Seems I’ve been doing my secure liveCD search in the wrong language. Denmark looks to be leading the charge with Germany close beside them.
First up, an idea what the “motivation” is about. Seems the EU is even more down the Fascist Corporate / Socialist-Government path than the USA. So has more “government and big business friendly” and citizen hostile laws… For example, it looks like they like to hold third parties liable for the law breaking of second parties. A hosting site was hit with penalties for hosting a site that is a torrent “server” site (despite torrent being ‘peer to peer’… so the real ‘perpetrators’ are individuals, not the ‘torrent server’ that lets them find each other).
Web hosting provider XS Networks has been ordered to pay damages to Dutch anti-piracy group BREIN after a court in the Netherlands found it guilty of facilitating copyright infringement.
According to a report by CNET, XS Networks knew it was hosting illegal torrent sharing site SumoTorrent, but refused to pull the website offline without a court order. XS Networks eventually handed over some information without the court order, CNET says, but it wasn’t fast enough, since SumoTorrent had moved on to a provider in the Ukraine by that point.
Recently, Ukranian authorities raided web host ColoCall to find information on torrent site Demonoid.
Tim Kuik, president of BREIN, told the BBC that Dutch law states that if a website is deemed illegal, the host has a responsibility to take it offline. Now, he says, a new precedent has been set: if the web host doesn’t act “promptly” it becomes liable for damages.
Kuik warned other web hosts in the EU to learn from XS Networks mistakes, since this ruling proves “that there are consequences for hosting providers.”
This ruling is against what most web hosts are used to in terms of copyright laws and takedown requests, which require due process. The US, and countries including Australia, have safe harbor provisions that protect service providers from being liable for copyright infringement of their customers.
So that has been coming “for a while” and about 2 years ago some programmer folks there saw erosion of their liberties underway and made a personal protection Linux “remix”… The implication of this ruling being that “hosting” will need to be next on the “darknet” trail. (Not all that hard to do, really, though has some ‘issues’)
http://polippix.org/texts/ gives you your choice of language ( Dansk, English, Français Deutsch, Spanish ) for the following text:
Welcome to POLIPPIX
– a privacy enhanced CD presented by IT-Political Associtation of Denmark
This CD demonstrates some programs that can be used to ensure privacy on the internet and to exercise your rights according to copyright laws.
Here, you can read about the CD and the software on it. To run the software on this CD, you have to boot it on a PC.
If you are reading this on Windows computer right now, you may also run the CD emulated in QEMU, but it will run a lot slower.
If you want to run the Windows versions of the software, you should go to “My computer” -> the cd drive -> wbin. From there you just have to double click any file to install it.
Read more about:
Use the internet without being tracked!
Play almost any media.
k3b, k9copy, mencoder
Copy CDs and DVDs
Avoid your computer being recognized on the local network – become anonymous on the Internet café.
See who you and other people are communicating with.
Encryption and signing
Make sure your email and hard drive can’t be read by others.
Talk on the internet. It’s cheap, and if you do it right you will be untraceable.
Virtulization and emulation
How to run e.g. Polippix in a safe and clean environment.
Delete your hard drive
…so the data will never be read again.
About this CD
If you would like to know more about Polippix or how to help making it better.
Video about Trusted Computing
Watch a video that explains what Trusted Computing is.
This CD contains Polippix, created by IT-Political Associtation of Denmark.
Where each of those items is a live link to more.
Didn’t see a Torrent application in the list, but it’s likely to be there. If not now, soon… at least in the Dutch version ;-)
The top level ‘index’ page has more:
Free portable encrypted system on an usb flash drive or an external hard drive for safe editing and carrying along of sensitive data, for encrypted communication and anonymous web surfing
Not everyone who finds privacy important while using the internet and communicating or is editing sensitive data always has their own computer with a safely set up operating system and the required tools at their disposal or want to carry it with them.
That’s why we created the Privatix Live-System (based on Debian GNU/Linux). It is an easy to operate safe and portable system that can be booted from a cd-rom, an usb flash drive or an external hard drive and ensures your privacy and confidentiality while using the internet and communicating or editing and encrypting sensitive data.
Therefore standard applications such as browser, email client, word processor, image viewer and most importantly numerous data protection and encryption software are integrated.
Private data and settings, documents, e-mails, or pgp-keys are not saved on the computer that you use but instead those are saved on the encrypted usb flash drive or on the encrypted external hard drive. In case of loss or theft of the data medium your personal data is going to stay protected by a password.
No free storage space is required, no system needs to be installed or any specific operating system or other programms are necessary on the computer that is used because the whole system and all other applications are loaded from the usb flash drive or from the external hard drive.
This way you can use unknown computers without having to rely on the security of the installed operating system that might be infected with trojans or software keyloggers and without requiring tools to be installed and despite of this mobility preserve high data protection standards or you can create a separate secure environment for very sensitive data or communication (e.g. collective bargaining, online banking, whistleblowing and e-mail encryption) on any external medium in addition to your regular operating system installation.
