Hi, [email protected] wrote (05 May 2015 16:40:43 GMT) : > Apparently Tails uses the version of Linux that contains proprietary > binary blobs.
Technically, for the curious: we use Debian's Linux kernel (that is fully free), and install binary firmware from non-free on top of that. Of course the end-result is the same as what you state. > Tails developers must have thought that getting Tails to boot up on > as many kinds of hardware as possible is important. That's correct. > And Tails is a distribution that claims it focueses on security and > privacy, not on hardware compatilibity. That Tails focuses on security+privacy at the expense of usability (which hardware compatibility is a part of) is a common belief, but it's not correct. See the "2.1.4 Portability", "2.1.5 Target user" and "2.1.7 Summary" sections on our specification and design document: https://tails.boum.org/contribute/design/ The thing is, if Tails doesn't work out-of-the-box on the computer(s) they have available, most potential users will simply use something else, that will 1. just work ("thanks" to the inclusion of binary firmware); and 2. be less safe in the vast majority of real-world cases. Also, you'll want to take into account that most hardware that doesn't require proprietary firmware to be injected into it at runtime is simply embedding such proprietary firmware, often in a read-only manner. Not only this arguably doesn't provide much more security than injecting proprietary firmware at runtime, and it prevents hardware vendors from fixing (potentially security-relevant) bugs in the firmware once it's been shipped to users. > So I would suggest that Tails developers would do one of the > following: Thanks for proposing several ways out! :) > 1. Get rid of the kernel that contains binary blobs and replace it > with a one that doesn't contain them. I can't imagine how this can happen without a huge popular backlash from users for whom Tails suddenly stops working correctly. > 2. Make it clear that Tails indeed isn't completely made up of free > software on your website. Yes, I agree we should definitely do that. I hope that I've provided enough background information above so that our doc writers can make something nice happen. BitingBird, I bet you'll be on it and start by filing a ticket? Note that some past brainstorming about this topic has brought other solutions: 3. Ask the user before loading non-free firmware. It's probably quite doable to do so for most kinds of hardware, except graphics adapters and CPU (those need their firmware to be loaded very early in the boot process). There's probably a nice user story to be found about it, possibly at first boot time -- I have a few ideas, but all of them have drawbacks in a way or another. Anyone interested in looking into this problem, please file a research ticket on Redmine and ask me to create a blueprint where it can be worked on. Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
