[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] Fully FOSS Tails OS
|
From: |
Denis 'GNUtoo' Carikli |
|
Subject: |
Re: [GNU-linux-libre] Fully FOSS Tails OS |
|
Date: |
Thu, 12 Jan 2017 23:23:27 +0100 |
On Thu, 12 Jan 2017 15:04:44 +0100
hellekin <address@hidden> wrote:
> Parazyd is working on https://heads.dyne.org/
There is also a HEADS distribution at
https://github.com/osresearch/heads
> that provides an alternate Tails with the linux-libre kernel.
> Joining forces?
This is great! I hope it will respect the free software distribution
guidelines(FSDG). If so we could have freedom and privacy.
Having to choose between both is a very difficult dylema.
It also often leads to lot of ultra complicated and time consuming
discussions[1], which could be avoided in the first place if there was
no such dylema.
Fixing the dylema technically is probably faster than waiting for an
outcome of such discussions.
Beside using linux-libre, I also think that the following has to be
addressed:
- Tails has debian repositories enabled. This also includes the
non-free repository (It is probably there for the firmwares).
As far as I know the usability of the debian package system within
Tails is not great:
- The user is expected to install packages from the command line.
- To install packages, the user must have chosen to enable the root
account at login time. If not the user must reboot and enable the
root account before being able to install packages.
- The user can then install packages, but even if the storage is
enabled, they are not kept across reboots. As the persistence
settings also have a setting to keep pakcages, it might also be
because I did something wrong or that I didn't do something?
Given the issues above the debian repositories can be disabled
without a lot of downside. If that is done, only what is shipped in
the livecd has to be compliant with the Free Software Distributions
Guidelines.
That's probalby doable without much work.
- Firefox and the tor-browser have an internal package manager (The Get
add-ons button) in about:addons. Searching for "Ghostery" shows up
some proprietary software add-on that can easily be installed.
Here again, disabling the add-ons might be the right thing to do,
since the Tor documentation very very strongly advise people not to
install any add-on since it has a huge probability of de-anonymizing
users by rendering their copy of the tor-browser unique.
This can probably be done easily by changing some of the about:config
options.
Looking in about:config finds many addons.mozilla.org addresses.
Again this shound't be too hard nor time consuming.
Assuming that this is done, and that the distribution is FSDG
compliant, and listed in the fsf website, it is strongly advised to
find a way to verify if the websites that are being visited can
distinguish between Tails[3] and it's FSDG counterpart.
Asking the tor developers about it on their mailing list might be a
good way to find out.
[1]Ideally we want to live in a world which protects both
freedom and privacy , and here the dylema is just the result of the
absence of browsers(like the tor-browser) and distributions(like
tails) that respects the Free Software Distribution Guidelies(FSDG).
This is why I personally think, given my incomplete[2] knowledge on
the topic, that is pointless.
[2]A human being can't know everything on a topic.
[3]Tails ships different add-ons than the tor-browser and because of
that it might be distinguishable from it[4]. There was a bugreport in
one of the projects tracker about it.
At some point, the bug report might also contains some pointers as
how to test if two browsers or distributions can be distinguished.
[4]https://labs.riseup.net/code/issues/11025
Denis.