WEBVTT 00:00:04.491 --> 00:00:07.300 Hello, Thank you for coming 00:00:07.480 --> 00:00:13.785 We're gonna give a talk about and gonna give a technical overview of Tails. 00:00:15.720 --> 00:00:20.480 That's kurono, intrigeri and I am BitingBird. 00:00:30.500 --> 00:00:35.260 We are all Tails contributors in different fields. 00:00:37.730 --> 00:00:41.630 I don't do technical things, 00:00:41.760 --> 00:00:47.740 intrigeri is one of the oldest tails contributors 00:00:47.740 --> 00:00:54.500 and kurono contributes since two years now. 00:00:56.400 --> 00:01:01.740 Tails is the acronym of The Amnesic Incognito Live System 00:01:02.070 --> 00:01:06.940 And here is the nice url, where you can have all the information. 00:01:08.621 --> 00:01:10.531 It's a live operating system. 00:01:10.730 --> 00:01:15.460 It works on almost any computer - except ARM 00:01:16.480 --> 00:01:20.830 And it boots from a dvd or a usb stick 00:01:20.830 --> 00:01:25.280 and theoretically from sdcard too, but it doesn't work very well. 00:01:28.970 --> 00:01:34.590 The focus of our distribution is privacy and anonymity. 00:01:35.471 --> 00:01:40.491 It allows the user to use the internet anonymously. 00:01:43.040 --> 00:01:47.480 And also, when there is censorship, to circumvent it. 00:01:48.931 --> 00:01:52.111 All the connections to the internet go with tor, 00:01:52.461 --> 00:01:56.041 which is an anonymization network. 00:01:57.720 --> 00:02:02.200 That's the first big feature of tails. 00:02:02.200 --> 00:02:03.691 And the second one is 00:02:03.691 --> 00:02:06.200 that there is no trace on the computer you are using 00:02:06.200 --> 00:02:13.990 so after you used it nobody can see that you've used the computer. 00:02:15.930 --> 00:02:20.601 If somebody would grab your computer and search files 00:02:20.601 --> 00:02:23.551 they would not know, what you have done. 00:02:25.250 --> 00:02:29.100 Unless you ask for it explicitly <????> 00:02:29.721 --> 00:02:36.721 We have also a lot of data producing tools 00:02:38.000 --> 00:02:47.761 because some users use it to write books, articles, video and such things. 00:02:48.651 --> 00:02:54.410 They want to be able to create such documents without being traced. 00:02:58.460 --> 00:03:01.640 Does it work ? 00:03:01.640 --> 00:03:04.890 We have a very good report, 00:03:04.891 --> 00:03:06.901 not from our users, 00:03:06.901 --> 00:03:11.840 actually from the people we are supposed to protect them against. 00:03:11.840 --> 00:03:16.260 The NSA says, that it's a pain in the ass. 00:03:16.483 --> 00:03:22.751 When the NSA says you're making their life harder 00:03:22.751 --> 00:03:26.230 somehow you're doing something right. 00:03:26.230 --> 00:03:31.490 [klapping, laughing] 00:03:31.500 --> 00:03:37.490 I guess you can imagine who's the famous tails user 00:03:37.490 --> 00:03:41.600 who gave us access to the documents where they say that 00:03:42.790 --> 00:03:48.530 There is also Bruce Schneier who says he uses Tails 00:03:49.231 --> 00:03:53.681 so, not bad. 00:03:54.601 --> 00:03:57.351 So, what are our goals? 00:03:57.480 --> 00:04:01.692 We took a stance in the beginning of Tails 00:04:01.692 --> 00:04:04.513 that it was not really common back then 00:04:04.513 --> 00:04:08.110 to have usability as a security feature 00:04:08.110 --> 00:04:13.540 because "ubergeeks" where already able to have secure communication. 00:04:15.221 --> 00:04:18.530 The thing is privacy is not an individual matter. 00:04:18.530 --> 00:04:19.941 It's a collective matter. 00:04:19.941 --> 00:04:22.801 Everybody needs to have privacy 00:04:22.801 --> 00:04:32.501 and new users and non geek users had no way to get access to this. 00:04:32.502 --> 00:04:36.530 The tools existed but they had no user interface 00:04:36.530 --> 00:04:39.730 or they where really hard to configure. 00:04:39.730 --> 00:04:45.741 So, we designed a system that gives a quite good level of security 00:04:45.741 --> 00:04:49.031 with a quite good level of usability. 00:04:49.480 --> 00:04:54.760 Lots of the time people ask us, why we don't include more security features. 00:04:54.760 --> 00:04:58.610 We have to make a balance between security and usability. 00:04:58.611 --> 00:05:02.230 Because if it's really secure but nobody can use it 00:05:02.230 --> 00:05:05.931 then it doesn't bring anything. 