While the download page includes a download of the source / build script. That matters to me as I want to make ‘custom remix’ versions and was not looking forward to creating such a build script from scratch.
It looks like they have covered most of the bases for basic things like email, browsing, changing MAC address and encrypting your data. I’ll need to give it a trial run to see if it does encrypted swap ‘on demand’ and / or runs in lower memory machines. That it runs inside a virtual machine implies it isn’t too much of a resource hog.
So don’t be surprised if “Real Soon Now” I change the #! Linux Torrent server / client into one a bit more “political” in origins ;-) It’s a choice of either putting the encryption / Tor / etc code into the #! CD, or putting a Torrent application on the Privatix one. Probably easier to just add the Torrent app.
Also note that they are nice enough to list several other related efforts at the bottom of their page.
Similar Projects: AmnesiaCD, Amnesia-CD, AnonymOS, Anonym.OS, Phantomix, Knoppix, Morphix, Privacy Dongle, PrivacyDongle, Torpark, CryptoCD, Crypto-CD, Torbrowser, Incognito, Polippix, Bankix, UsbCryptFormat
Some of them I’ve checked (like Bankix that is in German, and the Tor Browser that I’ve already got installed, and Knoppix is a more generic LiveCD not very driven by special purpose security goals) while others are still to be looked over. So guess what I’ll be doing this weekend? ;-)
At any rate, for those of you who want a non-English “Privacy” bootable environment, they have support for at least English and German. As it is based on Ubuntu based on Debian (as are several such ‘mixes’) putting even more language releases together is likely not all that hard.
In an interesting twist on things, there’s a wiki… but it’s in French… Guess the French are into privacy too ;-)
Polippix est un Live CD d’une distribution de GNU/Linux, elle a été faite par l’Association politique des Technologies de l’Information du Danemark et par l’entreprise IT-Politsik. Cette distribution est destinée à être utilisée dans le but de préserver sa vie privée, elle a été faite pour montrer les possibilités de l’informatique et sensibiliser les législateurs1. À l’origine la distribution était basée sur Knoppix mais elle l’est dorénavant sur Kubuntu.
It also has a description of running it under Windows:
Pour les systèmes d’exploitation Microsoft Windows, le CD de Polippix propose des binaires de logiciels libres afin de pouvoir être anonyme sans devoir redémarrer l’ordinateur. Ces fichiers sont rangés dans le dossier wbin/ du disque. Le CD comprend :
EraserPortable : logiciel de suppression de fichiers,
Tor : système de routage en oignon avec les logiciels compatibles :
PidginPortable : messagerie instantanée,
FirefoxPortable : navigateur web,
winMd5SumPortable : logiciel de vérification de MD5,
PuttyPortable : logiciel de connexion ssh à distance,
l’installeur de QEMU pour l’émulation du live CD dans Windows,
So you can run Firefox under this system via the QEMU emulator and routed over Tor… (Some versions of FireFox have bittorrent download support built in, so that might be an option… another thing to check.)
There also looks to be a German community:
Testbericht zu Polippix
von unserem Redakteur Andre
Polippix stellt eine komplette Betriebssystemumgebung für den Einsatz an fremden PCs dar. Das von CD oder USB-Stick bootbare Betriebssystem stellt Werkzeuge für die sichere Kommunikation und Multimedia bereit. Der Anwender nutzt den Rechner ohne Spuren zu hinterlassen und Änderungen an der Konfiguration vorzunehmen.
Neben dem Anonymisierer TOR befindet sich an Bord von Polippix ebenfalls der MACchanger, der die MAC-Adresse der Netzwerkkarte ändert und so für mehr Privatsphäre sorgt. Über das VoIP-Programm Twinkle plaudert man mit Freunden, dabei sorgen die ZRTP- und SRTP-Verschlüsselung für Gespräche ohne unwillkommene Mithörer.
Neben dem Datenschutz liegt ein weiterer Fokus von Polippix auf Multimedia: k3b bietet Funktionen zum Brennen von CDs an und k9copy unterstützt den Anwender sogar beim DVD-Authoring. Falls gewünscht, komprimiert das Tool den Inhalt einer Dual-Layer-DVD und brennt ihn auf einen handelsüblichen Rohling mit einer Speicherkapazität von 4,7 Gigabyte.
Die Entwickler von Polippix haben mit ihrer Betriebssystem-CD eine sichere Arbeitsumgebung veröffentlicht, die den Nerv der Zeit trifft. Wer der Vorratsdatenspeicherung und Schnüffelprogrammen einen Riegel vorschieben will, kann dies elegant mit dem kostenlosen System erledigen. Neben der Datensicherheit kommt auch nicht die Unterhaltung zu kurz, dafür sorgt Multimedia-Software wie der mPlayer.
