Slashdot Log In
Will ParanoidLinux Protect the Truly Paranoid?
Posted by
kdawson
on Sat Oct 04, 2008 04:30 PM
from the tinfoil-laptop-carrying-case dept.
from the tinfoil-laptop-carrying-case dept.
ruphus13 writes "There are still places on the world where having anonymity might mean the difference between life and death. Covering one's tracks is considered to be of such paramount importance that we are now witnessing the rise of a Linux distro catering to the most paranoid. The 'alpha-alpha' version of ParanoidLinux is now out. But is this the best way to protect oneself? Couldn't it be easily circumvented? The article asks, 'Why is it necessary to put the applications and services designed to protect anonymity, to encrypt files, to make the user nameless and faceless, all together, in one distribution? Let's think in a truly paranoid manner. Wouldn't it be far easier for a nefarious government organization to target that distribution's repositories, mirror that singular distribution's disk images with files of its own design, and leave every last one of that distribution's users in the great wide open?' What should truly paranoid user do?"
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Suggestion (Score:5, Insightful)
Re:Suggestion (Score:5, Funny)
Are you talking about me?
Parent
Re:Suggestion (Score:5, Informative)
Just because you're paranoid
doesn't mean they're not out to get you.
Remember, this is the same "they" that
are responsible for every negative thing
that affects you. They are very powerful,
and pretty much omniscient, and although
you are boring, they are not bored
observing and foiling your every move.
Parent
Re:Suggestion (Score:5, Funny)
reminds me of this:
In The Know: Is The Government Spying On Paranoid Schizophrenics Enough?
http://www.theonion.com/content/video/in_the_know_is_the_government [theonion.com]
Parent
Re:Suggestion (Score:5, Funny)
The truly paranoid user should get some help...
So says one of the brainwashed masses. Have you considered that perhaps the only reason you don't believe that the government is reading and writing your thoughts is because you have been programmed to think that way? And have you considered that perhaps the paranoid aren't crazy but they only appear that way because you have been programmed to think that way?
Of course not! This level of introspection would require you to break free of your programming. And even if you were able to independently do so, without wearing a psychotronic radiation deflector beanie you would just be reprogrammed in an instant.
For the rest of us 'paranoids' I recommend that we hunker down and reinforce each others 'crazy' ideas. After all, we are the only ones who recognize our thoughts for what they are: sanity. And no, we don't consider our criticizing of the lack of introspection of the brainwashed masses to be hypocrisy because we *know* that we are right, unlike the brainwashed masses who are programmed to think that way.
Parent
Re:Suggestion (Score:4, Funny)
I would love to, but who to trust ...
Parent
The obvious answer (Score:4, Funny)
Trust no one?
Re:The obvious answer (Score:4, Funny)
"Stay Alert! Trust No One! Keep Your Laser Handy!"
and
"Trust The Computer. The Computer is Your Friend."
Parent
Hermit (Score:5, Insightful)
A truly paranoid person would be suspicious of absolutely everyone and everything. That would mean writing your own OS on your own hardware etc etc.
Since this is impossible, go and live in hiding with no human contact or chance thereof.
Why would you download this 'super-safe' OS from some people you never met, through a public unencrypted network, if your life depended on it?
Chuck Moore has done this... (Score:4, Interesting)
I'd say he's well on his way to achieving this.
Parent
Re:Hermit (Score:4, Informative)
But there's no reason to ask whether or not the truly paranoid would be willing to use Paranoid Linux, because it's not aimed at them. It's just a clever name. It's aimed at people who actually have a rational fear that someone's out to get them. (Note that, if everyone really was out to get you, and you knew that they were, it would be impossible for you to be paranoid. The following is not an actual instance of Godwin's Law because I'm not using this to counteract anybody's argument, it's just an actual good example: while Hitler's often been described as paranoid, it would actually have been impossible for him to have been paranoid. Nearly every person in the world really did have potential reasons to be out to get him.)
So this is aimed at people like political dissenters in oppressive countries. They aren't paranoid, but in many ways they act like paranoid people, because it truly is possible, or even likely, that someone really is out to get them.
