1
99:59:59,999 --> 99:59:59,999
Hello, Thank you for coming

2
99:59:59,999 --> 99:59:59,999
We're gonna give a talk about and 
gonna give a technical overview of Tails.

3
99:59:59,999 --> 99:59:59,999
That's kurono, intrigeri 
and I am BitingBird.

4
99:59:59,999 --> 99:59:59,999
We are all Tails contributors
in different fields.

5
99:59:59,999 --> 99:59:59,999
I don't do technical things,

6
99:59:59,999 --> 99:59:59,999
intrigeri is one of the 
oldest tails contributors

7
99:59:59,999 --> 99:59:59,999
and kurono contributes 
since three years now.

8
99:59:59,999 --> 99:59:59,999
Tails is the acronym of
the-amnesic-incognito-live-system

9
99:59:59,999 --> 99:59:59,999
And there is the nice url, 
where you can have all the information.

10
99:59:59,999 --> 99:59:59,999
It's a live operating system.

11
99:59:59,999 --> 99:59:59,999
It works on almost any computer -
except ARM

12
99:59:59,999 --> 99:59:59,999
And it boots from a dvd or a usb stick

13
99:59:59,999 --> 99:59:59,999
and theoretically from sdcard too, 
but it doesn't work very well.

14
99:59:59,999 --> 99:59:59,999
The focus of our new distribution 
is privacy and anonymity.

15
99:59:59,999 --> 99:59:59,999
It allows the user 
to use the internet anonymously.

16
99:59:59,999 --> 99:59:59,999
And also, when there is censorship,
to circumvent it.

17
99:59:59,999 --> 99:59:59,999
All the connections to 
the internet go with tor,

18
99:59:59,999 --> 99:59:59,999
which is an anonymization network.

19
99:59:59,999 --> 99:59:59,999
That's the first big feature of tails.

20
99:59:59,999 --> 99:59:59,999
And the second one is

21
99:59:59,999 --> 99:59:59,999
that there is no trace 
on the computer you are using

22
99:59:59,999 --> 99:59:59,999
so after you used it nobody can see
that you've used the computer.

23
99:59:59,999 --> 99:59:59,999
If somebody would grab your computer 
and search files

24
99:59:59,999 --> 99:59:59,999
they would not know, 
what you have done.

25
99:59:59,999 --> 99:59:59,999
Unless you ask for it explicitly <????>

26
99:59:59,999 --> 99:59:59,999
We have also a lot of data producing tools

27
99:59:59,999 --> 99:59:59,999
because some users use it to write books,
articles, video and such things.

28
99:59:59,999 --> 99:59:59,999
They want to be able to create such documents without being traced.

29
99:59:59,999 --> 99:59:59,999
We have a very good report,

30
99:59:59,999 --> 99:59:59,999
not from our users,

31
99:59:59,999 --> 99:59:59,999
actually from the people 
we are supposed to protect them against.

32
99:59:59,999 --> 99:59:59,999
The NSA says, that it's a pain in the ass.

33
99:59:59,999 --> 99:59:59,999
When the NSA says 
you're making their life harder

34
99:59:59,999 --> 99:59:59,999
somehow you're doing something right.

35
99:59:59,999 --> 99:59:59,999
[klapping, laughing]

36
99:59:59,999 --> 99:59:59,999
I guess you can imagine who's 
the famous tails user

37
99:59:59,999 --> 99:59:59,999
who gave us access to the documents where
they say that

38
99:59:59,999 --> 99:59:59,999
There is also Bruce Schneier
who says he uses Tails

39
99:59:59,999 --> 99:59:59,999
so, not bad.

40
99:59:59,999 --> 99:59:59,999
So, what are our goals?

41
99:59:59,999 --> 99:59:59,999
We took a stance in the beginning of Tails

42
99:59:59,999 --> 99:59:59,999
that it was not really common back then

43
99:59:59,999 --> 99:59:59,999
to have usability as a security feature

44
99:59:59,999 --> 99:59:59,999
because "ubergeeks" where already able
to have secure communication.

45
99:59:59,999 --> 99:59:59,999
We think that privacy 
is not an individual matter.

46
99:59:59,999 --> 99:59:59,999
It's a collective matter.

47
99:59:59,999 --> 99:59:59,999
Everybody needs to have privacy

48
99:59:59,999 --> 99:59:59,999
and new users and non geek users 
had no way to get access to this.

49
99:59:59,999 --> 99:59:59,999
The tools existed but they had 
no user interface

50
99:59:59,999 --> 99:59:59,999
or they where really hard to configure.

51
99:59:59,999 --> 99:59:59,999
So, we designed a system that gives 
a quite good level of security

52
99:59:59,999 --> 99:59:59,999
with a quite good level of usability.

53
99:59:59,999 --> 99:59:59,999
Lots of the time people ask us, why we 
don't include more security features.

54
99:59:59,999 --> 99:59:59,999
We have to make a balance between 
usability and security.

55
99:59:59,999 --> 99:59:59,999
Because if it's really secure
but nobody can use it

56
99:59:59,999 --> 99:59:59,999
then it doesn't bring anything.

57
99:59:59,999 --> 99:59:59,999
It makes security accessible
for most people.

