0:00:04.491,0:00:07.300
Hello, Thank you for coming

0:00:07.480,0:00:13.785
We're gonna give a talk about and [br]gonna give a technical overview of Tails.

0:00:15.720,0:00:20.480
That's kurono, intrigeri [br]and I am BitingBird.

0:00:30.500,0:00:35.260
We are all Tails contributors[br]in different fields.

0:00:37.730,0:00:41.630
I don't do technical things,

0:00:41.760,0:00:47.740
intrigeri is one of the [br]oldest tails contributors

0:00:47.740,0:00:54.500
and kurono contributes [br]since two years now.

0:00:56.400,0:01:01.740
Tails is the acronym of[br]The Amnesic Incognito Live System

0:01:02.070,0:01:06.940
And here is the nice url, [br]where you can have all the information.

0:01:08.621,0:01:10.531
It's a live operating system.

0:01:10.730,0:01:15.460
It works on almost any computer -[br]except ARM

0:01:16.480,0:01:20.830
And it boots from a dvd or a usb stick

0:01:20.830,0:01:25.280
and theoretically from sdcard too, [br]but it doesn't work very well.

0:01:28.970,0:01:34.590
The focus of our distribution [br]is privacy and anonymity.

0:01:35.471,0:01:40.491
It allows the user [br]to use the internet anonymously.

0:01:43.040,0:01:47.480
And also, when there is censorship,[br]to circumvent it.

0:01:48.931,0:01:52.111
All the connections to [br]the internet go with tor,

0:01:52.461,0:01:56.041
which is an anonymization network.

0:01:57.720,0:02:02.200
That's the first big feature of tails.

0:02:02.200,0:02:03.691
And the second one is

0:02:03.691,0:02:06.200
that there is no trace [br]on the computer you are using

0:02:06.200,0:02:13.990
so after you used it nobody can see[br]that you've used the computer.

0:02:15.930,0:02:20.601
If somebody would grab your computer [br]and search files

0:02:20.601,0:02:23.551
they would not know, [br]what you have done.

0:02:25.250,0:02:29.100
Unless you ask for it explicitly

0:02:29.721,0:02:36.721
We have also a lot of data producing tools

0:02:38.000,0:02:47.761
because some users use it to write books,[br]articles, video and such things.

0:02:48.651,0:02:54.410
They want to be able to create such documents without being traced.

0:02:58.460,0:03:01.640
Does it work ?

0:03:01.640,0:03:04.890
We have a very good report,

0:03:04.891,0:03:06.901
not from our users,

0:03:06.901,0:03:11.840
actually from the people [br]we are supposed to protect them against.

0:03:11.840,0:03:16.260
The NSA says, that it's a pain in the ass.

0:03:16.483,0:03:22.751
When the NSA says [br]you're making their life harder

0:03:22.751,0:03:26.230
somehow you're doing something right.

0:03:26.230,0:03:31.490
[klapping, laughing]

0:03:31.500,0:03:37.490
I guess you can imagine who's [br]the famous tails user

0:03:37.490,0:03:41.600
who gave us access to the documents where[br]they say that

0:03:42.790,0:03:48.530
There is also Bruce Schneier[br]who says he uses Tails

0:03:49.231,0:03:53.681
so, not bad.

0:03:54.601,0:03:57.351
So, what are our goals?

0:03:57.480,0:04:01.692
We took a stance in the beginning of Tails

0:04:01.692,0:04:04.513
that it was not really common back then

0:04:04.513,0:04:08.110
to have usability as a security feature

0:04:08.110,0:04:13.540
because "ubergeeks" where already able[br]to have secure communication.

0:04:15.221,0:04:18.530
The thing is privacy [br]is not an individual matter.

0:04:18.530,0:04:19.941
It's a collective matter.

0:04:19.941,0:04:22.801
Everybody needs to have privacy

0:04:22.801,0:04:32.501
and new users and non geek users [br]had no way to get access to this.

0:04:32.502,0:04:36.530
The tools existed but they had [br]no user interface

0:04:36.530,0:04:39.730
or they where really hard to configure.

0:04:39.730,0:04:45.741
So, we designed a system that gives [br]a quite good level of security

0:04:45.741,0:04:49.031
with a quite good level of usability.

0:04:49.480,0:04:54.760
Lots of the time people ask us, why we [br]don't include more security features.

0:04:54.760,0:04:58.610
We have to make a balance between security and usability.

0:04:58.611,0:05:02.230
Because if it's really secure[br]but nobody can use it

0:05:02.230,0:05:05.931
then it doesn't bring anything.

