Will ParanoidLinux Protect the Truly Paranoid? 236
ruphus13 writes "There are still places on the world where having anonymity might mean the difference between life and death. Covering one's tracks is considered to be of such paramount importance that we are now witnessing the rise of a Linux distro catering to the most paranoid. The 'alpha-alpha' version of ParanoidLinux is now out. But is this the best way to protect oneself? Couldn't it be easily circumvented? The article asks, 'Why is it necessary to put the applications and services designed to protect anonymity, to encrypt files, to make the user nameless and faceless, all together, in one distribution? Let's think in a truly paranoid manner. Wouldn't it be far easier for a nefarious government organization to target that distribution's repositories, mirror that singular distribution's disk images with files of its own design, and leave every last one of that distribution's users in the great wide open?' What should truly paranoid user do?"
Suggestion (Score:5, Insightful)
well (Score:2, Insightful)
What should truly paranoid user do?
get help?
Hermit (Score:5, Insightful)
A truly paranoid person would be suspicious of absolutely everyone and everything. That would mean writing your own OS on your own hardware etc etc.
Since this is impossible, go and live in hiding with no human contact or chance thereof.
Why would you download this 'super-safe' OS from some people you never met, through a public unencrypted network, if your life depended on it?
True open source question (Score:5, Insightful)
If you do not examine the source, how can you trust any piece of software? You are in effect agreeing to trust the unknown people that have looked at the source. Except in the case of a smallish distribution nobody may have actually looked into that particular distribution in any detail at all.
Of course, there is a greater issue of trust. If you accept chips made by unknown fabricators, do you know what microcode has been implemented? If you cannot examine the "source code" of the chips being used how can you actually trust that these chips are not doing things behind your back to reveal your identity and files?
So without a truly "open" computer, you are trusting a whole raft of unknown individuals and companies with your identity, your data, your reputation.
Moreover, if you are not knowledgeable about programming languages, using any computer is an act of utter faith with plenty of reason to not be so trusting. It is like climbing a mountain with a guide that only lost "a few" parties last year.
easy answer (Score:5, Insightful)
"What should truly paranoid user do?"
Stay off the internet.
Paranoia (Score:2, Insightful)
The truly paranoid are irrational and contradictory.
They do things like refuse to fly on planes because the government obviously staged 9/11 and killed all of those people on the planes, so they don't want to become a part of that. But they'll work in the same areas that would be likely targets if another round of 9/11-esque hijackings occurred. They do things wrap everything in tin foil to keep the mind control/thought reading beams out, but happily sit in conspiracy theory forums all day, and go to work or to the store to get supplies.
If the paranoid want to find fault, they'll find fault. Obviously this is a thinly-veiled attempt by the government to see what the paranoid want to hide.
Re:True open source question (Score:2, Insightful)
You implement your own compiler in assembly, on open chips, and then you compile a checked version of gcc with the compiler you built and go on from there.
Obviously. :p
Re:True open source question (Score:3, Insightful)
Great, and really cool, thought experiment. However, you can hand-assemble fairly easily (I wouldn't, though) and then you don't even need to trust so much as an assembler.
For the paranoid but lazy - check the C source for spies, compile to assembler, check the assembler and make sure it matches the C code, then hand-assemble.
Or write your own quick and dirty C compiler, use it to compile GCC, then compile it with itself so you get the nifty optimizations.
Re:This is a non-issue! (Score:1, Insightful)
Not true. For instance I recall an open source code base being broken into a few years ago. The hackers (I use the term in the negative context here) checked in a module change that looked like a bug fix, but had it's own bug, one that allowed an undesired privilege escalation if you used the system call a certain way.
Code can look like it is right, but have difficult to see side effects.
Oh, I get it. You were being sarcastic when you said it would be easy to spot the back doors.
Re:Borrow wifi - get someone to type for you (Score:1, Insightful)
3. Establish online identities such as gmail that have no tie whatsoever to any of your identity info or financial info
That point is problematic, since Google has essentially been founded by the NSA and correlates your IP numbers with all other information it gathers using powerful data mining techniques.