Author: sajolida Date: To: tails-dev@boum.org >> The Tails public development discussion list Subject: Re: [Tails-dev] vpwned + greeter
Jurre van Bergen wrote: > 1) When I boot Tails, i'm presented with an option to allow local
> traffic or not.
Do you mean *all* local traffic here?
> 2) When I boot Tails, i'm presented with an option to allow certain
> local traffic like SSH and printing and the rest not.
... in contrast with this option which only certain local traffic?
> 3) When I boot Tails, i'm presented with an option to be able to login
> to a captive portal, only this IP is whitelisted on the firewall rules
> and the rest is blocked.
I doubt people needing to loggin through a captive portal would know
which IP need to be allowed here. I personally wouldn't. Also note that
networking is disabled in the Greeter, so we can't really even try to
detect captive portals at this point :(
Anyway, this looks like a security slider at first sight, right?
> I think my aim with providing these options is that, when you boot a
> computer, you often know what you're going to do with it or what you
> want access to or not. The same would go for allowing devices which are
> DMA capable like firewire, thunderbolt, pcmcia and others.
Unfortunately, this is not always the case. I often change my mind or
realize that I need more stuff than I thought at first. But since I
agree with your argument of not changing the security level while
running, then the central point here is to have a default that makes
sense in most cases. Maybe somewhere in the middle of the slider :)