Which generally praises the system. I like the encrypted chat via Twinkle and that it does compression so you can fit a dual layer DVD onto a regular one.
I suspect that some European language searches would likely turn up even more.
I get the feeling that a gauntlet has been tossed, and at the wrong people…
There’s a very large and very competent “hacker” community. The “ethos” of it is not receptive to authoritarian governments in any case; but whacking the innocent folks (the ISP) for hosting a Torrent site is not going to be well received.
Heck, I’ve got nothing to hide, really, and don’t even do video or music downloads of any kind; and they’ve got ME working about 1/2 time on assuring such heavy handed intrusive actions are thwarted. (Being partly deaf, I don’t need “Hi Fi” or even low-fi really. More ‘for free’ on the car radio than I ever listen to. I’ve got a big Satellite feed with more video than I can watch already, and any time I’ve taken a look at YouTube I’ve had a day or two evaporate… I’ve already got more stuff on DVD than I can ever watch.)
So looking at this, it sure looks to me like a very large number of folks are going to be learning a great deal about dark nets very soon…
There are distributed cryptographic file systems and there are ways to distribute the compute load (see SETI At Home among others) so a logical next step is to have the data and the ‘server’ existing no-where and every-where. All it would take is a ‘remix CD’ and some scratch disk on a few million kids computers world wide. I suppose they could always find the Telco ‘guilty’ and demand ‘damages’ for ‘facilitating copyright infringement’ then too…
For now, folks will just ‘move along’ to more friendly countries… but if things get annoying enough…
The worst thing is that in the Netherlands downloading copyright infringing material is legal. They have a system where you pay a surtax on any mediacarrier, from flopyy disk to smartphone to cover the cost of copyright infringement. It is now going to be raised to 5 euro per carrier. So a harddisk, sdcard or smartphone is 5 euro more expensive plus VAT over that.
Go figure the logic of that.
There is a european law in the making off which the details are pretty vague, but it is intended to be able to track every citizen’s behavior. Already there is the law on datarentention by ISP’s and Telecom operators, 2 years, but now they want some kind of unique ID that identifies you. You take an ISP, you get an ID that gets centrally registered. I assume it’ll be put somewhere in the IPv6 address. At least that is the going assumption, none of this is publicly available.
They WILL nail internet down, one way or the other. France is reviewing its HADOPI law which sofar has been pretty ineffective.
@Petrossa: 1984?…Silly kids playing the game for tri-dimensional power. We are more than that!
1984 was fact in 1995. And then some. All dutch have rather pleasantly called Civilian Service Number. This number is the accesskey to any database kept by any form of government and semi-government such as health insurance, and soon all medical records.
All databases are linked, there is 3 tier access level. 1st level is the lowest and only allows access to the moist basic information: NAW, marital status such things. 2nd level gives access to all financial, socsec, tax, criminal, etc records. 3rd level gives full access to everything
level 2 and 3 give the possibility to do a cross-reference across all databases.
Example: The IRS caught all home hairdressers which didn’t report revenue by simply linking the water-companies database to the IRS database.
All persons having a unusually more then average waterusage and no reported income from hairdressing got a visit.
Oh, i forgot. All policecars have automatic license plate readers linked to level 2 database access. Any outstanding fine, taxes, other issue and it flags you to the policecar. All highways have such cameras. All your movements are known 24/7.
Civil servants from the social security service have the right to enter your home without warrant, if you are there or not.
The officially requested daily phonetaps are equal to that of the whole of the USA in a year.
The list is endless.
And you are surprised that the EUSSR is ahead in censorship/violation of privacy/spying?
We get to live with it.
Kind of interesting the double-dipping that’s going on here in Europe (at least in Germany)…
Every blank media (CD, DVD, Blueray, VHS/Beta cassette, etc.) has a surcharge based on
the assumption that you are going to record copyrighted material, whether legally or not.
This goes to an outfit called GEMA, which supposedly distributes the revenues to the
‘starving artists’ but oddly enough seems to go to the (already-rich-enough) ‘rights holders’
(reichs-holders, er,not…not yet, at least…).
The same, er, usage tax is levied upon those who purchase CD/DVD/Bluray/video/cassette/etc.
recorders, assuming they will…. and folks who purchase PCs, video/tuner cards, etc. etc.
are not free from the wandering eye of GEMA and the like. Finally, we now get to pay
for ARD, ZDF, and some other channels whether we watch TV or not….even though the
only interesting/quality stuff is on the private (read: pay-TV) channels.
We seems to be paying more and more for less and less…..I guess that’s progress,
in these days….
Well, booted the ‘privatix’ CD. As it is Linux / Debian based, it is substantially the same as CrunchBang during the boot process. A tiny bit lighter or memory usage, but added the swap partition anyway. I think it ought to run a browser and / or Torrent client as is in 256 MB, but ….
