On Fri, 20 Mar 2015 12:40:07 +0000 sajolida <sajol...@pimienta.org> wrote:
> intrigeri: > > Jasper wrote (19 Mar 2015 23:46:09 GMT) : > >> right now you only (graphically) support luks partitions, not > >> luks containers. > > > > I've not checked in Tails/Wheezy, but FYI Jessie's GNOME Disks has > > an "Attach disk image" function. > > Thanks for sharing your concerns regarding partitions vs containers. I > think that they make a lot of sense and I didn't think about that in > this way before. > > Still, I would need to mature that idea in my head before being sure > that this is a desirable feature in the context of Tails. > > Because, for example, using containers imply have other unencrypted > data on the same partition, right? So that would probably encourage > mixing up data from different identities on the same disk. Then this > data would be equally available to Tails (and its possible targeted > attacks) and could deanonymise you. Of course, you can also do that > with LUKS partitions... but what I want to say is that your idea that > containers makes it easier to manipulate encrypted files for the user > might actually make things more complicated conceptually in the > context of Tails. thank you for clarifying the conceptual approach of Tails in regard to persistence. I agree that providing the least possible amount of information in case of a successful attack is the only sane way if you consider the giant target that Tails paints on its back. as you said, the tradeoff is the same with partitions .. I read your instructions on using/creating encrypted volumes but should have also read the explicit warnings to be found in the instructions on persistence. what about having a link to those warnings from the using/creating encrypted volumes page as well? I have to admit, the only usecase I evaluated Tails for might be a bit specific: secure communication between a lawyer friend of mine and some of his clients. he thought about giving them Tails on a usb-stick preconfigured with pgp and otr messaging. obviously working with documents that will deanonymise you is needed in this case. probably a clean separation between the communication layer and the workspace using a preconfigured whonix environment will be a approach more suited for this usecase. thankfully computers are a lot less expensive these days.. anyways, thanks for clarification and the effort you put into Tails - very much appreciated! cheers, jasper
signature.asc
Description: PGP signature
_______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
