WEBVTT 99:59:59.999 --> 99:59:59.999 Hello, Thank you for coming 99:59:59.999 --> 99:59:59.999 We're gonna give a talk about and gonna give a technical overview of tails. 99:59:59.999 --> 99:59:59.999 That's kurono, intrigeri and I am BitingBird 99:59:59.999 --> 99:59:59.999 We are all tails contributors in different fields. 99:59:59.999 --> 99:59:59.999 I don't do technical things, 99:59:59.999 --> 99:59:59.999 intrigeri is one of the oldest tails contributors 99:59:59.999 --> 99:59:59.999 and kurono contributes since three years now 99:59:59.999 --> 99:59:59.999 Tails is the acronym of the-amnesic-incognito-life-system 99:59:59.999 --> 99:59:59.999 And there is the nice url, where you can have all the information. 99:59:59.999 --> 99:59:59.999 It's a life operating system. 99:59:59.999 --> 99:59:59.999 It works on almost any computer - except ARM 99:59:59.999 --> 99:59:59.999 And it boots from a dvd or a usb stick 99:59:59.999 --> 99:59:59.999 and theoretically from sdcard too, but it doesn't work very well. 99:59:59.999 --> 99:59:59.999 The focus of our new distribution is privacy and anonymity. 99:59:59.999 --> 99:59:59.999 It allows the user to use the internet anonymously. 99:59:59.999 --> 99:59:59.999 And also, when there is censorship, to circumvent it. 99:59:59.999 --> 99:59:59.999 All the connections to the internet go with tor, 99:59:59.999 --> 99:59:59.999 which is an anonymization network. 99:59:59.999 --> 99:59:59.999 That's the first big feature of tails. 99:59:59.999 --> 99:59:59.999 And the second one is 99:59:59.999 --> 99:59:59.999 that there is no trace on the computer you are using 99:59:59.999 --> 99:59:59.999 so after you used it nobody can see that you've used the computer. 99:59:59.999 --> 99:59:59.999 If somebody would grab your computer and search files 99:59:59.999 --> 99:59:59.999 they would not know, what you have done. 99:59:59.999 --> 99:59:59.999 Unless you ask for it explicitly <????> 99:59:59.999 --> 99:59:59.999 We have also a lot of data producing tools 99:59:59.999 --> 99:59:59.999 because some users use it to write books, articles, video and such things. 99:59:59.999 --> 99:59:59.999 They want to be able to create such documents without being traced. 99:59:59.999 --> 99:59:59.999 We have a very good report, 99:59:59.999 --> 99:59:59.999 not from our users, 99:59:59.999 --> 99:59:59.999 actually from the people we are suppused to protect them against. 99:59:59.999 --> 99:59:59.999 The NSA says, that it's a pain in the ass. 99:59:59.999 --> 99:59:59.999 When the NSA says you're making their life harder 99:59:59.999 --> 99:59:59.999 somehow you're doing something right. 99:59:59.999 --> 99:59:59.999 [klapping, laughing] 99:59:59.999 --> 99:59:59.999 I guess you can imagine who's the famous tails user 99:59:59.999 --> 99:59:59.999 who gave us access to the documents where they say that 99:59:59.999 --> 99:59:59.999 There is also Bruce Schneier who says he uses tails 99:59:59.999 --> 99:59:59.999 so, not bad. 99:59:59.999 --> 99:59:59.999 So, what are our goals? 99:59:59.999 --> 99:59:59.999 We took a stance in the beginning of tails 99:59:59.999 --> 99:59:59.999 that it was not really common back then 99:59:59.999 --> 99:59:59.999 to have usability as a security feature 99:59:59.999 --> 99:59:59.999 because "ubergeeks" where already able to have secure communication. 99:59:59.999 --> 99:59:59.999 We think that privacy is not an individual matter. 99:59:59.999 --> 99:59:59.999 It's a collective matter. 99:59:59.999 --> 99:59:59.999 Everybody needs to have privacy 99:59:59.999 --> 99:59:59.999 and new users and non geek users had no way to get access to this. 99:59:59.999 --> 99:59:59.999 The tools existed but they had no user interface 99:59:59.999 --> 99:59:59.999 or they where rally hard to configure. 99:59:59.999 --> 99:59:59.999 So, we designed a system that gives a quite good level of security 99:59:59.999 --> 99:59:59.999 with a quite good level of usability. 99:59:59.999 --> 99:59:59.999 Lots of the time people ask us, why we don't include more security features. 99:59:59.999 --> 99:59:59.999 We have to make a balance between usability and security. 99:59:59.999 --> 99:59:59.999 Because if it's really secure but nobody can use it 99:59:59.999 --> 99:59:59.999 then it doesn't bring anything. 99:59:59.999 --> 99:59:59.999 It makes security accessible for most people. 