Launched the FireFox browser. It’s already “TORrified” and has paranoid security nags when you do things like launch a .torrent file. Which brings up the second point: It already has “Transmission” installed. Basically, it’s ‘ready to go’ for a variety of uses, including doing .torrent downloads / sharing via Transmission ( though that behaviour is not completely ‘anonymous’ as .torrent transfers share your IP number… so one would need to do it at someplace like an internet cafe).
Basically, it looks like this Distribution of Debian does about 90% of everything I was looking to build into a release. As it has encryption already installed ( looks like LUKS flavor) the odds are that swap encryption is just a matter of figuring out which commands to use.
So it’s now replacing #! as my ‘default’ on the “Torrent Appliance”…
At this point the ‘task list’ drops to pretty much just “find out how to turn on an encrypted swap space”, move to a USB based installation on a chip, and “save customized settings” so things like Torrent services don’t have to be restarted one file at a time on a restart. (IF I can just ‘save state’ once with them marked as active torrents, THEN lock the USB drive, I’m pretty sure that they will launch automatically on startup without a need to ‘re verify’ the data files one by one…)
The esthetics are not as subdued as #! (that’s mostly a flat dull green background) with a blue bit of wall paper with a space ships and stars theme. The ‘popup menu’ even has a ‘start terminal here’ choice. For us command line oriented folks, a welcome change from hunting for 10 minutes so I can launch a couple of windows to monitor processes and memory usage and such…
All in all, I’m happy with it ( so far…)
They can try…
The problem, though, is that there are a lot of “folks like me”. Happy to just ‘work around’ whatever is put in the way.
It is impossible to ‘lock down’ the whole internet. It’ s a fools errand. (But that won’t stop fools from trying…) Folks can, and will, move data. More of it will become encrypted. More will be done to make things impossible to track, or stop. You can see that history already in how Napster was ‘whacked’ as a downloading “site”, and peer-to-peer popped right back up. Next there were efforts to throttle the bandwidth and, as in the Dutch case, go after the ‘hosting site’. The response is that now BitTorrent (and others) use port swapping and encrypted transfers (so that it’s very hard to impossible to figure out what’s torrent transfer…)
That, then, moved to putting ‘moles’ on to try and identify folks by IP number (as that is visible to the various folks with whom you are sharing a file). The response has been things like OneSwarm and other ‘anonymizer’ networks. (Not heavily used yet, as it still isn’t all that needed, but it is there and ready to go…) Whacking the Hosting Sites and ISPs has resulting in “Magnet links”, where a central ‘tracker’ isn’t needed. Just express interest in a file and it is ‘attracted’ to you. Pirate Bay now is using Magnet Links as their default method. Go after the individuals, and they will go encrypted and anonymous.
But wait, there’s more….
I didn’t stress it (when mentioned above) but the technology for a distributed cryptographic file system is ‘old hat’ now. It’s been around for many years. So “push hard enough” on individuals and their disks, the data will move to “the cloud” and as a “distributed file system”. “My” data can live on a cloud in the server farm in the Carolinas that was built by Apple… or any of a dozen others. (With more to come). Tax local storage too much, it will flee to jurisdictions that don’t tax it so much; but it will not go away.
That tcfs is interesting in that it was created in Italy and looks to be designed for / by the Mafia. You can have a ‘quorum’ set for any given data and a redundancy level. So, say, you have a dozen folks participating, with 6 needed for a quorum…. If 5 folks get busted, their machines confiscated and they are forced to divulge their passwords, the data can still not be unlocked, nor is the ‘swarm’ shut down (as it still has enough of a quorum to open the encrypted data and enough redundancy to recover it all…). Something like that on a larger scale is all it will take…
The “end game” is to have things like Pirate Download “sites” exist in no particular place and using storage on no particular machines. The individual just “contributes” something like a GB of disk and 20% of their CPU / Network bandwidth to a highly distributed application (like SETI at Home, but minus the central server). Those resources are used to form encrypted tunnels and pass compute processes and data blocks around the group as needed. With enough redundancy that you can ‘whack’, oh, 1/2 the machines “and it keeps on ticking”… Think of a giant encrypted RAID array of 1,000,000 disks and a giant ‘cluster computer’ of 1,000,000 CPUs. So an individual can use, say, 800 MB of “their contribution” for “their stuff”, but 20% goes to the collective. IFF you download a movie, you can flag it as ‘shared’ and it doesn’t count against your allotment (as others can see the blocks too). Realize that as all of this is encrypted, and done in fragments, it is not possible to say which data is on what machine, nor what process ran on which machine. As it is done in a highly fault tolerant / redundant way, it can not be killed or ‘shut off’ short of taking down ALL of the system. Even then, things just ‘sleep’ when they drop below a quorum, so when power or connectivity comes back up, it reforms… Yes, the core of “Skynet”… (Minus the system cracking self intrusion bits, please ;-)
So what are you going to do? Stop ANY data flow? Block ALL encryption? If it is not absolute, all that changes is the SPEED of operation and the efficiency…. Even require that encrypted data have a ‘back door key’ for ‘authority’ (as was tried for early RSA systems) and folks will just build around it. The code is already free… Heck, put an outer encrypted container with ‘crap’ in it and then a hidden steganographic container inside of it (as TrueCrypt does to one level, and as tcfs does to 9 levels IIRC) and it isn’t even possible to show that there IS hidden data, never mind cracking it… so let me send ANYTHING, even just my Christmas photos, and “the data will move”…
At that point, it’s a race of the numbers. Does it change from needing a ‘critical mass’ of 10,000 “participants” to needing 100,000 to get enough data volume ‘hidden’? Does it matter?…
Track my machine, my ISP, whatever. I just load a Virtual Machine inside it that opens and encrypted connection to the DarkNet and that stuff is not visible, so not tracked. No machine ID, no “IP address” (as it is inside a virtual IP space if needed), no ‘contact tracing’ (as that happens INSIDE the encrypted / shared / anonymous space).
