Guys, I know I am new on the list but please accept my 2c input here: While I understand the desire to have a kind of equivalent of debian-server for TAILS, I am not so sure it is a clear cut and easy task to accomplish.
First of all, while it is surely simple enough to provide a server image which meets the simple use case, this isn't actually what's required to run a website like Silk Road, I am pretty sure it is those "other things" which allowed the FBI/NSA to bring down Dread Pirate Roberts and Silk Road. 1. The biggest and most important point is that while it's possible to meet the simple use case with a reasonable expectation of security and anonymity, as soon as the operator of the webserver loads PHP/Python/Perl code to run a dynamic website, the "attack surface" is greatly expanded and now completely beyond the controls the server can offer. 2. DPR did not implement many architectural features which are extremely important to ensure the integrity and anonymity of sites like this. AFAIK the entire site was running on a single server (no distributed architecture), so any exploits in the external website probably expanded the attack surface to include internal services with less security than if they had been distributed (i.e. SQL, message queues, the bitcoin tumblers, etc). No network obfuscation which sites like ThePirateBay rely on heavily, DPR relied wholly on Tor for any network anonymity of his server. The server was running off hard disks (probably a necessity due to lack of distributed architecture) and not implemented physical intrusion detection (despite being a common feature on most rackmount server kit) to notify that someone potentially had gained physical access to the machine. We can't be sure, but it doesn't appear the contents of the server disks was encrypted. 3. DPR broke the first rule of fight club by making public advertisements (on forums and Stack Overflow) about Silk Road before it was popular with his real name, without using anonymising software, allowing the FBI/NSA to subpoena records (probably anti-spam IP logs) to physically associate with the beginnings of the project. Not to mention all of his YouTube videos etc. We now know MITM and other targeted attacks are tools of the law enforcement trade, all kinds of targeted attack could be applied against him after this association was completed. 4. I think there are probably some "strategic" or "tactical" elements which the FBI/NSA are holding back here to ensure their "trade secrets" are available for future use so any effort undertaken will have to be extremely paranoid and pro-active. 5. Finally DPR probably should have shut-down the service and caught the first flight to Russia as soon as the FBI/NSA attack against FreedomHosting was made public. That said, if anyone asked me for this kind of server, I would probably consider some combination of grsecurity and a per-site LXC, or even better grsecurity and zeroVM as the basis for this. Probably zeroVM is a little beyond most peoples understanding even though it fits the threat model most appropriately. /2c On 5 October 2013 01:36, adrelanos <[email protected]> wrote: > [email protected]: > > I would do this myself, but I am not so skilled regarding this. > > While risking to state the obvious... We're all started learning at some > point. Getting your feature requests a higher priority others is very > unlikely. Adding "Highly requested" and/or "Very Important" won't help > either. > > > However, I am looking into paying someone with skills to take 1 or 2 > > hours per day of his time and make this happen. > > > > If anyone here can do it, waiting to hear. > > What are the exact goals and how much are you willing to pay? > _______________________________________________ > tails-dev mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-dev >
_______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
