30 comments

[ 3.0 ms ] story [ 66.7 ms ] thread
I like to point out that if your hardware is compromise then it doesn't matter what you run on top of it. If you are being actively targeted by state actors(fbi,nsa,cia,etc) then your computer is more than likely compromised.
If you think the FSB is after you then you'll need better countermeasures than just running Tails on your own machine.

For the rest of us, Tails and Qubes are big improvements over an HP laptop with Windows and its ecosystem of bloatware and spyware.

"They" can't target you if they don't know who you are to begin with.

A milquetoast public persona coupled with extensive Tor usage is quite privacy protecting :)

Well, you just blew your cover. They're watching you now.

Alternatively, everyone could pretend to be a muslim-environmentalist-communist with strong interests in nuclear chemistry and virology. It isn't possible to watch everyone.

Crap, they're gonna be watching me, now, too.

Are you sure you aren't an agent provocateur?

(comment deleted)
>Well, you just blew your cover. They're watching you now.

"They're" watching everyone: https://en.wikipedia.org/wiki/Tempora

Parsing through all that data is an unsolved problem however: https://www.zdnet.com/article/nsa-whistleblower-overwhelmed-...

They don’t need to parse all that data; simply the full take of everyone who’s ever searched for Tails, or visited the Tails website, or run Tor.
> They don’t need to parse all that data; simply the full take of everyone who’s ever searched for Tails, or visited the Tails website, or run Tor.

And what? Retain all their traffic til the end of days? Even if you restrict your selectors to Tor fans, that's still a massive amount of data.

It’s not a lot on the scale we’re discussing.
.... I don't know if the FSB has the technical capability but the super cyber forces do(us and china).
>> If you are being actively targeted by state actors(fbi,nsa,cia,etc)

The FBI is currently investigating hundreds, thousands, of drug-related crimes. They aren't deploying advanced firmware exploits on a daily basis. If you buy a laptop from a local store, and then run something like Tails from day one, the chances of them installing a firmware exploit remotely is nill. If you want to run Tails on your 5yo desktop that you use for Facebook, minecraft, porn, and for running your drug empire... then ya. Be worried. But running Tails on a new machine is safe.

ahhh but where are you purchasing this "new" computer? It'd be foolish to assume that all new devices are clean.
There are classic cases of machines being intercepted in the post (including the cipher machines posted to the US Embassy in Moscow!).

But if you go pick out a machine from a store and take it home immediately then the chances of it having something preinstalled specifically to target you is nil.

This is one of the reasons I like to purchase laptops/components etc in person.
>if you go pick out a machine from a store and take it home immediately then the chances of it having something preinstalled specifically to target you is nil

Well, the chances of having government installed malware is nil ;)

https://en.wikipedia.org/wiki/Superfish#Lenovo_security_inci...

(Kidding aside, purchasing a laptop at a store then wiping it is probably reasonably secure for even more paranoid users)

Assuming "new" hardware is uncompromisable is a dangerous line of thinking. Don't forget about the vulnerabilities that have been found in Intel's Management Engine and AMD's PSP. Both of those "applications" are running before Tails boots.
https://www.pcworld.com/article/2083300/report-nsa-intercept...

If you know you are not being targeting then you don't have to worry but... If they know who you are and where you live, they can bypass any router(they work directly with oems) and get onto your computer on a hardware level.

Keeping your identity private is the first task in security when dealing with the kind of people you need tails for.

Not unless you use something like pfsense on freed or mostly free hardware (many of us do this).
If you are targeted by state actors it doesn't matter if your hardware is clean and your op-sec is tight because they can force you to reveal what is on your laptop.

However things like tails, etc will continue to protected you from a lot of non-government surveillance (comcast, fb, google, etc) and lots of different types of malware. That is still valuable.

I have noticed that people who swear the government can't do anything right thinks they can do this dead on.

My friend was investigated by the FBI for over 18 months. They acted in court that they miss everything all the time and was why they didn't have any video, audio (though several people were wired) or digital evidence and to please listen to the witnesses that got plea bargains after they got caught red handed committing several federal crimes and tax evasion of over $500,000. The audio sounded horrible. It was almost like listening to backward music lyrics and they could make you hear something possibly.

I doubt they can do much besides a handful of people.

By that same logic, you might as well stop eating/drinking, because you're just going to die anyways, regardless of what you do to stay alive.
A lot of us _aren't_ being _actively_ targeted by Three Letter Agencies, but are concerned about being passively targetted
tails 3.8 comes with a handy typing blanket too!
I get the joke, but how secure are passwords these days? There are cameras everywhere; if you type your password in public there's a reasonable chance a camera will pick it up; it wouldn't seem impossible to automate recognition of which keys you are pressing.
Snowden revelations mentioned that even downloading or visiting sliaT website gets you on a list.
I do wonder how many lists I am on already.
A lot. https://boingboing.net/2014/07/03/if-you-read-boing-boing-th...

According to the story, the NSA targets anyone who searches for online articles about Tails

The release of Tails 3.8 was announced on HN, so everyone from HN is on the list. We're doomed.

This is actually rather ironic because it exactly shows how mass surveillance fails because it doesn't target selectively (that's what targeted surveillance does).

If that is truly the case, then we should encourage as many people as possible to visit the Tails' site. If the list changes from "these people are doing 'dangerous' things" to "these people know someone who likes technology", then the list itself becomes a lot less useful.