Re: [Tails-dev] [Freepto] Let's share username, /etc/hostname and /etc/host among all anonymity distributions
Patrick Schleizer wrote (25 Feb 2016 23:00:22 GMT) : > As agreed back then. Thanks! ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [Freepto] Let's share username, /etc/hostname and /etc/host among all anonymity distributions
intrigeri: > Hi, > > I've just stumbled upon an issue [1] open by Jake on Subgraph OS bug > tracker, about this topic, so I thought I would close this thread > that's still lying in my inbox, and sum up the process that lead us to > a (not implemented) conclusion. > > Last time we discussed it over 2013 and 2014, first on this list > (threads start at [2] and [3]), we ended up deciding [4] that we > preferred a shared username+hostname among anonymity/privacy-related > distributions. > > The username that was settled upon is "user". > > The hostname that was settled upon was "host" initially, and then most > of us preferred "debian"; but since the goal is to _share_ a common > hostname with other distros, prior art counts. > > Patrick, what does Whonix use currently? Sorry for the delay, this slipped through my inbox and I just now found this by chance. As agreed back then. username: user hostname: host 127.0.0.1 host.localdomain host (Implemented in https://github.com/Whonix/anon-base-files - which is a package supposed to be shared among privacy focused distributions.) Cheers, Patrick ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [Freepto] Let's share username, /etc/hostname and /etc/host among all anonymity distributions
Tobias Frei wrote: I wonder if the idea of using a random username has a serious problem: It makes every [Tails / anonymity distribution] session uniquely identifiable if the username gets sent in any way. And we *do* assume that it gets sent, because that's basically the idea behind the question what username should be used. Thanks for following up on this. I'll quote your message fully because it seems like you didn't forward it to Freepto, Subgraph, Whonix, and Guardian. Maybe I completely misunderstand this, but using a random username for every session basically sounds like creating a random (and unique!) stamp for every session. Not for every connection, but for every session, so that multiple connections in one session will share one unique username. Patrick Schleizer mentioned IRC idents as an example; maybe that's a good way to explain the problem: - John Doe starts Tails. His username for this session will be ombbjp8GTE. - John Doe starts an IRC client. He says something that should absolutely remain anonymous. - John Doe closes the IRC client and surfs a bit. - John Doe starts an IRC client again, this time on another network where he happily chats with some friends next to his Iceweasel window. == Anyone who sees both the happy chatting on network 2 and the anonymous information on network 1 knows that it has been sent by the same user, and probably even who this user is. With one default nick for all users, this could not have happened. I'm unsure how severe this issue is, but it would make me suggest *not* using a random username. Note that in the case of Tails, we recommend our users against doing this. Which is mix different identities in a same working session: https://tails.boum.org/doc/about/warning/#index8h1 If you don't take care about this yourself, there are probably other ways that you can fuck it up (through the browser, the Tor config, etc.). But still, I totally understand your point and I'm wondering whether the same assumption not mixing identities apply to all the distros that we are talking about. For example to Whonix? And also, it's not because we recommend our users against doing something that we should take for granted that they will handle their contextual identities in perfect way (given this can be a really subjective topic). And we should still try our best to limit the consequences in case they do mix them or simply commit a mistake. -- sajolida ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [Freepto] Let's share username, /etc/hostname and /etc/host among all anonymity distributions
Hi! sajol...@pimienta.org: Note that in the case of Tails, we recommend our users against doing this. Which is mix different identities in a same working session: https://tails.boum.org/doc/about/warning/#index8h1 Whonix has a similar warning: https://www.whonix.org/wiki/Warning#Whonix_doesn.27t_magically_separate_your_different_contextual_identities If you don't take care about this yourself, there are probably other ways that you can fuck it up (through the browser, the Tor config, etc.). But still, I totally understand your point and I'm wondering whether the same assumption not mixing identities apply to all the distros that we are talking about. For example to Whonix? Applies to Whonix as well. And also, it's not because we recommend our users against doing something that we should take for granted that they will handle their contextual identities in perfect way (given this can be a really subjective topic). And we should still try our best to limit the consequences in case they do mix them or simply commit a mistake. That's the thing. Realistically only a small fraction of users reads, remembers and really applies what is recommended in documentation. Murphy's law also agrees. So the best way is to work towards solutions that assume, that the user didn't apply that advice. Having that said and after thinking about Tobias Frei's reasoning, I am now more convinced that shared values should be preferred over random values. Cheers, Patrick ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [Freepto] Let's share username, /etc/hostname and /etc/host among all anonymity distributions
Hi, [dropping Patrick from Cc, as he obviously reads tails-dev@.] Patrick Schleizer wrote (15 Aug 2014 21:17:17 GMT) : Let's think again of examples where this might happen. And then determine with which strategy users would be better off in which case. I think it's a useful approach. - ssh uses username for login if not explicitly told otherwise - server knows you're a Tor user anyway - better off with shared value Note that the Tor user anonymity set is much larger currently than user of an anonymity-focussed distro, so your conclusion (about this example and others) is not *that* obvious to me. Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [Freepto] Let's share username, /etc/hostname and /etc/host among all anonymity distributions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I wonder if the idea of using a random username has a serious problem: It makes every [Tails / anonymity distribution] session uniquely identifiable if the username gets sent in any way. And we *do* assume that it gets sent, because that's basically the idea behind the question what username should be used. Maybe I completely misunderstand this, but using a random username for every session basically sounds like creating a random (and unique!) stamp for every session. Not for every connection, but for every session, so that multiple connections in one session will share one unique username. Patrick Schleizer mentioned IRC idents as an example; maybe that's a good way to explain the problem: - - John Doe starts Tails. His username for this session will be ombbjp8GTE. - - John Doe starts an IRC client. He says something that should absolutely remain anonymous. - - John Doe closes the IRC client and surfs a bit. - - John Doe starts an IRC client again, this time on another network where he happily chats with some friends next to his Iceweasel window. == Anyone who sees both the happy chatting on network 2 and the anonymous information on network 1 knows that it has been sent by the same user, and probably even who this user is. With one default nick for all users, this could not have happened. I'm unsure how severe this issue is, but it would make me suggest *not* using a random username. Best regards, Tobias Frei -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJT7+9qAAoJEOaAxTHjKzK7RO0P/iGAtpryltjmaL1p9+ELdaIb a94hHlnYEuWOmhI4yFNbGnJYa1vG1d72XE7nqESxIZj8kjg0Dg2X8rX9+BbJMV1m XG/5fMlMuwCSYncn01a0h1aOMw191RmNV93g5LRUXlaQqBQDUqMjddyjvI4K5J/7 BpLmO+uAzWDlS/OsjI8e3PxaODFUPAwOhwt8DMEei11r0PiSmLnZnUb28uafxbHs VJXCvzhadyvDsDffLy/WX8yamPMwFXiBHIVCoVTzuEm6OWkJ4bGbZ0IhT7Q/IGFA MPNFYDVA2jY2jcRXoUHm/CwDJmhhZqiw3txkGFhjyTRb7NdbRe2jc9hX5Hkod903 hX8ycs17Vluwq1cgHsSOOlnGlAGvtuvAQMQ9D3jwRcACF18Y097/7Tb1ctxmCwNY 25c/nrs/hcdYc2JHSQmtle2OJ2juVh635uHET+dLtCZbmlsHCuxBKz/L/VMXc7ns ZZx2qVvYMKc2QYzSQDkgrcPsrDMSfWxFCf4c3g/nP4lj/uuKAsOStBkyHlGlMVA3 HPtHmUbCBYYxfTrNST22ggWz/yWIPd0PPMxvGIXImL9T/Y5RHDF4W5R1FWuyTIBU 82niqLwHvCXhkhWak6tl8FA+XKmcQIE96QODEdAu497FMpZSDlK6QL1gMPiq8fn3 zA1wYC7riF3PxhvJEeGD =8GPs -END PGP SIGNATURE- ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [Freepto] Let's share username, /etc/hostname and /etc/host among all anonymity distributions
Hi! intrigeri: I'm coming back on the shared username/hostname thing, that was rediscussed a bit lately, with input from Freepto and pointers to Subgraph OS code, on a Tails ticket: https://labs.riseup.net/code/issues/5655 As you can see in my comment #6 there, it's unclear to me what's best, between sharing fixed values and randomizing it. Each solution has pros and cons. What do you think? It is indeed a hard decision. Let's think again of examples where this might happen. And then determine with which strategy users would be better off in which case. - ssh uses username for login if not explicitly told otherwise - server knows you're a Tor user anyway - better off with shared value - username (as part of the path) is sometimes encoded into user created content (images, firefox screenshot addon). Maybe only in user installed extra packages. - when you upload them, server knows you're a Tor user anyway - better off with shared value - when you send the file to a third party (a journalist or so) who hides the users use of Tor - you might prefer a random value over a shared one? - mixmaster (postfix) leaks host_name.domain_name to the mailserver. - server knows you're a Tor user anyway - better off with shared value - IRC clients not (pre)configured for privacy leak ident = username - server knows you're a Tor user anyway - better off with shared value - Please don't nail me for other examples. These are just a few I observed. Having these cases in mind, I slightly prefer shared value. Cheers, Patrick ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.