Hi, while discussing the usefulness of delaying Tails 0.18 due to a local root privilege escalation bug, Julien Voisin pointed me at potential deanonymization attacks one may conduct against Tails users, once given the right to run arbitrary code as the desktop (`amnesia') user.
I've quickly summed up our (very preliminary) thoughts on a ticket so that this does not get lost: https://tails.boum.org/todo/investigate_deanonymization_potential_by_the_desktop_user/ Julien says he might have time to go on investigating this in a week, but I'm sure he won't mind if someone else starts working on this. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
