Drop 'Tails server' project idea
Damian Johnson commited on 2017-01-29 22:09:34
Zeige 1 geänderte Dateien mit 0 Einfügungen und 81 Löschungen.
Last year we had a student that did this (segfault).
- getinvolved/en/volunteer.wml 6f1f3eafb..567132015
| ... | ... |
@@ -1163,87 +1163,6 @@ implementation. |
| 1163 | 1163 |
</p> |
| 1164 | 1164 |
</li> |
| 1165 | 1165 |
|
| 1166 |
- <a id="tailsServer"></a> |
|
| 1167 |
- <li> |
|
| 1168 |
- <b>Tails server: Self-hosted services behind Tails-powered Tor hidden services</b> |
|
| 1169 |
- <br> |
|
| 1170 |
- Likely Mentors: <i>anonym, George (asn)</i> |
|
| 1171 |
- <p>Let's talk about group collaboration, communication and data sharing |
|
| 1172 |
- infrastructure, such as chat servers, wikis, or file repositories.</p> |
|
| 1173 |
- <p>Hosting such data and infrastructure <b>in the cloud</b> generally |
|
| 1174 |
- implies to trust the service providers not to disclose content, usage or |
|
| 1175 |
- users location information to third-parties. Hence, there are many threat |
|
| 1176 |
- models in which cloud hosting is not suitable.</p> |
|
| 1177 |
- <p>Tor partly answers the <b>users location</b> part; this is great, but |
|
| 1178 |
- <b>content</b> is left unprotected.</p> |
|
| 1179 |
- <p>There are two main ways to protect such content: either to encrypt it |
|
| 1180 |
- client-side (<b>security by design</b>), or to avoid putting it into |
|
| 1181 |
- untrusted hands in the first place.</p> |
|
| 1182 |
- <p>Cloud solutions that offer security by design are rare and generally |
|
| 1183 |
- not mature yet. The <b>Tails server</b> project is about exploring the |
|
| 1184 |
- other side of the alternative: avoiding to put private data into |
|
| 1185 |
- untrusted hands in the first place.</p> |
|
| 1186 |
- <p>This is made possible thanks to Tor hidden services, that allow users |
|
| 1187 |
- to offer location-hidden services, and make self-hosting possible in |
|
| 1188 |
- many threat models. Self-hosting has its own lot of problems, however, |
|
| 1189 |
- particularly in contexts where the physical security of the hosting |
|
| 1190 |
- place is not assured. Combining Tor hidden services with Tails' |
|
| 1191 |
- amnesia property and limited support for persistent encrypted data |
|
| 1192 |
- allows to protect content, to a great degree, even in such contexts.</p> |
|
| 1193 |
- <p>In short, setting up a new Tails server would be done by:</p> |
|
| 1194 |
- |
|
| 1195 |
- <ol style="list-style-type: decimal"> |
|
| 1196 |
- <li>Alice plugs a USB stick into a running desktop Tails system.</li> |
|
| 1197 |
- <li>Alice uses a GUI to easily configure the needed services.</li> |
|
| 1198 |
- <li>Alice unplugs the USB stick, that now contains encrypted services |
|
| 1199 |
- configuration and data storage space.</li> |
|
| 1200 |
- <li>Alice plugs that USB stick (and possibly a Tails Live CD) into the |
|
| 1201 |
- old laptop that was dedicated to run Tails server.</li> |
|
| 1202 |
- <li>Once booted, Alice enters the encryption passphrase either |
|
| 1203 |
- directly using the keyboard or through a web interface listening on the |
|
| 1204 |
- local network.</li> |
|
| 1205 |
- <li>Then, Bob can use the configured services once he gets a hold on |
|
| 1206 |
- the hidden service address. (The <b>petname system for Tor hidden |
|
| 1207 |
- services</b> project would be very complementary to this one, by the |
|
| 1208 |
- way.)</li> |
|
| 1209 |
- </ol> |
|
| 1210 |
- |
|
| 1211 |
- <p>Tails server should content itself with hardware that is a bit old |
|
| 1212 |
- (such as a PIII-450 laptop with 256MB of RAM) and/or half broken (e.g. |
|
| 1213 |
- non-functional hard-disk, screen or keyboard).</p> |
|
| 1214 |
- <p>The challenges behind this project are:</p> |
|
| 1215 |
- |
|
| 1216 |
- <ul> |
|
| 1217 |
- <li>Design and write the services configuration GUI [keywords: edit |
|
| 1218 |
- configuration files, upgrade between major Debian versions, |
|
| 1219 |
- debconf].</li> |
|
| 1220 |
- <li>How to create the hidden service key? [keywords: Vidalia, control |
|
| 1221 |
- protocol].</li> |
|
| 1222 |
- <li>Adapt the Tails boot process to allow switching to "server |
|
| 1223 |
- mode" when appropriate.</li> |
|
| 1224 |
- <li>Add support, to the Tails persistence setup process, for asking an |
|
| 1225 |
- encryption passphrase without X, and possibly with a broken keyboard |
|
| 1226 |
- and/or screen [keywords: local network, SSL/TLS?, certificate?].</li> |
|
| 1227 |
- </ul> |
|
| 1228 |
- |
|
| 1229 |
- <p>This project can easily grow quite large, so the first task would |
|
| 1230 |
- probably be to clarify what it would need to get an initial (minimal |
|
| 1231 |
- but working) implementation ready to be shipped to users.</p> |
|
| 1232 |
- <p>This project does not require to be an expert in one specific field, |
|
| 1233 |
- but it requires to be experienced and at ease with a large scope of |
|
| 1234 |
- software development tools, processes, and operating system knowledge.</p> |
|
| 1235 |
- <p>Undertaking this project requires in-depth knowledge of Debian-like |
|
| 1236 |
- systems (self-test: do the "dpkg conffile" and "debconf preseeding" |
|
| 1237 |
- words sound new to your ear?); the Debian Live persistence system |
|
| 1238 |
- being written in shell, being at ease with robust shell scripting is |
|
| 1239 |
- a must; to end with, at least two pieces of software need to be |
|
| 1240 |
- written from scratch (a GUI and a webapp): the preferred languages for |
|
| 1241 |
- these tasks would be Python and Perl. Using Behaviour Driven |
|
| 1242 |
- Development methods to convey expectations and acceptance criteria |
|
| 1243 |
- would be most welcome.</p> |
|
| 1244 |
- <p>For more information see https://tails.boum.org/todo/server_edition/</p> |
|
| 1245 |
- </li> |
|
| 1246 |
- |
|
| 1247 | 1166 |
<a id="feedbackExtension"></a> |
| 1248 | 1167 |
<li> |
| 1249 | 1168 |
<b>Feedback Extension for Tor Browser</b> |
| 1250 | 1169 |