Can they waste a lot of resources and transfer a lot of money from innocent folks to corporations in ‘compensation’ for what some other third parties are doing? Sure. Can they slow things down a little and waste a lot of human and compute capital? Sure. Can they STOP data sharing or can they assure identification of who’s doing what? Only for brief moments and places from folks who are not bothering to stay in the race…
Australia is building “The Great Barrier Firewall” with a load of laws about content and building content filtering rules to be ‘required’ of ISPs. The result was a ‘remix’ CD that bypasses all of it… ONE person made it, near as I can tell…
Probably obsoleted already by all the more ‘general purpose’ data freedom distributions…
BTW, the ‘distribution’ includes an encrypted telephony package… so ‘about that wiretap’ ;-)
What the Europeans and especially the Dutch will ‘put up with’ is surprising to me. While we’re headed down that road a bit, folks here are more, um, ‘resistant’… (Texas just informed the world that “UN election monitors” need to keep over something like 100 feet from polling places as that is Texas law and anyone violating it will be arrested… “Don’t mess with Texas” is a badge of honor for them… )
All police states eventually collapse. The EU seems to be proceeding very rapidly along that road…
The “powers that be” always suffer corruption and excess greed until the ‘average folks’ just say they have had enough and let the system collapse. That’s why the only stable solution is NOT to have central power and authority over commerce… (As the USA was in the past and as our constitution demands…)
But freedom always ends in Tyranny. That then ends in collapse… Then freedom returns.
“Until that day”, some of us find tunnels to hide in / work through. In former times, dug in the dirt. Now encrypted…
Power is stupid. Always has been, always will be. Yes, stupid for them to play those games, but that’s what greed does to folks minds. The “average folks” just keep on living ordinary lives and “putting up with it”… until they don’t…
My goal is just to stay enough ahead of the “crap” to live the rest of my life in relative peace and freedom. Very do-able, IMHO. The rest is now the ‘kids’ problem… As the EU is running toward 50% of them “with nothing else to do” as they are not getting jobs (in places like Spain and Greece), I’m thinking they have plenty of time to ponder their government, and what might be a better one… and how to get it…
I know they can communicate and share files, in privacy and secrecy, IFF they so choose…
I also know that my skills that were on the side of “authority” for many decades are no longer being employed by them… and that I’m now building tools to retain my freedoms (and showing others how to use them too). The worm has turned…
Every individual has the innate right to a private life and is born free. That some choose to move into a nicely furbished pen in exchange for kibble and a ‘quick end’ does not prevent me from choosing to stay on the hillside, even if just to howl at the full moon …
Configuring ‘encrypted swap’ was quite easy. I did this in a ‘virtual box’ version instead of in the one running from CD (as I wanted to try out the non-xcfe version GUI and as the ‘other one’ is busy being a .torrent peer at the moment serving data to some folks…)
In the 800 ish MB too big for a regular CD non-xcfe version, it’s got a different GUI and layout. Still like it. Menu across the top instead of ‘click to pop up’, so things may be in slightly different places.
OK, encrypting disks and swap is a built in. Nothing to add needed. Finding where to do it only took about 15 minutes of wandering around menus (and a few web searches that didn’t return anything useful…. having ‘discoverable menus’ is often a very valuable feature…)
First off, under the menu “Applications, System Tools, Disk Utility” is where you do the disk partition / layout procedure. Select the real disk (or in the Virtual Box the virtual disk) and partition it, then format it. As the version I was running was from the CD.iso image, the 8gb “virtual box disk” was not mounted nor used at the point that I wanted to use it. That ‘threw me’ for a moment as most VB installs I’d done had been to disk, so this was the first time I’d needed to format a virtual disk inside Virtual Box.
