Re: [Tails-dev] please look at Comparison of Whonix, Tails a…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Old-Topics: Re: [Tails-dev] please look at Comparison of Whonix, Tails and TBB #2
Subject: Re: [Tails-dev] please look at Comparison of Whonix, Tails and TBB #2
Hi,

adrelanos wrote (09 Feb 2013 19:10:32 GMT) :
> intrigeri:
>> adrelanos wrote (04 Feb 2013 20:19:24 GMT) :
>>> I just updated the Whonix comparison of Whonix, Tails and Tor Browser
>>> Bundle page. [1] Hopefully it's this time much more precise and correct
>>> from the beginning.
>>
>>> If there is anything wrong, I'll correct it right away.


I'm coming back to it finally, sorry for the delay.

* "Tails 0.1.6." -> "Tails 0.16"
* Tails has not been available as a LiveCD for a year or so

About Whonix supporting "any" hardware: I don't think this is
compatible with claiming to ship the Torbrowser. Rather than such
a broad claim, perhaps clarify that Whonix supports any hardware that
is able to emulate an architecture supported by the TBB binary builds?

>> "Includes Tor Browser" in the general security comparison should be
>> updated for Tails.


> Not sure about this one. I have read:

[...]
> It would be nice if you could expand the design a bit or explain
> it here.


Thanks for the heads up. Added as "3.6.13 Iceweasel" on our design
doc. But that comes with 0.17, so you might have to update other
parts too.

>> In "Circumventing Proxy Obedience Design", it's not obvious to me why
>> "Tails in a VM" fails against "Protocol IP leak"

[...]
>> and "vm exploit".


> If Tails/Whonix run in a VM and someone manages to send a VM exploit for
> example though the browser, the attacker gets access to the host. Does
> that make sense?


Yes, perfectly.

>> Also, maybe I'm nitpicking, but IMHO "vm exploit + exploit against
>> physically isolated Whonix-Gateway" should be marked an "non
>> applicable" for "Tails in a VM", rather a fail.


> The idea was, the vm exploit is already enough and the second exploit
> isn't required anymore. Does that make sense?


OK, I see :)

> And actually, Tails can run (as any Debian / OS) behind a physically
> isolated Whonix-Gateway. After running do_not_ever_run_me, configuring
> the network to use the gateway, un-configuring misc proxy settings
> (browser), it should work. I made a short test but didn't fully document
> it yet.


Nice. I'd rather see this called "a modified Tails" rather than
"Tails", though.

>> This has quite some amount of outdated information:
>> http://sourceforge.net/p/whonix/wiki/FAQ/#why-dont-you-merge-with-tails-and-join-efforts
>> (at first glance: Using Tor Browser, Multi language support,
>> obfsproxy...)


> What's the Tails requirement for multi language support?


I'm not sure what you mean. In any case, "3.3 Internationalization" in
our design doc might help.

> I hope I updated everything.


"Requirement to fit on a CD." => CD, really?

"Isolating Proxy for strong IP/DNS leak protection." => why does the
comparison that follows holds for *DNS* leak protection?

"Remember installed packages." => upcoming in 0.18.

I'm still quite sad to read FUD like "adrelanos would have to obey the
Tails developers decisions, otherwise contributions do not get merged"
spread about Tails. I call this FUD because:

  a. Using "to obey" suggests there is a strong authoritarian
     structure in the Tails project, while I've never seen anyone
     dictate anyone else what they should do, and ask them to "obey",
     in this context (save various trolls that try to dictate what
     we're going to spend our time on). I don't mean we're living in
     a fantasy world where we're all perfectly equal, but I absolutely
     disagree that our decision making process works the way you
     put it.


  b. It suggests there are "the Tails developers" and... the rest.
     It's true that there are various more or less "core" developer
     status, with different commit bits, different levels of access to
     sensitive information, but there are certainly not two such
     binary categories.


  c. By affirming that strongly that one has to "obey" else
     "contributions do not get merged", it suggests that there are
     precedents of this process. Reference needed.


"Video/streaming software." => on the one hand, you make it clear one
may install such software on Whonix; on the other hand, you point to
a Tails ticket. That kind of unfair / differentiated treatment sounds
like cheap advertising to me; it's not an isolated case, and to be
honest, it certainly does not make me happily anticipate reviewing
such documents again. I wish that next time, you apply a filter for
differentiated treatment first, before asking for reviews. Anyway,
that's your call :)

To end with, perhaps drop the sub-sections where Tails and Whonix are
on par?

> Thanks for reviewing!


Np. To be clear, I did not review these pages entirely last time,
and I only skimmed through it quickly this time.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc