Having some hardware issues so I can't build/test this on tails directly right now, but I put this together as proof of concept on Fedora.
On Mon, Feb 22, 2016 at 11:31 AM, Spencer <spencer...@openmailbox.org> wrote: > Hi, > >>>> >>>> Austin English: >>>> filed https://labs.riseup.net/code/issues/11137 >>>> > > This is a very challenging problem. There are two cases that come to mind. > > 1. The device may become compromised before becoming a Tails device. In > this case, the files/partitions are either hidden or protected and are not > removed during reformatting. > > This is best addressed during the creation of a new Tails device. > > 2. The device may become compromised after becoming a Tails device. In this > case, the files/partitions, which may be hidden or protected, are not > removed after shutdown. > > This is best addressed during either the startup or shutdown processes of a > living Tails device. > >>> >>> sajolida: >>> not about detecting malware but about training >>> users .. good practices >>> > > So, detecting/educating *that* but not *what*. This seems reasonable, as > *what* would need blacklists, trust models, and so on. > > Also, given the actual (intended/expected) function of the hidden attribute > files, e.g., preserving user settings, it seems that there are no benefits > of having these, or any other, files on a Tails device. > >>> >>> Don't plug your Tails in an untrusted OS >>> > > I do not think this is an achievable model to promote because: > > - Trust is like STDIN; can be anything to anyone. > > - There seem to be no machines or systems that can have the guarantee that > is referred to when we say 'Trust'. > >>> >>> reinstalling is the only solution .. installing >>> from the same untrusted OS really won't be. >>> > > And educating (: > > How can Tails: > > - Inform of this device protection feature and what it does? > > - Detect the existence of unwanted files. > > - Disclose what the files are and where they were located in the file > system? > > - Provide a resolution to remove the files and restore the devices > integrity. > > - Guarantee the files removed are now gone and will not come back, or > recommend a behavior model that will limit the possibility of files > (re)appearing? > >> >> Austin English: >> help for the ux portion >> > > I would be more than happy to put the files together or think through this > some more. Feel free to send anything my way; can be as rough or polished > as you got it. > >> >> if detected, have the greeter pop up some big red >> warning box. >> > > This warning could replace the greeter. > > This warning might want to be ignored. > >> >> discussed on tails-ux >> > > Copied for migration if needed. > > Wordlife, > Spencer > > > > > _______________________________________________ > Tails-dev mailing list > Tails-dev@boum.org > https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to > tails-dev-unsubscr...@boum.org. -- -Austin
detect_proprietary_garbage.sh
Description: Bourne shell script
_______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
