Please forgive me for using this account. My name is Ivan, and my email is [email protected]. Even though I am subscribed to the list with that email, my posts from that address seem to be disappearing without a trace.
intrigeri wrote: > Meta: given the tone of your email, I've hesitated replying at > all. I'll try to provide some food for thought, but I have no > desire to enter a debate. I am really sorry if I am upsetting you in any way, that's not my intention at all. I have no particular desire to debate anything, I am just genuinely puzzled by some things, and I just want some clarification. >> How would you quantify the chances of you currently >> redistributing malware, and more specifically spyware along >> with the Linux kernel? > I personally have no means to quantify this. Now this is the most puzzling issue for me. I have hard time figuring out which of the following scenarios is taking place in Tails dev forum: (1) You, the developers, never tried to quantify the risk of having malware within Linux kernel firmware. Or may be you tried, and you concluded that you cannot put any number or a confidence interval on it. Either way, you decided to go ahead with it, so now you are distributing software which you either never evaluated for privacy/security purposes, or which you concluded was not possible to evaluate. And it's important to note, evaluation of risk is so hard here because the software supplier keeps the code obfuscated on purpose. (2) You concluded that the risk was very low: on par with having backdoors inside free software, so nearly zero. This is despite the fact that we have a long history of malware and spyware distributed within blobs, a long history of legal immunity of "legitimate" non-free software vendors, and a long history of spyware being explicitly legal within operating systems such as MS Windows, OS X, and commercial Android deployments. (3) You concluded that the risk was medium to high. I would not be surprised if different Tails developers had different opinions, so I would love to hear from as many of you as possible. I think these are mutually exclusive and exhaustive options, so one of them must be best for describing your decision-making procedure. Which one was it? On Fri, Mar 18, 2016 at 10:39 AM, intrigeri <[email protected]> wrote: > hi, > > Meta: given the tone of your email, I've hesitated replying at all. > I'll try to provide some food for thought, but I have no desire to > enter a debate. > > john smith wrote (18 Mar 2016 16:40:36 GMT) : > > How would you quantify the chances of you currently redistributing > > malware, and more specifically spyware along with the Linux kernel? > > I personally have no means to quantify this. > > > Here is a related question, Tails claims: > > > Tails is a live system that aims to preserve your privacy and > > anonymity. > > > How is this claim compatible with distributing the absolute mystery > > code, which runs within users' network cards? To be more specific, what > > is the point of supporting network interfaces and other peripherals, > > when each one of them offers an unprecedented attack surface, virtually > > rendering all of your privacy-related achievements worthless? > > We have actual users. If they can't use Tails on their current, > real-world hardware, then likely they'll use something else, > that has just the same amount of binary firmware blobs, except > it won't have any of Tails properties that some people find worthwhile. > > > My final barrage of questions concerns your claims about free software. > > Your front page claims with really big letters: > > > FREE SOFTWARE Tails is Free Software. > > > Your statements on a linked page seem to directly contradict each other: > > > Tails is Free Software released under the GNU/GPL (version 3 or > > above). > > > However, Tails includes non-free firmware in order to work on as much > > hardware as possible. > > > What do you mean by "free software"? It cannot possibly be what FSF > > calls "free software", or what OSI calls "open source software", since > > what you call "firmware" is software in every sense of the word, and you > > admit you distribute non-free firmware as a part of Tails. > > > Are you claiming that firmware is not software, even though it runs on > > users' CPU and RAM (albeit auxiliary ones)? > > > The first one of these statements, "Tails is Free Software...", links to > > an FSF page, implying that here you use the term "free software" in the > > same sense as they do, and yet FSF does not consider Tails to be free > > software, a fact you must be aware of: > > > [ http://www.gnu.org/distros/common-distros.en.html ] > > > How would you characterize your statement "Tails is Free Software"? An > > honest mistake, a defiant lie, or something else entirely? > > A gross simplification. I can't say I like it, but I've never seen any > good proposal to make it better yet. > > Cheers, > -- > intrigeri > _______________________________________________ > tails-support mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-support > To unsubscribe from this list, send an empty email to > [email protected]. > _______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
