[Tails-dev] TBB-Firefox sends OS+kernel in update queries to Mozilla
FWIW: User report:[1] https://blog.torproject.org/comment/277375#comment-277375 Sanitize the add-on blocklist update URL https://trac.torproject.org/projects/tor/ticket/16931 related, old, closed ticket (unresolved): TBB-Firefox sends OS+kernel in update queries to Mozilla https://trac.torproject.org/projects/tor/ticket/6734 [1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/projects/tor/ticket/6734 without fix this privacy issue. >From Ubuntu 18.04.1 LiveCD /v1/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/60.2.0/Firefox/20180204030101/Linux_x86_64-gcc3/en-US/release/Linux 4.15.0-29-generic (GTK 3.22.30 libpulse 11.1.0)/default/default/1/1/new/ about:config extensions.blocklist.url: https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB." ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Please upgrade to the new MAT2
Dear Tails and Subgraph developers, since we are supporters of free speech and real honest democracy, we heavily rely on cleaned PDF files as well. In the old days MAT did do the job great, but this feature had been disabled. In the high hope that the refreshed MAT2 now supports cleaning PDF files without enlarging the file itself, we kindy ask your deveopers to upgrade your operating systems to the new MAT2: https://0xacab.org/jvoisin/mat2 @Tails developers: We'd be more than really happy to see MAT2 in the upcoming Tails version 3.9 on September 5th! :) Thank you everyone for your wonderfu work! Anonymous greetings -AD ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Releasing ISO as a GPG encrypted archive?
Have the developers considered the idea of releasing the Tails ISO as a GPG encrypted archive? This would create another verification method with distribution as users would need to decrypt the archive via a specific method in order to utilize the ISO and further verify it once extracted. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Tails .onion package repo question!
@intrigeri and u: Thanks for 'kicking' this to the help desk. Has anything new been discovered? You may wish to participate here at the debian user mailing list: OP: https://lists.debian.org/debian-user/2017/08/msg01420.html Since it's both a Debian and Tails issue perhaps it could be worked out there? TIA ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Proposal: new Tails version scheme and RM optimi
With regard to Proposal Number 1, I would like to see a numbering scheme where the releases all have the same number of segments. For example Instead of: 2.2 2.2.1 2.3 2.3.1 2.3.2 2.3.3 Have: 2.2.0 2.2.1 2.3.0 2.3.1 2.3.2 2.3.3 Taking this one step further would be to have the same number of digits in each segment (leading zeros) but that would open a whole new can of worms regarding 'future-proofing' so might be left alone at this time. Thanks for everything and I appreciate all the time/effort/work that is put in to Tails. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Please keep torsocks!
I noticed in the changelog for tails (3.0~alpha1): "Use torsocks to torify Git, and drop tsocks entirely. tsocks has been unmaintained for years in Debian, and was removed from testing for a while (Closes: #10955)." Is torsocks the same as tsocks? I certainly hope torsocks remains in Tails, I use it for several applications! Is torify any different? Please keep torsocks in Tails! Ah! Looking via dpkg -l I see the two are different packages. Can torsocks function well without tsocks? ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Unnecessary file in /home/amnesia/.gnupg
This unnecessary file has existed in Tails for a long time. I remove it with every boot into Tails, but I'm tired of doing so when it should not exist. Please navigate to /home/amnesia/.gnupg and have a look at the files there. You will notice the following file: pubring.gpg~ Not only is this file unnecessary, if you're concerned about the size of your distribution, (which has been intimated before) you should remove this file prior to public release. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] systemd: ruh roh! Crippling Bug!
Multiple Linux Distributions Affected By Crippling Bug In Systemd Story is at Slashdot and the bug report is: github(dot)(com)/systemd/systemd/issues/4234 So WTF for TorBB & Tails users? ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Does Tails' Connectivity Depend On One OpenDNS server?