In the bottom half of that application panel, you can format and mount the partitions. And choose to encrypt them. That was a bit puzzling as I chose to make an encrypted 1GB partition, and the box showing the size of the disk seemed to add a second 1 GB partition. The answer is just that it’s showing the ‘indirection’. The encrypted space shows up as a new device name, /dev/dm-0 while the original partition /dev/sda0, stays visible but gets a little ‘lock’ picture added. The symbology is supposed to be that “real” (virtual) device is locked / encrypted (/dev/sda0) while the usable space has been unlocked via the passphrase as /dev/dm-0 and show as a separate 1 GB space. I’d have used some other scheme, but ‘it is what it is’…
OK, back at the regular level… Under Applications:Accessories there’s a ‘root terminal’ that lets you do ‘long hand’ administrative things. I edited /etc/fstab and added:
/dev/dm-0 /Encrypted ext4 defaults 0 0
/dev/dm-1 swap swap defaults 0 0
and then I could do:
The mount command makes that space usable to the normal level of folks as the directory /Encrypted (you could name it anything you liked) while the ‘swapon -a’ command says to do ‘swapping’ on any partition marked as a swap partition in /etc/fstab.
There’s likely some fancy GUI way to to that without the command line stuff, but since I’ve been doing this since the 1980’s, it would take me far longer to find where they made some cute graphical thing… The “Disk Utility” does mount the disk with a click, but doesn’t change the /etc/fstab entry nor did it mount the disk where I wanted it (near as I can tell).
So, bottom line, I’ve got a VirtualBox VM with this distribution running inside of it, with a 1 GB memory and a 2 GB swap space. The swap space is encrypted. I’ve also mounted a couple of GB of ‘virtual disk’ space; one encrypted and one not. Easy peasy…
At this point I can go back to the LiveCD running image (on the Torrent serving box), and at the next reboot, do the same process to make an encrypted swap partition on it, too. That, then, means that I don’t need to add more memory nor really worry about the fact that I’m using swap space.
All that leaves is to do, is an ‘install to encrypted USB drive’, which looks to be just as quick and easy. The menu: System : Administration has an entry of “encrypt external device” that I’m pretty sure will do the USB encryption. At boot, there is a choice of “live” or of install to USB drive. Don’t know if you can just ‘do that install encrypted’ or if you need to encrypt the USB drive first; but given how well thought out the rest of this system has been, I’d expect it can be an install option.
All in all, pretty well done, IMHO.
Now if I can just get it to work on the Toyshiba-LT ;-)
OK, it looks to me like with either a Virtual Box VM, OR with ‘any old PC’ that has a couple of hundred MB of memory and / or a bit of crappy disk that can be made into swap space, you can have a pretty darned secure compute environment. All software ‘locked down’ (via being from CD, or running from a USB drive) and all storage encrypted (if desired) including swap. Communications encrypted and / or sent via TOR; including a voice / phone app and a chat app along with email.
Nice. Very nice.
While I’d rather have it be something that would run on a 266 Mhz Pentium in 128 MB of memory and NOT need swap space, well, the reality is that I’ve only got one box that old and small anymore. Even my “old crappy boxes” tend to have faster CPUs (though some only have 64 MB of memory… though those might have been ‘disposed’ when I dumped some of the very old and slow Beowulf nodes…)
At this point, only one thing prevents me from making it a ‘production’ virtual machine on my laptop. I’ve not yet figured out how to increase the screen resolution. (Puppy and DSL were very easy as they asked during ‘install’ while this one just ‘did what it wanted’ in that typical Germanic kind of way ;-) Most likely also a ‘simple thing’, but just another detail to work out. At the point where the resolution is 1024 x 788 (or whatever) instead of 800 x 600, then I can swap to ‘full screen mode’ for the virtual machine and it will look and feel like it IS the laptop. ( I did that with one of the Distros… DSL or Puppy I think…)
So at this point it is something of an ’embarrassment of riches’ on the encryption side. I can make an encrypted TrueCrypt container to hold any / all of this stuff (including the Virtual Machine) and then have the volumes inside of it encrypted as well. So more a question of deciding which to do / measuring speeds than anything else. At least in terms of a secure system ‘inside’ the HP Laptop.
For the ‘old hardware’ based dedicated function “appliances”, I can choose either ‘run from CD’ with some config needed at each boot; but with an encrypted swap if desired and using the hard disk in the machine as encrypted local storage, also if desired; or I can install TO the encrypted disk. Alternatively, a USB stick (encrypted / and or locked) can be used.
It is that kind of ‘suite’ of options that makes me comfortable that a path to production will be fairly easy. IFF any one path ‘blocks up’ I can flow around it via an alternate path. I’m “good with that”…
For now, the Torrent Appliance will be running that app, and with SWAP (encrypted or not, as I feel like it) configured on an old P.O.S. disk; booting from CD and using storage from a non-encrypted USB drive. Probably in a week or two, I’ll turn it into a USB boot machine so it is already configured at boot (but with the USB chips encrypted). It can also be a ‘secondary browsing box’ as well as general desktop, since it has FireFox built in and has OpenOffice on it too.