99:59:59.999 --> 99:59:59.999 Another important point in our project 99:59:59.999 --> 99:59:59.999 is to have a very small delta to our upstream. 99:59:59.999 --> 99:59:59.999 Our main upstream is Debian and we try to not to diverge to much from it. 99:59:59.999 --> 99:59:59.999 Because the more you do things differently 99:59:59.999 --> 99:59:59.999 the more work you have to maintain. 99:59:59.999 --> 99:59:59.999 The work is not the work of implementing something once 99:59:59.999 --> 99:59:59.999 it's the work of maintaining on the long term. 99:59:59.999 --> 99:59:59.999 There where a lot of other security distributions 99:59:59.999 --> 99:59:59.999 and there are still a few other 99:59:59.999 --> 99:59:59.999 But most of them have a very short lifespan 99:59:59.999 --> 99:59:59.999 because of maintenance. 99:59:59.999 --> 99:59:59.999 It's a distribution and 99:59:59.999 --> 99:59:59.999 we're a very tiny team compared to Debian 99:59:59.999 --> 99:59:59.999 but we're a team. 99:59:59.999 --> 99:59:59.999 Lots of other privacy distributions where either one person 99:59:59.999 --> 99:59:59.999 or very tiny teams and they didn't make outrage to be joined by other people 99:59:59.999 --> 99:59:59.999 Most other privacy distributions didn't take into account the maintenance work 99:59:59.999 --> 99:59:59.999 and the user support because 99:59:59.999 --> 99:59:59.999 even if we try to make it usable 99:59:59.999 --> 99:59:59.999 it's still a lot of work to teach the users how to use it 99:59:59.999 --> 99:59:59.999 and to document how to use it 99:59:59.999 --> 99:59:59.999 Also if you want to start such a project 99:59:59.999 --> 99:59:59.999 you need to have a long term commitment 99:59:59.999 --> 99:59:59.999 and to remember to avoid the <???> term of "not invented here" 99:59:59.999 --> 99:59:59.999 It's quite common to try to do something that does exactly what you want 99:59:59.999 --> 99:59:59.999 but sometimes it's best to find an existing software 99:59:59.999 --> 99:59:59.999 that does something close enough 99:59:59.999 --> 99:59:59.999 to <???> the features you want in it or use it as it is 99:59:59.999 --> 99:59:59.999 We are trying to do most of our work, 99:59:59.999 --> 99:59:59.999 at least a good part of our work upstream 99:59:59.999 --> 99:59:59.999 so we did apparmour 99:59:59.999 --> 99:59:59.999 in Debian specifically there is an apparmour team, 99:59:59.999 --> 99:59:59.999 an anonymity tools team and an otr team 99:59:59.999 --> 99:59:59.999 who work on things that we use in tails 99:59:59.999 --> 99:59:59.999 libvirt, chost and puppet are other projects we contributed to 99:59:59.999 --> 99:59:59.999 instead of implementing ourselves what we need in tails 99:59:59.999 --> 99:59:59.999 we did it upstream and it took longer to fall down to us 99:59:59.999 --> 99:59:59.999 but it's maintainable 99:59:59.999 --> 99:59:59.999 when we finally have the new features 99:59:59.999 --> 99:59:59.999 we have no work of keeping them 99:59:59.999 --> 99:59:59.999 As a result we have really little tails specific code 99:59:59.999 --> 99:59:59.999 we mostly do glue work between the code 99:59:59.999 --> 99:59:59.999 we take from our upstreams 99:59:59.999 --> 99:59:59.999 and we do a lot of social work 99:59:59.999 --> 99:59:59.999 we talk to upstream, we spread the word 99:59:59.999 --> 99:59:59.999 we say "Oh that would be great if somebody where to work on that" 99:59:59.999 --> 99:59:59.999 And we find the people that have the right skills 99:59:59.999 --> 99:59:59.999 to do the work that should be done when it's not in tails 99:59:59.999 --> 99:59:59.999 We have a very slow rythm because we work in Debian 99:59:59.999 --> 99:59:59.999 so we have to wait until the next Debian version is released 99:59:59.999 --> 99:59:59.999 To see the work we have done in tails as apparmour 99:59:59.999 --> 99:59:59.999 I mentioned earlier, we did it in Debian 99:59:59.999 --> 99:59:59.999 so for two years there was work going on in Debian that was not visible in tails 99:59:59.999 --> 99:59:59.999 but we finally have it 99:59:59.999 --> 99:59:59.999 Tails is still alive, because it's maintainable 99:59:59.999 --> 99:59:59.999 Implementation details - 99:59:59.999 --> 99:59:59.999 That's where I give the micro to [gives micro to intrigeri]