9:59:59.000,9:59:59.000 Hello, Thank you for coming 9:59:59.000,9:59:59.000 We're gonna give a talk about and [br]gonna give a technical overview of Tails. 9:59:59.000,9:59:59.000 That's kurono, intrigeri [br]and I am BitingBird. 9:59:59.000,9:59:59.000 We are all Tails contributors[br]in different fields. 9:59:59.000,9:59:59.000 I don't do technical things, 9:59:59.000,9:59:59.000 intrigeri is one of the [br]oldest tails contributors 9:59:59.000,9:59:59.000 and kurono contributes [br]since three years now. 9:59:59.000,9:59:59.000 Tails is the acronym of[br]the-amnesic-incognito-live-system 9:59:59.000,9:59:59.000 And there is the nice url, [br]where you can have all the information. 9:59:59.000,9:59:59.000 It's a live operating system. 9:59:59.000,9:59:59.000 It works on almost any computer -[br]except ARM 9:59:59.000,9:59:59.000 And it boots from a dvd or a usb stick 9:59:59.000,9:59:59.000 and theoretically from sdcard too, [br]but it doesn't work very well. 9:59:59.000,9:59:59.000 The focus of our new distribution [br]is privacy and anonymity. 9:59:59.000,9:59:59.000 It allows the user [br]to use the internet anonymously. 9:59:59.000,9:59:59.000 And also, when there is censorship,[br]to circumvent it. 9:59:59.000,9:59:59.000 All the connections to [br]the internet go with tor, 9:59:59.000,9:59:59.000 which is an anonymization network. 9:59:59.000,9:59:59.000 That's the first big feature of tails. 9:59:59.000,9:59:59.000 And the second one is 9:59:59.000,9:59:59.000 that there is no trace [br]on the computer you are using 9:59:59.000,9:59:59.000 so after you used it nobody can see[br]that you've used the computer. 9:59:59.000,9:59:59.000 If somebody would grab your computer [br]and search files 9:59:59.000,9:59:59.000 they would not know, [br]what you have done. 9:59:59.000,9:59:59.000 Unless you ask for it explicitly <????> 9:59:59.000,9:59:59.000 We have also a lot of data producing tools 9:59:59.000,9:59:59.000 because some users use it to write books,[br]articles, video and such things. 9:59:59.000,9:59:59.000 They want to be able to create such documents without being traced. 9:59:59.000,9:59:59.000 We have a very good report, 9:59:59.000,9:59:59.000 not from our users, 9:59:59.000,9:59:59.000 actually from the people [br]we are supposed to protect them against. 9:59:59.000,9:59:59.000 The NSA says, that it's a pain in the ass. 9:59:59.000,9:59:59.000 When the NSA says [br]you're making their life harder 9:59:59.000,9:59:59.000 somehow you're doing something right. 9:59:59.000,9:59:59.000 [klapping, laughing] 9:59:59.000,9:59:59.000 I guess you can imagine who's [br]the famous tails user 9:59:59.000,9:59:59.000 who gave us access to the documents where[br]they say that 9:59:59.000,9:59:59.000 There is also Bruce Schneier[br]who says he uses Tails 9:59:59.000,9:59:59.000 so, not bad. 9:59:59.000,9:59:59.000 So, what are our goals? 9:59:59.000,9:59:59.000 We took a stance in the beginning of Tails 9:59:59.000,9:59:59.000 that it was not really common back then 9:59:59.000,9:59:59.000 to have usability as a security feature 9:59:59.000,9:59:59.000 because "ubergeeks" where already able[br]to have secure communication. 9:59:59.000,9:59:59.000 We think that privacy [br]is not an individual matter. 9:59:59.000,9:59:59.000 It's a collective matter. 9:59:59.000,9:59:59.000 Everybody needs to have privacy 9:59:59.000,9:59:59.000 and new users and non geek users [br]had no way to get access to this. 9:59:59.000,9:59:59.000 The tools existed but they had [br]no user interface 9:59:59.000,9:59:59.000 or they where really hard to configure. 9:59:59.000,9:59:59.000 So, we designed a system that gives [br]a quite good level of security 9:59:59.000,9:59:59.000 with a quite good level of usability. 9:59:59.000,9:59:59.000 Lots of the time people ask us, why we [br]don't include more security features. 9:59:59.000,9:59:59.000 We have to make a balance between [br]usability and security. 9:59:59.000,9:59:59.000 Because if it's really secure[br]but nobody can use it 9:59:59.000,9:59:59.000 then it doesn't bring anything. 9:59:59.000,9:59:59.000 It makes security accessible[br]for most people. 