Once I’ve got the whole screen size thing worked out, I’ll be using it on the HP Laptop as my ‘private browser’ and ‘private editor’ space to see what other issues show up. At this point I’m not expecting any (I’ve already ‘browsed’ a graphics heavy site OK. Though I think video probably doesn’t work – commercial pluggins are a security / identity risk…)
Maybe not “fully done” yet, but certainly close enough for anything that doesn’t involve Three Letter Agencies, 100 people with badges and guns, or decades of prison time. Way ‘over kill’ for anything I do. (Which mostly is just being prepared for a “TallBloke and the Constable Moment” – so doing a remote backup of the encrypted data is ‘on the list’…) Probably along the lines of this: http://www.mikerubel.org/computers/rsync_snapshots/ with encryption in the scheme.
Mostly “putty and Spackle time”, I think… I think I’ll take a tea break now ;-)
Gee… looks like I’m not the only one thinking things will ‘go virtual’ and that trying to censor a system designed by DARPA to keep data flowing even during attacks by the USSR and nuclear bombs is a fools errand:
So looks like they are already doing encryption, virtual machines, and automatic failover inside a cloud structure. So a bit of distributed cryptographic file system on VPNed nodes that store the actual data, and a crypto link to VMs that “present it”, and folks can play “whack a mole” all day on where a given VM “pops up” while never getting close to the “real” data…
While generally having spent most of my life on the “White Hat” side of things, and hanging out with cops and “management”; I do have to say that I have a certain fondness for Pirates and have generally felt more at ease with them, than with Politicians or “Authority”. Guess it’s kind of like that whole “Cops and hookers” metaphor… street cops who find hookers to be ‘regular folks’ and not fond of the D.A.’s Office…
Not so different from the old days of pirate ships, either. Pirates always were more heavily armed and with a better idea of how to use it than the typical Crown ship… Maybe I ought to be gettin’ an eye patch and three corner’d hat ;-)
Though I think I’m more like the Village Smith who just happens to do work for both the local Sheriff and the local Pirates… I just sharpen the swords; I don’t use ’em; much…
But it’s a fine sword, no matter who be swingin’ it ;-)
@E.M.: That´s right!. These kids, though working with or using “initiates” of different ideologies, ignore that NOTHING can avoid natural laws, so as silly politicians who have increased taxes in the past and also those who will increase them in the future, are absolutely ignorant of “Laffer´s law”, or which is the same, the law of sine: You can increase your revenues up to a certain point where you´ll find the downward curve. Corporations cannot grow infinitely as they grow its “wavelength” and thus decrease its “frequency” or “mobility”.
This phenomenon is already being called a “cancer” like development, where cancer grows until kills the body which sustains it..
Individual freedom and its associated ingenuity is essential, so the future of big corporations and new world order ideologies is dying as dinosaurs died…..and we´ll have the task, as always, of fixing things up again.
I ran into a Spanish Language anonymity / privacy re-mix Linux release at one point. Any interest in a pointer to it?
One the economic / political issues:
The basic problem is that many folks expect two things that are not always true:
1) That systems have more or less linear predictability.
2) That ‘edge cases’ are amenable to ‘backoff’ when you go too far.
The #2 shows up each winter as someone falls through ice on lakes and rivers. Also when folks manage to break various laws and find out than an “oh, sorry” doesn’t ‘un-do’ it… (Oddly, some laws are even written to allow dismissal or lower penalties for ‘first time offense’ to make them more in keeping with our broken predictive ability).
For #1, well, look at the long history of folks ‘getting it wrong’… About the only variation you get on it is the idea of exponential growth that shows up in the panic-prone (such as the AGW crowd). So ‘most folks’ predict they will have a job and income about the same as now next week, month, and year; then are surprised by economic downturns / layoffs. (And many countries try to ‘fix that’ with law preventing such ‘sudden’ layoffs, that just make for fewer jobs…). We also expect that if a 10% tax rate brings in 9% of revenue, then an 11% will bring in about 10% and a 20% would bring in about 19%; but it doesn’t, it brings in less than 18%… as the curve has peaked then and is turning down.
So all sorts of “catastrophic failure” of systems are badly predicted by people (politicians especially and management almost as much) and economics is just full of such non-linearity. Oddly, it is usually taught using graphs of two crossing lines of trend… Even the “experts” have not got a good grip on “Brittle Failure” modes….(Hmmm…. Maybe I could get a paper out of advancing the field of Economics via taking a bunch of those crosses line graphs and putting in discontinuities ;-)
The consequence is incredible global hardships as folks in power make broken predictions and bad decisions.
