Nadim Kobeissi: > On Wed, Feb 6, 2013 at 5:16 PM, Jacob Appelbaum <[email protected]> wrote: > >> >> >> This is hilarious. >> >> I would *never* use a laptop that lacks a way to protect all your >> traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious >> surveillance as an at risk person. Not only because the remote systems >> will have your exact geographic location and because a lack of anonymity >> allows for targeted attacks, but also because the local network is well >> known to be seriously hostile! >> >> > Thankfully, while Chrome does not support better solutions (such as Tor), > it does in fact support VPN connections: > http://support.google.com/chromeos/bin/answer.py?hl=en&answer=1282338 > >
This is a new (to me) feature; thanks for pointing it out. I'm glad to see it finally landed and is in production. Would someone with a ChromeOS device test the VPN to see if it leaks the way that we described in our vpwned[0] paper? It should be rather straight forward to see if it leaks with trivial tests. Killing the VPN to see if it fails open should also be straight forward. I would be pleasantly surprised if they were not vulnerable to either of those issues. I asked a ChromeOS security person their thoughts on the matter and passed them our paper; we'll see what they say. All the best, Jake [0] https://www.usenix.org/system/files/conference/foci12/foci12-final8.pdf >> >> > >>> >>> >>> >>> On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi <[email protected]> wrote: >>> >>>> The biggest (and very important) difference between Linux and >> Chromebooks >>>> is the hugely smaller attack surface. >>>> >>>> >>>> NK >>>> >>>> >>>> On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley <[email protected] >>> wrote: >>>> >>>>> Andreas, >>>>> >>>>> Plenty of Syrians do have internet access, and use it on a regular >> basis. >>>>> >>>>> Also, lack of appropriateness for one use-case doesn't necessitate lack >>>>> of appropriateness across the board. >>>>> >>>>> Linux is a great solution for many use cases, but as has been >> elaborated, >>>>> quite a terrible one for many others. >>>>> >>>>> Brian >>>>> >>>>> >>>>> On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader <[email protected] >>> wrote: >>>>> >>>>>> On 02/06/2013 04:24 PM, Tom Ritter wrote: >>>>>>> Nadim, I'm with you. I'm not sure it's the perfect solution for >>>>>>> everyone, but like Nathan said, if you already trust Google, I think >>>>>>> it's a good option. >>>>>>> >>>>>>> On 6 February 2013 07:12, Andreas Bader <[email protected]> >>>>>> wrote: >>>>>>>> Why don't you use an old thinkpad or something with Linux, you have >>>>>> the >>>>>>>> same price like a Chromebook but more control over the system. And >> you >>>>>>>> don't depend on the 3G and Wifi net. >>>>>>> We started with the notion of Linux, and we were attracted to >>>>>>> Chromebooks for a bunch of reasons. Going back to Linux loses all >> the >>>>>>> things we were attracted to. >>>>>>> >>>>>>> - ChromeOS's attack surface is infinitely smaller than with Linux >>>>>>> - The architecture of ChromeOS is different from Linux - process >>>>>>> separation through SOP, as opposed to no process separation at all >>>>>>> - ChromeOS was *designed* to have you logout, and hand the device >> over >>>>>>> to someone else to login, and get no access to your stuff. Extreme >>>>>>> Hardware attacks aside, it works pretty well. >>>>>>> - ChromeOS's update mechanism is automatic, transparent, and >> basically >>>>>>> foolproof. Having bricked Ubuntu and Gentoo systems, the same is not >>>>>>> true of Linux. >>>>>>> - Verified Boot, automatic FDE, tamper-resistant hardware >>>>>>> >>>>>>> Something I'm curious about is, if any less-popular device became >>>>>>> popular amoung the activist community - would the government view is >>>>>>> as an indicator of interest? Just like they block Tor, would they >>>>>>> block Chromebooks? It'd have to get pretty darn popular first >> though. >>>>>>> >>>>>>> -tom >>>>>>> -- >>>>>>> >>>>>> But you can't use it for political activists e.g. in Syria because of >>>>>> its dependence on the internet connection. This fact is authoritative. >>>>>> For Europe and USA and so on it might be a good solution. >>>>>> -- >>>>>> Unsubscribe, change to digest, or change password at: >>>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> Brian Conley >>>>> >>>>> Director, Small World News >>>>> >>>>> http://smallworldnews.tv >>>>> >>>>> m: 646.285.2046 >>>>> >>>>> Skype: brianjoelconley >>>>> >>>>> >>>>> >>>>> -- >>>>> Unsubscribe, change to digest, or change password at: >>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>>>> >>>> >>>> >>>> -- >>>> Unsubscribe, change to digest, or change password at: >>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>>> >>> >>> >>> >>> -- >>> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> >> >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> > > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
