On Thu, 12 Jan 2017 15:04:44 +0100 hellekin <[email protected]> wrote:
> Parazyd is working on https://heads.dyne.org/ There is also a HEADS distribution at https://github.com/osresearch/heads > that provides an alternate Tails with the linux-libre kernel. > Joining forces? This is great! I hope it will respect the free software distribution guidelines(FSDG). If so we could have freedom and privacy. Having to choose between both is a very difficult dylema. It also often leads to lot of ultra complicated and time consuming discussions[1], which could be avoided in the first place if there was no such dylema. Fixing the dylema technically is probably faster than waiting for an outcome of such discussions. Beside using linux-libre, I also think that the following has to be addressed: - Tails has debian repositories enabled. This also includes the non-free repository (It is probably there for the firmwares). As far as I know the usability of the debian package system within Tails is not great: - The user is expected to install packages from the command line. - To install packages, the user must have chosen to enable the root account at login time. If not the user must reboot and enable the root account before being able to install packages. - The user can then install packages, but even if the storage is enabled, they are not kept across reboots. As the persistence settings also have a setting to keep pakcages, it might also be because I did something wrong or that I didn't do something? Given the issues above the debian repositories can be disabled without a lot of downside. If that is done, only what is shipped in the livecd has to be compliant with the Free Software Distributions Guidelines. That's probalby doable without much work. - Firefox and the tor-browser have an internal package manager (The Get add-ons button) in about:addons. Searching for "Ghostery" shows up some proprietary software add-on that can easily be installed. Here again, disabling the add-ons might be the right thing to do, since the Tor documentation very very strongly advise people not to install any add-on since it has a huge probability of de-anonymizing users by rendering their copy of the tor-browser unique. This can probably be done easily by changing some of the about:config options. Looking in about:config finds many addons.mozilla.org addresses. Again this shound't be too hard nor time consuming. Assuming that this is done, and that the distribution is FSDG compliant, and listed in the fsf website, it is strongly advised to find a way to verify if the websites that are being visited can distinguish between Tails[3] and it's FSDG counterpart. Asking the tor developers about it on their mailing list might be a good way to find out. [1]Ideally we want to live in a world which protects both freedom and privacy , and here the dylema is just the result of the absence of browsers(like the tor-browser) and distributions(like tails) that respects the Free Software Distribution Guidelies(FSDG). This is why I personally think, given my incomplete[2] knowledge on the topic, that is pointless. [2]A human being can't know everything on a topic. [3]Tails ships different add-ons than the tor-browser and because of that it might be distinguishable from it[4]. There was a bugreport in one of the projects tracker about it. At some point, the bug report might also contains some pointers as how to test if two browsers or distributions can be distinguished. [4]https://labs.riseup.net/code/issues/11025 Denis.
