Hi dear tails-team, first of all, I like your cd and think, it is the best way for anonymity. But there is something, I want to suggest to improve security.
Although everything is sent over TOR, I think you should make sure, the MAC- address of every network device should be changed at boot. You ca do this by macchanger. Wireless cards and network cards (wlan0 and eth0) should at least got a changed MAC-address, but also should every new device get a new MAC (i think of bluetooth or usb-3g-devices). None of physical information of the used computer should be known to the outside. I do not know, if it is possible, to temporaryly change MAC-addresses of used routers, but this option would be nice, too. And of course (and I guess, this is already implemented) NONE, and really mean NONE services should get access to any parts of the used computer (no services!!!). Has tails a firewall active? (iptables). If yes, it should be completely (and mean COMPLETELY) closed, and should be opened by the user when he is needing it. I imagine a nice GUI choosing a whitelist in an understanding way: Either open ports (for experienced users) or open by description (i.e. "sending mail" , "receiving mail" or similar). Whjat do you think? I am looking forward to your answer. Have a nice weekend Hans-J. Ullrich _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