FWIW, looks like the TOR Project started as a White Hat funded thing! Guess I’m still working on the side of the White Hats(!)… and it was military funding that started it. From their web site on ‘how to defend against legal notices’:
So it goes in the security area… Spy vs Spy and all that. Privacy for one is privacy for all, like it or not…
Not surprised by it, really, just dismayed. Guess what y’all learned in the lead up to W.W.II and then the USSR era has quickly been forgotten… For having so much history, Europeans sure seem to forget it / not learn from it “right quick”…
Hold on EM. You confuse the people who live in Europe with the select few who try to set up this totalitarian federation, such as Barosso, Rompuy, Schultz, Merkel.
The only time the citizens where ever asked if they wanted this EUSSR (2005 referenda) they answered HELL NO! When the Irish voted NO! they where told that was the wrong answer would ‘please’ hold another referendum with the correct answer please? Unsurprisingly is was yes the next round.
The NO was consequently totally ignored because it seemed we didn’t know what was good for us.
So don’t blame us. Blame the EU autocrats.
Maybe it’s our “Second Amendment” ideology…. IFF you put up with it, then you ARE part of the problem… See Texas for an example of saying “Hell No” and meaning it… Or the Sheriff in Arizona… Or any of a dozen other examples.
Defending liberty is often not “orderly”. We’re accepting of a bit more ‘disorder’…
Oddly, polls and such show Europeans generally more endorsing of Obama and more embracing of “Nanny State” laws. Not real keen on things like “pay your own way and live free, but un-coddled”. Things like paying your own medical bills and not expecting a government “paid” retirement are a bit ‘rare’ over there too… So when a lot of folks have endorsed “Central Authority” and using that power to “redistribute”; well, looks like ‘redistributing’ some to the “rights holders” sure fits the “accepted norm”…
But maybe I’m wrong. Maybe there’s a simmering revolution just below the surface. I can always dream… and hope… “But hope is not a strategy. -E.M.Smith”…
The difference is, europeans don’t exist, so they don’t have second amendment. They are not an unity, so they can’t act in unison. That’s how the EU autocrats get away with it. All protests are local and unorganized. There is simmering, hell it’s blazing but local. Easily surpressed. And don’t forget, by any standard the large part of the population is still in very good state.
A basic social welfare check in the netherlands goes for about 1000$ per person. You never work ever you still get it till your ‘retire’ when you get your statepension of a bit more then that.
Unemployment benefits are much higher.
Same goes for most west-european nations. Give the people bread and plays …..
European press is hugely biased towards Obama. He has been presented as the second coming of jezus in 2008 and now still is. You hardly hear anything about ‘the other guy’ expect that it is a religious nutcase. So i’d take these polls with a pound of salt.
If 3 percent of the population stands together and says HELL NO! Revolution happens.
Europe now has the Internet. The EU has no army for suppression. But do Europeans have the balls to say HELL NO!
The “Great Deceiver” will have 7 years on the world stage and then disappear. After loosing popular support, he will attempt to rule by decree. We are tired of him here, Europe can have him. I am sure the Brussels EU Bureaucrats could use a want to be Emperor. One warning, He and his wife have very expensive needs. His and Hers 747 SUVs and staff are costing US a large fortune. If we ground them we could hire 50,000 teachers. 8-( pg
But you will only find those 3% among the disenfranchised. And they are to busy not starving to death to bother.
And the EU army exists, it’s called differently, intervention force, but not being stupid they agreed that no soldier (policeman they call them) may be put into combat in his own nation.
Furthermore they rule already by decree. The EP is just a rubberstamp machine.
Swapped over to Privatix as the default on the Evo (as CrunchBang was a bit slow). The Evo has got way more speed and memory. Ran immediately into that FireFox bug (it’s running IceWeasel that is a rename of FireFox after the firefox folks went all ‘weasely’ on use of the name…). CPU pegged at 99%+ So once again into about:config at the URL line. Find browser:disk cache, and cut it back from 51,000 ish to 31,000 ish.
Didn’t fix it. So changed browser.cache.disk.enable to false. Still pegged.
Tried the suggested 16384. Still pegged.
So I’m needing to either install a different browser for this machine, or figure out what is causing it to go into runaway. (It may be as simple as not using the right “magic value” for cache size, but is probably more complex).
Just “be advised” that IceWeasle on Privatix can go into CPU hog run away mode on some hardware some times….
This is in ‘Tor Disabled” mode. It does not happen when using TOR mode, so it’s still fine for “privacy browsing”, just not for general browsing until this is sorted out. On the Vectra it pegs, too, but since the memory is so low, it looks like it wait states on some IO every so often, so you don’t notice as the CPU use sags then briefly.
At this point, having the build script in hand, it might be easier to just build a CD with Opera instead…
It is the ulrunner–stub program that does all the resource sucking.
much better than any of the others you mentioned, if only for the separate TOR-gateway. You can ditch Whonix workstation if you like and use whatever OS you want as a replacement, just route it through the TOR-gateway and you’re fine
And EM: having lived in both the US and Europe I have to tell you that then US is every bit as totalitarian (actually imo a damn sight more) as the EU. Despite what you think, I felt a damn sight more free living in germany than I did in the US.