9:59:59.000,9:59:59.000 Another important point in our project 9:59:59.000,9:59:59.000 is to have a very small delta [br]to our upstream. 9:59:59.000,9:59:59.000 Our main upstream is Debian and we try [br]to not diverge too much from it. 9:59:59.000,9:59:59.000 Because the more you do things differently[br] 9:59:59.000,9:59:59.000 the more work you have to maintain. 9:59:59.000,9:59:59.000 The work is not the work of [br]implementing something once 9:59:59.000,9:59:59.000 it's the work of [br]maintaining on the long term. 9:59:59.000,9:59:59.000 There where a lot of other [br]security distributions 9:59:59.000,9:59:59.000 and there are still a few others 9:59:59.000,9:59:59.000 But most of them [br]have a very short lifespan 9:59:59.000,9:59:59.000 because of maintenance. 9:59:59.000,9:59:59.000 It's a distribution and [br] 9:59:59.000,9:59:59.000 we're a very tiny team compared to Debian 9:59:59.000,9:59:59.000 but we're a team. 9:59:59.000,9:59:59.000 Lots of other privacy distributions[br]where either one person 9:59:59.000,9:59:59.000 or very tiny teams and they didn't make [br]outrage to be joined by other people 9:59:59.000,9:59:59.000 Most other privacy distributions didn't [br]take into account the maintenance work 9:59:59.000,9:59:59.000 and the user support because 9:59:59.000,9:59:59.000 even if we try to make it usable [br] 9:59:59.000,9:59:59.000 it's still a lot of work to [br]teach the users how to use it 9:59:59.000,9:59:59.000 and to document how to use it. 9:59:59.000,9:59:59.000 Also if you want to start such a project 9:59:59.000,9:59:59.000 you need to have a long term commitment 9:59:59.000,9:59:59.000 and to remember to avoid the symptom of[br]"not invented here". 9:59:59.000,9:59:59.000 It's quite common to try to do something [br]that does exactly what you want 9:59:59.000,9:59:59.000 but sometimes it's best [br]to find an existing software 9:59:59.000,9:59:59.000 that does something close enough 9:59:59.000,9:59:59.000 to make the new features you want in it [br]or use it as it is. 9:59:59.000,9:59:59.000 We are trying to do most of our work,[br] 9:59:59.000,9:59:59.000 at least a good part of our work upstream 9:59:59.000,9:59:59.000 so we did AppArmor 9:59:59.000,9:59:59.000 in Debian specifically there is [br]an AppArmor team, 9:59:59.000,9:59:59.000 an anonymity tools team and an OTR team 9:59:59.000,9:59:59.000 who work on things that we use in Tails 9:59:59.000,9:59:59.000 libvirt, Seahorse, Tor and Puppet [br]are other projects we contributed to 9:59:59.000,9:59:59.000 instead of implementing ourselves [br]what we need in Tails 9:59:59.000,9:59:59.000 we did it upstream [br]and it took longer to fall down to us[br] 9:59:59.000,9:59:59.000 but it's maintainable. 9:59:59.000,9:59:59.000 When we finally have the new features 9:59:59.000,9:59:59.000 we have no work of keeping them. 9:59:59.000,9:59:59.000 As a result we have [br]really little Tails specific code 9:59:59.000,9:59:59.000 we mostly do glue work between the code 9:59:59.000,9:59:59.000 we take from our upstreams 9:59:59.000,9:59:59.000 and we do a lot of social work 9:59:59.000,9:59:59.000 we talk to upstream, we spread the word 9:59:59.000,9:59:59.000 we say "Oh that would be great if somebody[br]where to work on that" 9:59:59.000,9:59:59.000 And we find the people that [br]have the right skills [br] 9:59:59.000,9:59:59.000 to do the work that should be done[br]when it's not in Tails 9:59:59.000,9:59:59.000 We have a very slow rythm [br]because we work in Debian 9:59:59.000,9:59:59.000 so we have to wait until the next Debian version is released 9:59:59.000,9:59:59.000 To see the work we have done in Tails [br]as AppArmor 9:59:59.000,9:59:59.000 I mentioned earlier, we did it in Debian 9:59:59.000,9:59:59.000 so for two years there was work going on[br]in Debian that was not visible in Tails 9:59:59.000,9:59:59.000 but we finally have it 9:59:59.000,9:59:59.000 Tails is still alive, [br]because it's maintainable 9:59:59.000,9:59:59.000 Implementation details - 9:59:59.000,9:59:59.000 That's where I give the micro.[br][gives micro to kurono]