0:05:05.931,0:05:10.171
It makes security accessible[br]for most people.

0:05:12.464,0:05:15.912
Another important point in our project

0:05:15.912,0:05:20.242
is to have a very small delta [br]to our upstream.

0:05:21.660,0:05:28.510
Our main upstream is Debian and we try [br]to not diverge too much from it.

0:05:30.500,0:05:34.100
Because the more you do things differently[br]

0:05:34.100,0:05:37.501
the more work you have to maintain.

0:05:37.501,0:05:41.363
The work is not the work of [br]implementing something once

0:05:41.363,0:05:44.663
it's the work of [br]maintaining on the long term.

0:05:45.262,0:05:49.772
There where a lot of other [br]security distributions

0:05:49.772,0:05:51.903
and there are still a few others

0:05:51.903,0:05:55.523
But most of them [br]have a very short lifespan

0:05:57.814,0:06:02.020
because of maintenance.

0:06:02.020,0:06:04.756
It's a distribution and [br]

0:06:04.756,0:06:07.632
we're a very tiny team compared to Debian

0:06:07.632,0:06:10.283
but we're a team.

0:06:10.283,0:06:15.290
Lots of other privacy distributions[br]where either one person

0:06:15.290,0:06:22.290
or very tiny teams and they didn't make [br]outrage to be joined by other people

0:06:24.440,0:06:32.752
Most other privacy distributions didn't [br]take into account the maintenance work

0:06:32.752,0:06:35.501
and the user support because

0:06:35.501,0:06:37.761
even if we try to make it usable [br]

0:06:37.761,0:06:43.000
it's still a lot of work to [br]teach the users how to use it

0:06:43.000,0:06:46.806
and to document how to use it.

0:06:46.806,0:06:49.270
Also if you want to start such a project

0:06:49.270,0:06:52.741
you need to have a long term commitment

0:06:52.741,0:06:57.301
and to remember to avoid the symptom of[br]"not invented here".

0:06:57.691,0:07:03.392
It's quite common to try to do something [br]that does exactly what you want

0:07:03.392,0:07:08.031
but sometimes it's best [br]to find an existing software

0:07:08.031,0:07:11.781
that does something close enough

0:07:11.781,0:07:18.250
to make the new features you want in it [br]or use it as it is.

0:07:20.970,0:07:23.770
We are trying to do most of our work,[br]

0:07:23.770,0:07:26.790
at least a good part of our work upstream

0:07:26.790,0:07:30.014
so we did AppArmor

0:07:30.014,0:07:32.930
in Debian specifically there is [br]an AppArmor team,

0:07:32.930,0:07:37.360
an anonymity tools team and an OTR team

0:07:37.361,0:07:42.001
who work on things that we use in Tails

0:07:42.501,0:07:49.271
libvirt, Seahorse, Tor and Puppet [br]are other projects we contributed to

0:07:49.271,0:07:54.631
instead of implementing ourselves [br]what we need in Tails

0:07:54.631,0:08:01.510
we did it upstream [br]and it took longer to fall down to us[br]

0:08:01.510,0:08:04.470
but it's maintainable.

0:08:04.470,0:08:07.552
When we finally have the new features

0:08:07.552,0:08:12.102
we have no work of keeping them.

0:08:13.490,0:08:17.590
As a result we have [br]really little Tails specific code

0:08:17.590,0:08:20.640
we mostly do glue work between the code

0:08:20.640,0:08:23.774
we take from our upstreams

0:08:23.774,0:08:25.914
and we do a lot of social work

0:08:25.920,0:08:29.250
we talk to upstream, we spread the word

0:08:29.250,0:08:34.660
we say "Oh that would be great if somebody[br]where to work on that"

0:08:35.970,0:08:40.501
And we find the people that [br]have the right skills [br]

0:08:40.501,0:08:44.861
to do the work that should be done[br]when it's not in Tails

0:08:46.010,0:08:51.450
We have a very slow rythm [br]because we work in Debian

0:08:51.450,0:08:55.230
so we have to wait until the next Debian version is released

0:08:55.230,0:08:59.791
To see the work we have done in Tails [br]as AppArmor

0:08:59.791,0:09:02.826
I mentioned earlier, we did it in Debian

0:09:02.826,0:09:09.276
so for two years there was work going on[br]in Debian that was not visible in Tails

0:09:09.283,0:09:14.543
but we finally have it

0:09:16.480,0:09:21.100
Tails is still alive, [br]because it's maintainable

0:09:22.720,0:09:24.404
Implementation details -

0:09:24.404,0:09:30.704
That's where I give the micro.[br][gives micro to kurono]