Re: [Tails-dev] Tails-like system for tablets

Delete this message

Reply to this message
Author: Peter N. Glaskowsky
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Tails-like system for tablets

> On Apr 11, 2015, at 12:11 PM, Jeff Burdges <burdges@???> wrote:
>
> I skimmed the "TAILS Mobile via USB or dual-boot” thread :
> https://mailman.boum.org/pipermail/tails-dev/2014-January/004632.html
>
> Ignoring momentarily questions about USB boot :
>
> Can we even secure a mobile device at the application, OS, and network level?


My question is, why do we want to secure the _device_? Given that Tails is "amnesiac and incognito” already, it seems to me that all we need is to secure _user data_ when the user is not physically securing the device. And of course it should be up to the user to decide what standard of physical security applies, which means we should provide options for user convenience features like PIN-based screen lock and device sleep (so users don’t have to enter a cryptographically strong password each time they return from a short break). Some users would rather have more security and less convenience; that’s fine. Some would rather bias the other way, and we should give them what they want, too.

> Afaik, there are four candidate mobile Linux distributions : Ubuntu Touch, Sailfish OS, Android/Replicant, and maybe FireFox OS. I suppose iptables could be used to restrict internet access to specific users on any of them, but that’s only the beginning.


I’m not even sure user identity is something we need to keep track of. There isn’t multi-user support in Android or iOS as usually implemented. We could do something clever like check a Persistence password against multiple Persistence partitions to see if it matches any of them, I suppose.

I see that in other comments on that older thread, Thomas Benjamin (tomb at cryptocracy.net <http://cryptocracy.net/>) and others were discussing boot devices. Consumer tablets are cheap enough that we should be thinking in terms of devoting the machine to Tails by installing the OS to the internal storage rather than a USB or SD card. Obviously this requires a new user interface feature to trigger a sudden shutdown and memory wipe, but that isn’t difficult; it seems likely we could capture a Home+Volume-Down combo keypress. And in truth we don’t actually need to wipe the memory if critical user data is kept in encrypted RAM; we only need to wipe the key.

Tails doesn’t yet have boot-time touchscreen support, and there are some other issues to be worked through, but I haven’t seen any show stoppers. Most of this work has already been done on other distributions and shouldn’t be too difficult to bring into Tails.

So in summary I think Tails is already 98% ready to be a mobile OS like the ones you mentioned, and once ready, it would deliver a uniquely valuable user experience that would attract a much larger audience than it does today.

.                      png