According to /etc/ttdnsd.conf: # OpenDNS 208.67.222.222 Does this mean if that IP goes down, the shit hits the fan for Tails users and they won't be able to load clear-net sites? Could there be some other future unforeseen error/event occur where we really should have been using not only one OpenDNS IP, but perhaps some from another provider, MAYBE Google, but probably and most preferably others like CCC? I'm also concerned about tracking. Couldn't people who run exit nodes sign up for an OpenDNS account(s) and track the [Tails] users and/or compile detailed reports on usage stats? Couldn't they also control/limit the sites Tails users visit according to settings on their registered OpenDNS accounts? ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] SSD Advisory Wget Arbitrary Commands Execution
"Vulnerability Description A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands. The commands are executed with the privileges with which wget is running. This could prove to be quite severe when wget is launched as root. Vulnerable Version Wget version 1.17 and prior" More delish meaty bits: https://blogs.securiteam.com/index.php/archives/2701 ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Filling remaining space on DVDR from /dev/random
Hello my good friends, I would like to fill remaining space on DVDR from /dev/random after I have burned the Tails 2.4 ISO. How would I do this? Can you verify the following instructions as the correct method, please? ### "When creating the CD-R image, also remember to use /dev/random to fill the remaining CD-R space so that any malware trying to hide inside the CD-R (assuming you create the CD-R image from a more secure environment without being infected in the first place) when mounting the CD-R on a public computer." How is this accomplished? ### After writing the ISO to the CD-R, query the CD-R for the amount of disk space and then make a file with the same size as the remaining disk space and then pipe /dev/random output into that file. To find out CD-R space after copying Tails onto CD-R: fdisk -l /dev/cdrom Fill up the CD-R with random stuff: dd if=/dev/random of=/dev/cdrom/ bs=2048 count= Open the CD-R and it indicate it has no more free space (by some file manager or fdisk again). You may want to SHA-256 hash the CD-R content, write down the hash on a paper and keep in your wallet in case you need to verify the CD-R as your Tails installation. To get the SHA-256 hash do: sha256sum /dev/cdrom @ https://www.schneier.com/blog/archives/2016/06/friday_squid_bl_528.html#c6725819 ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] The PTB rely on HUMAN FLESH in the FOOD SUPPLY
The PTB rely on HUMAN FLESH in the FOOD SUPPLY to maintain their human appearance Human flesh exists in a lot of foods today. Sometimes it makes the news. These are PTB slip ups, and/or conditioning this reality. They rely on the consumption of human flesh to retain their human appearance. They all have the same scent. They exist from the bottom to the top of the pyramid. Some are bums, some are middle/upper class, some are those dancing for you on TV, in a web of deceit to keep your mind and body occupied. If you want to try and let one of them know that you know what they are, you might say to them: "This hamburger is really quite human" (inhale deeply) "This planet is filled with creatures which all smell the same" "I hope you enjoyed your flesh burger" "How long did your last regeneration period last?" "What office do you work for?" ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] What's with the spam on this list?
I'm going blind! ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] dconf-editor dropped, gedit-plugins, systemd, w32codecs
1. Why was dconf-editor dropped from Tails? I found it very useful in previous versions of Tails. Please reintroduce it in the next version of Tails. 2. gedit-plugins This is a good package to have installed. 3. Systemd private directories in /tmp Why are there so many "systemd-private-" directories in /tmp There's systemd-private(long string of numbers and letters) with the following: -colord.service- -htpdate.service- -tails-reconfigure-kexec.service- -tails-sdmem-on-media-removal.service- -tor-controlport-filter.service- -tor@default.service- 4. win32 codecs If you're shipping libdvdcss2, why haven't you included the win32 codecs like the official MPlayer website has on their download page? ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] is it safe to update these files in synaptic?
hi is it safe to update these files in synaptic? [23 Feb 2016] DSA-3487 libssh2 - security update [19 Feb 2016] DSA-3483 cpio - security update there's a few others, too. the updates refuse to display a changelog, IDK why. there's one glibc or libc or something similar in Synaptic which wants updating of 2 separate packages. but don't those type of updates want a reboot? i usually backup updates and reinstall them in new Tails session, but i want to know what is safe to d/l without waiting for a new Tails .ISO and without upgrading a usb. Thank you. Your pal, Worf ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] .xsession-errors file filled with WARNING message
Since a couple of Tails versions back, my .xsession-errors file continues to be filled with: (gnome-settings-daemon:(snip)): updates-plugin-WARNING **: failed to get time: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.PackageKit was not provided by any .service files (snip) = removed numbers I Googled but found nothing to indicate what this error means and nothing on how to fix it. Rootkit? Trojan? Any ideas? ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Any plans for an emergency release & alt spin question
A lot of updates to components of Tails are occurring. Should I download 2.0 now or wait for another release prior to the next stable version? Remember the last two versions released and the distance in time between them? The size of the ISO is very large for some of us and I would rather know now whether 2.0 will exist as the go-to current version for the next month or two. & I would join any official Tails team working on an alternative, smaller ISO perhaps with Openbox and no large DM, video/audio tools, office suite, and so on, [but we know that won't happen]. However, when "just the basics" are considered this could result in a much smaller sized ISO. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] HTTPS-Everywhere missing config page!
Since TAILS 1.7 the HTTPS-Everywhere addon only shows the Observatory settings and does not show the site list where the user may alter settings per site and more. Please restore this option and if possible tell us how we may restore it manually in 1.8.1. TIA ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Mozilla Crash Reporter
Name - webapprt.ini Folder - /usr/local/lib/tor-browser/webapprt File: webapprt.ini [Crash Reporter] ServerURL=https://crash-reports.mozilla.com/[snip] - Manually Changed via sudo to: [Crash Reporter] ServerURL= and saved, just in case. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] firefox -allow-remote (what does it do?)
when i do: $ps ax | grep firefox i see: /usr/local/lib/tor-browser/firefox -allow-remote --class Tor Browser -profile /home/amnesia/.tor-browser/profile.default what is the "-allow-remote" value mean? I've Googled and eventually discovered this site: github(com)/micahflee/torbrowser-launcher/issues/157#issuecomment-101051186 "In the TBB 4.5 they updated the star-tor-browser script, which actually removed support for passing -allow-remote in anyway. So I've removed support for opening external links, which sort of makes this issue go away. #176" if they removed support in TBB version 4.5 for this option, why in Tails 1.7 does it remain and what exactly does it do? the few websites where it's mentioned do not do a good job of explaining this, what i have come to understand now, outdated/removed option. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] HTTPS-Everywhere missing domain config options
In Tails 1.7, when I click on Preferences for the HTTPS-Everywhere Add-on, I am presented with the screen for the opt-in "Observatory". What happened to the other section where I could add/edit domains supported by the plugin? Some sites I would disable because of cert issues and now I have to disable the plugin in order for this to work because the domain config option section is now GONE! ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Updated signing key - lack of notice on d/l page for 1.7
on your TAILS download page it mentions: "Tails transitioned to a new signing key in Tails 1.3.1." But it fails to mention the new updated signing key for 1.7. I verified the 1.7 ISO with an older version of TAILS and followed this by importing the 1.7 signing key and it too verified the 1.7 ISO. But, you should post somewhere about the new 1.7 signing key and recommend the download of it just in case for some users. TIA ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Tails Amnesic Incognito Live Linux OS Spotted on 'Homeland'
linux_softpedia_com/blog/tails-amnesic-incognito-live-linux-os-spotted-on-the-homeland-tv-show-495141_shtml "The episode is called "Super Powers" and aired last Sunday, on October 18, 2015. During the show, at some point, Laura Sutton makes contact with Numan, who gives her a USB stick with some leaked CIA documents. She immediately goes back to her office, takes a Dell XPS 13 laptop from her safe and boots from the USB flash drive received from Numan, which apparently runs the Tails amnesic incognito Live Linux operating system." ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Potential privacy issue here
I'm nerved that Tails reconfigured the Tor browser bundle to redirect to boum.org (Tails website) at every startup or identity change. What's the purpose? Usage statistics? News? (There is not often important news..) Why can't it be empty by default or just the Torproject page, making it hard to differentiate between a normal Tor Browser Bundle user and a Tails user. I already saw tails.boum.org in referrer fields on my weblog. Now every Tails start or identity change , a Tor exit node must connect to this server, creating the possibility of passive browser fingerprinting (browserspy.dk like , screen dimensions are the most important) Besides a blank Startpage, slightly random window dimensions would be a great feature to INCREASE privacy I love to see this great project get even better but without my computer potentially passing screen-dimensions to the Tails webserver 30 times on a regular day. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Need more privacy
I'm nerved that Tails reconfigured the Tor browser bundle to redirect to boum.org (Tails website) at every startup or identity change. What's the purpose? Usage statistics? News? (There is not often important news..) Why can't it be empty by default or just the Torproject page, making it hard to differentiate between a normal Tor Browser Bundle user and a Tails user. I already saw tails.boum.org in referrer fields on my weblog. Now every Tails start or identity change , a Tor exit node must connect to this server, creating the possibility of passive browser fingerprinting (browserspy.dk like , screen dimensions are the most important) Besides a blank Startpage, slightly random window dimensions would be a great feature to INCREASE privacy I love to see this great project get even better but without my computer potentially passing screen-dimensions to the Tails webserver 30 times on a regular day. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] TAILS (Tor Linux distribution) contains extra root CAs ?
I have a question: Tor Browser Bundle - Firefox ESR 17.0.9 (LATEST TOR) Compared to: Iceweasel 17.0.9 (LATEST TAILS Linux distribution) To be found in Tails (not found in TBB), some additional certificates: DigiCert Inc -> DigiCert High Assurance EV CA-1 DigiCert Inc -> DigiCert High Assurance CA3 GeoTrust Inc. -> Google Internet Authority G2 StartCom Ltd. -> StartCom Class 2 Primary Intermediate Server CA The Go Daddy Group, Inc -> Go Daddy Secure Certification Authority The USERTRUST Network -> Gandi Standard SSL CA All these are listed as "Software Security Device" certificaties. The others are "Builtin Object Token" and baked in the browser. Mozilla's documentation explains about "Software Security Devices": "Software Security Device stores your certificates and keys that aren't stored on external security devices, including any CA certificates that you may have installed in addition to those that come with the browser. " https://www.mozilla.org/projects/security/pki/psm/help_21/using_certs_help.html Question is: did TAILS added some extra CA's ? ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
[T(A)ILS-dev] Feature Request: SSL-DNS+DNSSEC
I tried posting this on the wiki, but it kept getting flagged as spam.
Feature request: secure/validated DNS lookups
The Swiss/German Privacy Foundation(s) run some servers that accept encrypted
https/ssl dns requests. There is a howto on how to implement this using socat
and stunnel. www dot privacyfoundation dot de backslash wiki backslash SSL-DNS
They can also use dnssec, which could be coupled with the firefox/iceweasel
extensions like DNSSEC-{tools,validator,drill}
http://www.privacyfoundation.de/service/serveruebersicht/
___
tails-dev mailing list
tails-dev@boum.org
https://boum.org/mailman/listinfo/tails-dev
