Hi, I believe this is a UX question, so I'm following-up on our tails-ux@ mailing list. Bcc'ing tails-dev@ once so that people there know where the conversation was moved.
Ryan Carboni: > "Warning: non-free virtual machine detected! > Both the host operating system and the virtualization software are able to" FTR the notification points to https://tails.boum.org/doc/advanced_topics/virtualization/#security > This seems unnecessarily alarmist. > Tails in a virtual machine is no different than... Tor browser according to > the message. > And Tor browser is offered for Windows 10. > I am very confused by this alarmism. Is there basis for this? There is definitely a basis, but we obviously lack data to validate it. The way I see it, the question boils down to "are users expecting more safety from Tails run in a VM inside an untrusted OS, than from Tor Browser run on the same OS?". If the answer is "yes", then we need to help them fix their mistaken expectations. If the answer is "no" (e.g. for highly technical users), then this notification is useless and thus harmful (the more noise we add, the less carefully users will read other, more important messages). I suspect that the answer is "yes" for at least *some* users: * They correctly think of Tor Browser as "yet another application", that runs inside their (untrusted) OS. So far, so good: they can assess risk and behave accordingly. * The fact Tails is a full-blown OS may confuse them and their ability to assess risk: they might be under the impression that they're running two independent operating systems, rather than one OS and another one *inside* the first one. So they might not be clearly see that they should not trust the guest OS much more than the host OS. Thoughts? > Is bare metal access for Tails more secure than virtual machine? Well, even putting the host OS problem aside, there's one good reason to say "yes, absolutely!": Tails' MAC spoofing works when run on bare metal, but fails to do anything meaningful inside a VM (as explained on the doc page I've pointed to above). Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
