Re: [Tails-ux] [Tails-dev] Virtual machine notification unne…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: tails-ux
Subject: Re: [Tails-ux] [Tails-dev] Virtual machine notification unnecessarily alarmist
Hi,

I believe this is a UX question, so I'm following-up on our tails-ux@
mailing list. Bcc'ing tails-dev@ once so that people there know where
the conversation was moved.

Ryan Carboni:
> "Warning: non-free virtual machine detected!
> Both the host operating system and the virtualization software are able to"


FTR the notification points to
https://tails.boum.org/doc/advanced_topics/virtualization/#security

> This seems unnecessarily alarmist.


> Tails in a virtual machine is no different than... Tor browser according to
> the message.
> And Tor browser is offered for Windows 10.


> I am very confused by this alarmism. Is there basis for this?


There is definitely a basis, but we obviously lack data to validate it.

The way I see it, the question boils down to "are users expecting more
safety from Tails run in a VM inside an untrusted OS, than from Tor
Browser run on the same OS?". If the answer is "yes", then we need to
help them fix their mistaken expectations. If the answer is "no" (e.g.
for highly technical users), then this notification is useless and
thus harmful (the more noise we add, the less carefully users will
read other, more important messages).

I suspect that the answer is "yes" for at least *some* users:

* They correctly think of Tor Browser as "yet another application",
that runs inside their (untrusted) OS. So far, so good: they can
assess risk and behave accordingly.

* The fact Tails is a full-blown OS may confuse them and their
ability to assess risk: they might be under the impression that
they're running two independent operating systems, rather than one
OS and another one *inside* the first one. So they might not be
clearly see that they should not trust the guest OS much more than
the host OS.

Thoughts?

> Is bare metal access for Tails more secure than virtual machine?


Well, even putting the host OS problem aside, there's one good reason
to say "yes, absolutely!": Tails' MAC spoofing works when run on bare
metal, but fails to do anything meaningful inside a VM (as explained
on the doc page I've pointed to above).

Cheers,
--
intrigeri