00:05:05.931 --> 00:05:10.171 It makes security accessible for most people. 00:05:12.464 --> 00:05:15.912 Another important point in our project 00:05:15.912 --> 00:05:20.242 is to have a very small delta to our upstream. 00:05:21.660 --> 00:05:28.510 Our main upstream is Debian and we try to not diverge too much from it. 00:05:30.500 --> 00:05:34.100 Because the more you do things differently 00:05:34.100 --> 00:05:37.501 the more work you have to maintain. 00:05:37.501 --> 00:05:41.363 The work is not the work of implementing something once 00:05:41.363 --> 00:05:44.663 it's the work of maintaining on the long term. 00:05:45.262 --> 00:05:49.772 There where a lot of other security distributions 00:05:49.772 --> 00:05:51.903 and there are still a few others 00:05:51.903 --> 00:05:55.523 But most of them have a very short lifespan 00:05:57.814 --> 00:06:02.020 because of maintenance. 00:06:02.020 --> 00:06:04.756 It's a distribution and 00:06:04.756 --> 00:06:07.632 we're a very tiny team compared to Debian 00:06:07.632 --> 00:06:10.283 but we're a team. 00:06:10.283 --> 00:06:15.290 Lots of other privacy distributions where either one person 00:06:15.290 --> 00:06:22.290 or very tiny teams and they didn't make outrage to be joined by other people 00:06:24.440 --> 00:06:32.752 Most other privacy distributions didn't take into account the maintenance work 00:06:32.752 --> 00:06:35.501 and the user support because 00:06:35.501 --> 00:06:37.761 even if we try to make it usable 00:06:37.761 --> 00:06:43.000 it's still a lot of work to teach the users how to use it 00:06:43.000 --> 00:06:46.806 and to document how to use it. 00:06:46.806 --> 00:06:49.270 Also if you want to start such a project 00:06:49.270 --> 00:06:52.741 you need to have a long term commitment 00:06:52.741 --> 00:06:57.301 and to remember to avoid the symptom of "not invented here". 00:06:57.691 --> 00:07:03.392 It's quite common to try to do something that does exactly what you want 00:07:03.392 --> 00:07:08.031 but sometimes it's best to find an existing software 00:07:08.031 --> 00:07:11.781 that does something close enough 00:07:11.781 --> 00:07:18.250 to make the new features you want in it or use it as it is. 00:07:20.970 --> 00:07:23.770 We are trying to do most of our work, 00:07:23.770 --> 00:07:26.790 at least a good part of our work upstream 00:07:26.790 --> 00:07:30.014 so we did AppArmor 00:07:30.014 --> 00:07:32.930 in Debian specifically there is an AppArmor team, 00:07:32.930 --> 00:07:37.360 an anonymity tools team and an OTR team 00:07:37.361 --> 00:07:42.001 who work on things that we use in Tails 00:07:42.501 --> 00:07:49.271 libvirt, Seahorse, Tor and Puppet are other projects we contributed to 00:07:49.271 --> 00:07:54.771 instead of implementing ourselves what we need in Tails 99:59:59.999 --> 99:59:59.999 we did it upstream and it took longer to fall down to us 99:59:59.999 --> 99:59:59.999 but it's maintainable. 99:59:59.999 --> 99:59:59.999 When we finally have the new features 99:59:59.999 --> 99:59:59.999 we have no work of keeping them. 99:59:59.999 --> 99:59:59.999 As a result we have really little Tails specific code 99:59:59.999 --> 99:59:59.999 we mostly do glue work between the code 99:59:59.999 --> 99:59:59.999 we take from our upstreams 99:59:59.999 --> 99:59:59.999 and we do a lot of social work 99:59:59.999 --> 99:59:59.999 we talk to upstream, we spread the word 99:59:59.999 --> 99:59:59.999 we say "Oh that would be great if somebody where to work on that" 99:59:59.999 --> 99:59:59.999 And we find the people that have the right skills 99:59:59.999 --> 99:59:59.999 to do the work that should be done when it's not in Tails 99:59:59.999 --> 99:59:59.999 We have a very slow rythm because we work in Debian NOTE Paragraph 99:59:59.999 --> 99:59:59.999 so we have to wait until the next Debian version is released 99:59:59.999 --> 99:59:59.999 To see the work we have done in Tails as AppArmor 99:59:59.999 --> 99:59:59.999 I mentioned earlier, we did it in Debian 99:59:59.999 --> 99:59:59.999 so for two years there was work going on in Debian that was not visible in Tails 99:59:59.999 --> 99:59:59.999 but we finally have it 99:59:59.999 --> 99:59:59.999 Tails is still alive, because it's maintainable 99:59:59.999 --> 99:59:59.999 Implementation details - 99:59:59.999 --> 99:59:59.999 That's where I give the micro. [gives micro to kurono]