The main thing I worry about is that the mere presence of Paranoid Linux installed on your machine will be grounds for prosecuting you in the places where it's most needed. Is Paranoid Linux paranoid enough to make itself appear indistinguishable from Windows? Can Paranoid Linux run in the background as a stealth rootkit on Windows that you can't even find or access without secret, user-specifiable knowledge?
Parent
Based on an idea from Cory's book (Score:4, Informative)
Re: (Score:3, Funny)
True open source question (Score:5, Insightful)
If you do not examine the source, how can you trust any piece of software? You are in effect agreeing to trust the unknown people that have looked at the source. Except in the case of a smallish distribution nobody may have actually looked into that particular distribution in any detail at all.
Of course, there is a greater issue of trust. If you accept chips made by unknown fabricators, do you know what microcode has been implemented? If you cannot examine the "source code" of the chips being used how can you actually trust that these chips are not doing things behind your back to reveal your identity and files?
So without a truly "open" computer, you are trusting a whole raft of unknown individuals and companies with your identity, your data, your reputation.
Moreover, if you are not knowledgeable about programming languages, using any computer is an act of utter faith with plenty of reason to not be so trusting. It is like climbing a mountain with a guide that only lost "a few" parties last year.
Re:True open source question (Score:4, Interesting)
Ken Thompson talks about using untrusted compilers in his lecture, "Reflections on Trusting Trust" [bell-labs.com].
(See also: this [scienceblogs.com])
Parent
easy answer (Score:5, Insightful)
"What should truly paranoid user do?"
Stay off the internet.
Borrow wifi - get someone to type for you (Score:5, Interesting)
1. Always borrow random open wifi access points,
in a geographic pattern not centered around your habitual location
2. Get a new unknowing assistant to type in roughly what you want to say each time. There are pattern detectors for your ways of expressing things.
3. Establish online identities such as gmail that have no tie whatsoever to any of your identity info or financial info
What do do? (Score:3, Informative)
What should truly paranoid user do?
Pull the tinfoil hat down tighter....
Quite Franky (Score:5, Funny)
This slashdot story was posted to get us to use Paranoid Linux, which can only mean that some one planted a backdoor in it.
Just not in a public place. (Score:4, Interesting)
A paranoid user should use this (Score:4, Interesting)
I think a lot of people misunderstand the concept of "single point of failure". With all of this stuff in one place, yes, there's only one place that attackers need to attack. But there's also only one place that defenders need to defend. The alternative is that all these security programs remain scattered in lots of places on the Internet. True, attackers probably won't be able to subvert more than a couple of those, but it only takes one flaw in your security for them to get you. If you subverted GPG, it doesn't matter much that TrueCrypt is still working for you. If someone subverted SSL, or DNS, and it doesn't matter much that the Linux Kernel is still secure. Best to get everything from one place, and make sure that one place is really, REALLY damn secure.
Re:well (Score:5, Interesting)
What should truly paranoid user do?
get help?
get BSD?
Seriously, there is already an OS aimed at security... OpenBSD:
"Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography."
"Audit Process:
Our security auditing team typically has between six and twelve members who continue to search for and fix new security holes. We have been auditing since the summer of 1996. The process we follow to increase security is simply a comprehensive file-by-file analysis of every critical software component. We are not so much looking for security holes, as we are looking for basic software bugs, and if years later someone discovers the problem used to be a security issue, and we fixed it because it was just a bug, well, all the better. Flaws have been found in just about every area of the system. Entire new classes of security problems have been found during our audit, and often source code which had been audited earlier needs re-auditing with these new flaws in mind. Code often gets audited multiple times, and by multiple people with different auditing skills."
Parent
Re:well (Score:4, Funny)
Parent
Re: (Score:3, Funny)
but can the author be trusted?
Re:well (Score:5, Funny)
OBVIOUSLY the paranoid individual will not allow anyone else to see the self help book, let alone publish it.
Also, the self help book will be written freehand in blood. Every time the paranoid reads the book they will DNA test the blood to ensure that it is their own blood. DNA tests are ofcourse done in house and using tools that the paranoid has already assembled based on research that they have done themselves.
Still, there is a risk of clone operatives... but isn't there always?
Parent