58
99:59:59,999 --> 99:59:59,999
Another important point in our project

59
99:59:59,999 --> 99:59:59,999
is to have a very small delta 
to our upstream.

60
99:59:59,999 --> 99:59:59,999
Our main upstream is Debian and we try 
to not diverge too much from it.

61
99:59:59,999 --> 99:59:59,999
Because the more you do things differently


62
99:59:59,999 --> 99:59:59,999
the more work you have to maintain.

63
99:59:59,999 --> 99:59:59,999
The work is not the work of 
implementing something once

64
99:59:59,999 --> 99:59:59,999
it's the work of 
maintaining on the long term.

65
99:59:59,999 --> 99:59:59,999
There where a lot of other 
security distributions

66
99:59:59,999 --> 99:59:59,999
and there are still a few others

67
99:59:59,999 --> 99:59:59,999
But most of them 
have a very short lifespan

68
99:59:59,999 --> 99:59:59,999
because of maintenance.

69
99:59:59,999 --> 99:59:59,999
It's a distribution and 


70
99:59:59,999 --> 99:59:59,999
we're a very tiny team compared to Debian

71
99:59:59,999 --> 99:59:59,999
but we're a team.

72
99:59:59,999 --> 99:59:59,999
Lots of other privacy distributions
where either one person

73
99:59:59,999 --> 99:59:59,999
or very tiny teams and they didn't make 
outrage to be joined by other people

74
99:59:59,999 --> 99:59:59,999
Most other privacy distributions didn't 
take into account the maintenance work

75
99:59:59,999 --> 99:59:59,999
and the user support because

76
99:59:59,999 --> 99:59:59,999
even if we try to make it usable 


77
99:59:59,999 --> 99:59:59,999
it's still a lot of work to 
teach the users how to use it

78
99:59:59,999 --> 99:59:59,999
and to document how to use it.

79
99:59:59,999 --> 99:59:59,999
Also if you want to start such a project

80
99:59:59,999 --> 99:59:59,999
you need to have a long term commitment

81
99:59:59,999 --> 99:59:59,999
and to remember to avoid the symptom of
"not invented here".

82
99:59:59,999 --> 99:59:59,999
It's quite common to try to do something 
that does exactly what you want

83
99:59:59,999 --> 99:59:59,999
but sometimes it's best 
to find an existing software

84
99:59:59,999 --> 99:59:59,999
that does something close enough

85
99:59:59,999 --> 99:59:59,999
to make the new features you want in it 
or use it as it is.

86
99:59:59,999 --> 99:59:59,999
We are trying to do most of our work,


87
99:59:59,999 --> 99:59:59,999
at least a good part of our work upstream

88
99:59:59,999 --> 99:59:59,999
so we did AppArmor

89
99:59:59,999 --> 99:59:59,999
in Debian specifically there is 
an AppArmor team,

90
99:59:59,999 --> 99:59:59,999
an anonymity tools team and an OTR team

91
99:59:59,999 --> 99:59:59,999
who work on things that we use in Tails

92
99:59:59,999 --> 99:59:59,999
libvirt, Seahorse, Tor and Puppet 
are other projects we contributed to

93
99:59:59,999 --> 99:59:59,999
instead of implementing ourselves 
what we need in Tails

94
99:59:59,999 --> 99:59:59,999
we did it upstream 
and it took longer to fall down to us


95
99:59:59,999 --> 99:59:59,999
but it's maintainable.

96
99:59:59,999 --> 99:59:59,999
When we finally have the new features

97
99:59:59,999 --> 99:59:59,999
we have no work of keeping them.

98
99:59:59,999 --> 99:59:59,999
As a result we have 
really little Tails specific code

99
99:59:59,999 --> 99:59:59,999
we mostly do glue work between the code

100
99:59:59,999 --> 99:59:59,999
we take from our upstreams

101
99:59:59,999 --> 99:59:59,999
and we do a lot of social work

102
99:59:59,999 --> 99:59:59,999
we talk to upstream, we spread the word

103
99:59:59,999 --> 99:59:59,999
we say "Oh that would be great if somebody
where to work on that"

104
99:59:59,999 --> 99:59:59,999
And we find the people that 
have the right skills 


105
99:59:59,999 --> 99:59:59,999
to do the work that should be done
when it's not in Tails

106
99:59:59,999 --> 99:59:59,999
We have a very slow rythm 
because we work in Debian

107
99:59:59,999 --> 99:59:59,999
so we have to wait until the next Debian version is released

108
99:59:59,999 --> 99:59:59,999
To see the work we have done in Tails 
as AppArmor

109
99:59:59,999 --> 99:59:59,999
I mentioned earlier, we did it in Debian

110
99:59:59,999 --> 99:59:59,999
so for two years there was work going on
in Debian that was not visible in Tails

111
99:59:59,999 --> 99:59:59,999
but we finally have it

112
99:59:59,999 --> 99:59:59,999
Tails is still alive, 
because it's maintainable

113
99:59:59,999 --> 99:59:59,999
Implementation details -

114
99:59:59,999 --> 99:59:59,999
That's where I give the micro.
[gives micro to kurono]