This is a guest post by Frank Roper, on twitter as Walthamfrank
This piece was inspired by latentexistence’s blog article Privacy online: Where is my paranoid computer? http://www.latentexistence.me.uk/privacy-online-where-is-my-paranoid-computer/ which references something that Cory Doctorow in the book Little Brother calls Paranoid Linux. If you haven’t already read this piece then I suggest you do before reading further.
It would perhaps be better if I called this piece Where is my paranoid computer? – Well it’s here (well sort of and only under certain conditions) as we don’t yet have something that meets all of the requirements.
Before we start let’s remind ourselves of the requirements for a Paranoid Linux. These are:
- Mesh networking
- Random anonymous routing
- End-to-end encryption of all traffic such as web pages, email, chat and voice
- Digital signatures and proof of identity
- Fake internet traffic (Chaff) to provide a decoy and hide real information
latentexistance then suggests some technologies that could meet these requirements.
After some research and searching I have managed to identify a Linux live system – this is a system which can run off either a CD or a USB memory stick – that has most of these technologies built into it. This is The (Amnesic) Incognito Live System [T(A)ILS] https://amnesia.boum.org/ T(A)ILS is designed to preserve your privacy and anonymity - all outgoing connections to the Internet are forced to go through the Tor network and no trace is left on local storage devices (the computer it’s plugged into) unless explicitly asked.
It includes the following software and services:
- Tor and the Vidalia graphical frontend
- Firefox preconfigured with Torbutton for anonymity and protection against evil JavaScript, FireGPG for e-mail encryption and all cookies are treated as session cookies by default; the CS Lite extension provides more fine-grained cookie control for those who need it
- Claws Mail e-mail client, with user-friendly GnuPG support
- Pidgin preconfigured with OTR for Off-the-Record Messaging
- Aircrack-ng for wireless networks auditing
- Gobby for collaborative text writing
- onBoard virtual keyboard as a countermeasure against hardware keyloggers
- Shamir’s Secret Sharing using gfshare and ssss
CD and USB images for T(A)ILS can be downloaded from their website (note that you may receive a security certificate error when accessing the site but it’s fine to accept an exception in this case). I’d recommend the USB distribution as you can save files to the stick.
What it does not include is mesh networking. However some work is being undertaken at present to look into providing mesh networking. The issue is that mesh is not cheap – think of it as being a mobile phone network – if you want to provide it across any significant area. For those who wish to explore providing small scale mesh networking open source systems are available that can be ‘plugged’ into existing hardware. A detailed look at this is beyond the scope of this piece but I could have my arm twisted if enough people ask!
Hey, I’m not a Linux geek I want to run stuff on My Windows PC or Mac (or even my mobile or mobile devise)
This is less easy (for this read very hard) if you don’t want to leave traces of your activities all over your computer or mobile.
As a basic you could install Tor http://www.torproject.org/index.html.en on Windows, Mac or mobile device (Tor supports Android-based phones, tablets, computers; test packages are vaialble for iPhone, iPod Touch, iPad and experimental instructions are available for Nokia Maemo/N900).
An additional basic step is to install email encryption. Many email clients – although it’s easier to install in some of the free /open source packages like Thunderbird - support encryption.
The next possible step is to run your applications from a USB stick, although this will still leave traces of activity on the host computers hard disk. There are a variety of pendrive applications available:
- PortableApps http://portableapps.com – pre-packaged sets of applications with a useful menu utility
- winPenPack http://www.winpenpack.com – pre-packaged sets of applications
- Portable Freeware http://www.portablefreeware.com – a listing of applications that run from USB
An interesting alternative is MojoPac http://www.mojopac.com which can be installed on any USB mass storage device, even an iPod. Depending on who you believe practically everything, or everything, personal (bookmarks, documents, etc) is kept within MojoPac, always with you and never touching the host computer. Currently this only works with Windows XP systems as the host.