appropriateness across the board. Linux is a great solution for many use cases, but as has been elaborated, quite a terrible one for many others. Brian There was already the case that the Syrians were isolated from the internet. If you base your communication and information on the internet then activism will break down in this scenario. Andreas -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Chromebooks for Risky Situations?
Dear LibTech, I'm frankly not sure about this idea, it may certainly be a bad one, but I've been using a Chromebook for almost a week now, and I've had some observations regarding this device. I'd like to discuss whether it's a good idea to hypothetically have Chromebooks used by activists, journalists, human rights workers and so on, as opposed to laptops with either Windows or Mac OS X running on top. First, the security and operational models are very interesting. In fact, I think this is probably the most secure end-user laptop OS currently on the mainstream market. Namely, Chromebooks use verified boot, disk encryption (with hardware-level tamper-resistance,) and sandboxing. This compounds with a transparent automatic update schedule from Google's Chrome team, which already has (from my experience) a truly superb reputation for security management. I'm looking at you, Adam Langley! The operating system itself is minimal. There is *much* less room for malware to be executed or for spyware to embed itself on the OS level. The difference in attack vector size between Chromebooks and Mac OS/Windows appears phenomenal to me. Of course, Chromebooks still have a filesystem and users are allowed to plug in USB drives, but due to the minimal nature of the operating system, its highly unusual strength of focus on security, and its relatively new nature, even malware delivered from these mediums may end up being much less common than in other platforms (Windows/Mac). I also feel that the minimal nature of Chromebooks leaves security considerations out of the way while offering an interface that is accessible to activists and journalists around the world. This accessibility is also a security feature! (I've long argued that accessibility should be considered a security feature.) Now, for the obvious (and unfortunate!) downsides: Chromebooks natively encourage users to store all of their data on Google, leaving the company with an unbalanced amount of control over these machines, and attracting itself as a compromise target relevant to Chromebook users. Another downside: No Tor. No PGP. No encryption software. Cryptocat is available for Chrome OS, but I can hardly say that's enough at all! The restricted, minimal nature of the operating system and the security-focused design of both the hardware and boot process are really appealing to me, and are the brunt of what makes me write this email. Should Chromebooks be recommended for activists and journalists in dangerous situations? As I've disclaimed above, this is only a theoretical discussion, please feel free to disagree and don't take me seriously just yet. :-) NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 02/06/2013 10:29 AM, Nadim Kobeissi wrote: I'm frankly not sure about this idea, it may certainly be a bad one, but I've been using a Chromebook for almost a week now, and I've had some observations regarding this device. I'd like to discuss whether it's a good idea to hypothetically have Chromebooks used by activists, journalists, human rights workers and so on, as opposed to laptops with either Windows or Mac OS X running on top. For NGOs that have already standardized on Google Apps/Domains for their primary groupware backend, I think Chromebooks make a huge amount of sense. This is especially true for many of the groups I work with, who are under constant attack from some pretty serious malware attacks, using the Windows/Mac-focused spearfishing approach. Chromebooks would negate most (all?) of these kind of attacks. The one downside is that they are still hard to get abroad, and even then it isn't the 3G version, so you need to have plentiful wifi. Also battery life is not that great (4 hours typically), so I am more inclined to perhaps push orgs looking to replace traditional laptops towards using Nexus 7 or 10s. +n -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
It's something we've explored as an option in the Executive Protection space - and paired with Google two-factor it's a marked improvement over anything most of these end-users were doing before. There is at least one 3G radio version too - more almost certainly coming at better price points. As I've thought about it, some really disagreeable security risks of using certain types of security related Chrome plugins (e.g. recent Mailvelope, DOM, OpenPGP.js discussions), might be more tenable risks in a Chromebook deployment. Obviously that doesn't fix anything back home but it's another part of the risk equation. How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. The Google ecosystem risk is real and reasonable to consider - but weighed against other realities? And while I don't expect any vendor to fight our Government battles for us - Google has been more ally than foe IMO. It's a worthwhile discussion that could lead to a fork or three down the road. -Ali On Tue, Feb 5, 2013 at 10:29 PM, Nadim Kobeissi na...@nadim.cc wrote: Dear LibTech, I'm frankly not sure about this idea, it may certainly be a bad one, but I've been using a Chromebook for almost a week now, and I've had some observations regarding this device. I'd like to discuss whether it's a good idea to hypothetically have Chromebooks used by activists, journalists, human rights workers and so on, as opposed to laptops with either Windows or Mac OS X running on top. First, the security and operational models are very interesting. In fact, I think this is probably the most secure end-user laptop OS currently on the mainstream market. Namely, Chromebooks use verified boot, disk encryption (with hardware-level tamper-resistance,) and sandboxing. This compounds with a transparent automatic update schedule from Google's Chrome team, which already has (from my experience) a truly superb reputation for security management. I'm looking at you, Adam Langley! The operating system itself is minimal. There is *much* less room for malware to be executed or for spyware to embed itself on the OS level. The difference in attack vector size between Chromebooks and Mac OS/Windows appears phenomenal to me. Of course, Chromebooks still have a filesystem and users are allowed to plug in USB drives, but due to the minimal nature of the operating system, its highly unusual strength of focus on security, and its relatively new nature, even malware delivered from these mediums may end up being much less common than in other platforms (Windows/Mac). I also feel that the minimal nature of Chromebooks leaves security considerations out of the way while offering an interface that is accessible to activists and journalists around the world. This accessibility is also a security feature! (I've long argued that accessibility should be considered a security feature.) Now, for the obvious (and unfortunate!) downsides: Chromebooks natively encourage users to store all of their data on Google, leaving the company with an unbalanced amount of control over these machines, and attracting itself as a compromise target relevant to Chromebook users. Another downside: No Tor. No PGP. No encryption software. Cryptocat is available for Chrome OS, but I can hardly say that's enough at all! The restricted, minimal nature of the operating system and the security-focused design of both the hardware and boot process are really appealing to me, and are the brunt of what makes me write this email. Should Chromebooks be recommended for activists and journalists in dangerous situations? As I've disclaimed above, this is only a theoretical discussion, please feel free to disagree and don't take me seriously just yet. :-) NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote: How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. +n -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech