Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,630 --> 00:00:08,700
Tales is the most used live operating system that is designed for preserving security privacy and anonymity
2
00:00:08,710 --> 00:00:09,060
.
3
00:00:09,390 --> 00:00:17,970
Like others we've gone through it can start in almost any computer from a DVD USP stick or SD card and
4
00:00:17,970 --> 00:00:22,350
it's free software and it's based on Debian Linux.
5
00:00:22,350 --> 00:00:30,090
It is a very commonly recommended option for people looking for anonymity online and that's probably
6
00:00:30,090 --> 00:00:37,560
because Edward Snowden has been known to use it tells provides the option of using Tor or to pay an
7
00:00:37,560 --> 00:00:45,720
anonymising service but its main focus in the fall is Tor both Tor and I to pay will be covert in their
8
00:00:45,720 --> 00:00:51,960
own section so don't worry about that with tails or connections to the Internet forced to go through
9
00:00:52,200 --> 00:01:01,590
the toll network to prevent leaks leaks like DNS IP version 6 and a leak if the Tor connection was to
10
00:01:01,590 --> 00:01:02,460
drop.
11
00:01:02,460 --> 00:01:04,260
So that's a good feature of tails.
12
00:01:04,340 --> 00:01:11,430
Another is it tails is configured to not use the computer's hard disks even if some swap space is on
13
00:01:11,430 --> 00:01:11,880
there.
14
00:01:11,880 --> 00:01:19,800
The only storage space used by tails is the RAM or the memory which is automatically securely erased
15
00:01:20,160 --> 00:01:21,830
when the computer shuts down.
16
00:01:21,930 --> 00:01:28,560
Removing evidence of any activities tails is built with encryption software encryption software that
17
00:01:28,560 --> 00:01:36,660
I do recommend things like looks for us being scription hasty CPS everywhere to force browser encryption
18
00:01:37,050 --> 00:01:43,350
open P O or a nautilus wipe which will be touching on throughout the course.
19
00:01:43,350 --> 00:01:47,790
There's two ways to use tails like there is all of the live operating systems.
20
00:01:47,790 --> 00:01:53,920
You can boot it straight using your laptop or your machine or you can boot it into a virtual machine
21
00:01:54,300 --> 00:02:00,720
and if you're considering using tail's in a virtual machine do be aware that this is a less secure option
22
00:02:01,050 --> 00:02:07,650
as the host can compromise a guest and vice versa Telles works better in virtual box as well.
23
00:02:07,650 --> 00:02:13,380
If you're going to use virtualization as it allows for additional features over other virtual machines
24
00:02:13,380 --> 00:02:23,160
like shared folders resizable display shared clipboard etc. shared folders and clipboard or potential
25
00:02:23,160 --> 00:02:30,210
security issues allowing for propagation of tails to the host operating system files or memory and vice
26
00:02:30,210 --> 00:02:31,080
versa.
27
00:02:31,340 --> 00:02:38,280
I would recommend not using shared folders and clipboard in a virtual tails if the adversary could perform
28
00:02:38,280 --> 00:02:40,060
active attacks.
29
00:02:40,060 --> 00:02:46,380
For more information with the risks associated with virtualization entails go to this link and read
30
00:02:46,380 --> 00:02:47,970
this page.
31
00:02:47,970 --> 00:02:55,320
Also note that due to a bug in virtual box the resizable display and share clipboard only work entails
32
00:02:55,690 --> 00:03:02,820
the virtual machine is configured to have a 32 bit processor shared folders work both in 32 bit and
33
00:03:02,820 --> 00:03:04,330
64 bit guess.
34
00:03:04,570 --> 00:03:07,730
And I'm sure this will be fixed at some point.
35
00:03:07,730 --> 00:03:14,820
A live distribution like tales for someone with basic technical skills is probably the fastest and easiest
36
00:03:14,820 --> 00:03:23,190
way to a reasonable secure operating system that provides access to anonymizing services in that all
37
00:03:23,190 --> 00:03:30,130
they have to do is create a bootable CD or USPC dig from the iso image boot from that.
38
00:03:30,150 --> 00:03:36,300
Everything else is pre-configured which can be good or bad depending on your situation.
39
00:03:36,390 --> 00:03:44,490
Because people faced different types of adversaries and tails is a one fits all solution tail's in combination
40
00:03:44,490 --> 00:03:52,620
with Tor could give people a false sense of security privacy and anonymity against a nation state who
41
00:03:52,620 --> 00:03:59,800
has targeted you or sites you visit or even doing large scale traffic co-relation attacks.
42
00:03:59,820 --> 00:04:01,220
It is not good enough.
43
00:04:01,320 --> 00:04:05,400
The nature of the Internet makes anonymity very difficult.
44
00:04:05,400 --> 00:04:12,120
In lay a sections on VPN ends Tor and other anonymizing services we will explore this more and talk
45
00:04:12,120 --> 00:04:19,270
about how these systems can be de anonymized and ways to potentially avoid this deep anonymization and
46
00:04:19,380 --> 00:04:20,000
tails.
47
00:04:20,010 --> 00:04:27,480
Like all software and operating systems will have flaws and tails will inherit the flaws of the software
48
00:04:27,480 --> 00:04:29,090
that it uses to.
49
00:04:29,100 --> 00:04:37,490
Here we have a somewhat recent incident relating to tales I just want to read what the security researchers
50
00:04:37,490 --> 00:04:38,710
said.
51
00:04:38,790 --> 00:04:43,570
We publicize the fact that we've discovered these issues for a very simple reason.
52
00:04:43,590 --> 00:04:51,180
No user should put full trust into any particular security solution by bringing to light the fact that
53
00:04:51,180 --> 00:04:56,230
we have found verifiable flaws in such a widely trusted piece of code.
54
00:04:56,310 --> 00:05:04,110
We hope to remind the tail user base that no security is infallible even when the issues we've found
55
00:05:04,110 --> 00:05:05,970
are fixed by the tails team.
56
00:05:05,970 --> 00:05:12,330
The community should keep in mind that there are most certainly all the flaws still present and likely
57
00:05:12,330 --> 00:05:13,760
known to others.
58
00:05:15,440 --> 00:05:23,130
Intersections on operating system and application trust we discuss the issues of vulnerabilities and
59
00:05:23,130 --> 00:05:30,780
potential deliberate back doors the same issues of vulnerabilities and possible back doors applies with
60
00:05:30,780 --> 00:05:36,570
tales to either deliberate coerced or accidental methods.
61
00:05:36,600 --> 00:05:43,350
Trust should be distributed if your adversary is a nation state and the consequences are high.
62
00:05:43,430 --> 00:05:51,420
The security privacy and anonymising controls discussed in this cause shall be used in combination with
63
00:05:51,420 --> 00:05:53,100
this level of adversary.
64
00:05:53,100 --> 00:06:00,330
For example you might be using a hot spot fire a boosted antenna a mile away from the Internet cafe
65
00:06:00,330 --> 00:06:09,660
that you actually connected to with tails with nested veep's ends with g.p email etc cetera tails would
66
00:06:09,660 --> 00:06:17,490
only be a piece of the anonymizing solution in order to be anonymous from a nation state against hackers
67
00:06:17,940 --> 00:06:25,140
adversaries of moderate means and where consequences are moderate tales and toile works well to provide
68
00:06:25,140 --> 00:06:27,520
security privacy and anonymity.
69
00:06:27,510 --> 00:06:31,620
And I would recommend it as a live operating system for this.
70
00:06:31,650 --> 00:06:38,300
It is much much better than using Tor browser and your normal operating system alone.
71
00:06:38,340 --> 00:06:46,690
You have no security isolation if you do that the NSA already exploits the bug in Firefox to deal anonymize
72
00:06:46,710 --> 00:06:54,540
Tor uses tails would have helped to mitigate this type of attack by providing isolation and a separate
73
00:06:54,540 --> 00:07:00,330
security domain based on the section on threat landscape that we've gone through.
74
00:07:00,330 --> 00:07:06,150
You should now be able to determine for yourself what tails will protect you from and what it won't
75
00:07:06,150 --> 00:07:06,680
.
76
00:07:06,680 --> 00:07:10,970
So let's go through some of the main things that tails won't protect you from.
77
00:07:10,980 --> 00:07:15,540
First one is firmware rootkit and bios attacks.
78
00:07:15,570 --> 00:07:23,520
Remember the irate man from the NSA catalog that created persistence on the hard drive firmware tails
79
00:07:23,620 --> 00:07:26,120
offers no resistance to this.
80
00:07:26,130 --> 00:07:37,170
Another example you can watch here is a video of PGE keys and e-mails been stolen from Tales via remote
81
00:07:37,270 --> 00:07:39,000
firmware infection
82
00:07:46,120 --> 00:07:49,960
.
83
00:07:50,040 --> 00:07:52,630
Won't protect you from hardware compromisers.
84
00:07:52,650 --> 00:07:59,940
Remember the silly spawn hardware key logger in the catalog and the rangemaster the EVGA cable retro
85
00:07:59,940 --> 00:08:01,320
reflector.
86
00:08:01,350 --> 00:08:08,220
These are hardware compromises tails obviously isn't designed to protect you from tails or the Tor browser
87
00:08:08,430 --> 00:08:13,540
will have a unique fingerprint as the OS is a standard build.
88
00:08:13,690 --> 00:08:20,110
It will be obvious to a knowledgeable observer that using tails in the direct quote here from the tail's
89
00:08:20,120 --> 00:08:24,940
Web site tails doesn't encrypt your documents by default.
90
00:08:24,930 --> 00:08:30,970
The documents that you might save on storage devices will not be encrypted by default except in the
91
00:08:30,960 --> 00:08:37,000
encrypted persistent volume but tails provides you with tools to encrypt your documents such as new
92
00:08:37,020 --> 00:08:40,800
PGE or encrypt your storage devices such as locks.
93
00:08:40,800 --> 00:08:46,620
It is also likely that the files you may create will contain evidence if you need to access the local
94
00:08:46,620 --> 00:08:49,150
hard disk of the computer you are using.
95
00:08:49,140 --> 00:08:55,540
Be conscious that you might then leave trace of your activities with tails on it.
96
00:08:55,620 --> 00:09:01,960
Tails doesn't clear the meta data of your documents for you and doesn't encrypt the subject and or the
97
00:09:01,950 --> 00:09:06,150
headers of your encrypted email messages in the section on metor data.
98
00:09:06,150 --> 00:09:09,220
We will cover mitigations to this.
99
00:09:09,300 --> 00:09:13,980
You shouldn't use the same tail section for different identities.
100
00:09:14,040 --> 00:09:21,480
I don't access your standard email in the same session as you in a forum where using a different identity
101
00:09:21,780 --> 00:09:27,930
you would need to restart tails or use a different environment for each identity because it may be possible
102
00:09:27,930 --> 00:09:30,220
to correlate those identities together.
103
00:09:30,370 --> 00:09:40,460
If you have an adversary of reasonable means close mail leaks plaintext of encrypted emails to map service
104
00:09:40,470 --> 00:09:40,560
.
105
00:09:40,570 --> 00:09:45,950
Now this is a clause for not specifically a tails flaw but it is a problem.
106
00:09:46,170 --> 00:09:52,560
So if you want to use clause you need to look at this page and look at the mitigations but it seems
107
00:09:52,570 --> 00:09:56,490
the main mitigation really is to use pop instead of IMAP
108
00:09:59,220 --> 00:10:06,040
and your new searches for download tails will be logged by at least one nation state the United States
109
00:10:06,070 --> 00:10:07,450
via the NSA.
110
00:10:07,440 --> 00:10:13,150
There was a leaked document detailing this which is here.
111
00:10:13,230 --> 00:10:19,780
This fingerprint identifies users searches for the tail's software program viewing documents relating
112
00:10:19,770 --> 00:10:23,000
to tales of viewing web sites that detailed tales.
113
00:10:23,040 --> 00:10:29,040
Now this is a document that relates to or is in reference to the NSA key school surveillance system
114
00:10:29,040 --> 00:10:29,550
.
115
00:10:29,730 --> 00:10:35,280
So you search for tail you download tails it's going to Marki for more active surveillance at least
116
00:10:35,280 --> 00:10:39,150
in the United States and probably in other nation states.
117
00:10:39,180 --> 00:10:42,200
The developers of tales are anonymous.
118
00:10:42,450 --> 00:10:47,700
It would be easier to determine how much you can trust the developers of tails if you could have some
119
00:10:47,700 --> 00:10:49,500
understanding of who they were.
120
00:10:49,500 --> 00:10:56,530
We don't so this is a negative tails doesn't yet have deterministic and reproducible builds reproducible
121
00:10:56,550 --> 00:11:03,330
bills or a set of software development practices which create a verifiable path from human readable
122
00:11:03,340 --> 00:11:10,920
source code to binary code with reproducible build multiple parties redo build in impenetrably and ensure
123
00:11:10,920 --> 00:11:12,940
they all get exactly the same result.
124
00:11:13,020 --> 00:11:19,800
Although tails is open source someone could cleverly backdoor or mis configured tales to be less secure
125
00:11:19,870 --> 00:11:26,700
or vulnerable reproduceable build help mitigate the chance of getting back doors tails doesn't have
126
00:11:26,700 --> 00:11:32,480
deterministic and reproducible builds yet but no operating system does fully have them yet.
127
00:11:32,790 --> 00:11:39,810
There is a lack of physical and or virtual isolation toward vacation happens within the tails operating
128
00:11:39,820 --> 00:11:40,290
system.
129
00:11:40,290 --> 00:11:48,420
It would be safer to happen at a separate physical or logical device like on a hardware router or a
130
00:11:48,420 --> 00:11:51,390
virtual gateway like you have with nix.
131
00:11:51,480 --> 00:11:56,480
Because of this lack of physical and or virtualization The result is a weakness.
132
00:11:56,490 --> 00:12:04,140
If tails gets routed the adversary could bypass the tail's protection and get the users real or IP easier
133
00:12:04,230 --> 00:12:10,120
than if the Tor and forcing proxy was hosted on a separate device.
134
00:12:10,120 --> 00:12:17,700
Devices laptops that you will use to run the tails live operating system have hardware serial numbers
135
00:12:17,790 --> 00:12:23,550
such as on the motherboard that can be uniquely identified to that motherboard.
136
00:12:23,550 --> 00:12:30,040
This could potentially be got fire malware that was running on tails this hardware information could
137
00:12:30,030 --> 00:12:35,130
then tie the device back to the purchaser and identify who you are.
138
00:12:35,130 --> 00:12:41,470
This is a concern when you're running tails or any live operating system normally natively on the laptop
139
00:12:41,460 --> 00:12:42,420
or device.
140
00:12:42,420 --> 00:12:47,330
This for me is quite a big weakness of running live operating systems and tails.
141
00:12:47,470 --> 00:12:54,120
But if you use virtual machines they do hide hardware serials from malicious software which could get
142
00:12:54,120 --> 00:13:01,230
onto tails which is a security positive for using live operating systems in virtual environments as
143
00:13:01,230 --> 00:13:03,570
opposed to natively on the host.
144
00:13:03,580 --> 00:13:10,100
If you're using tails and virtual box of VM where directly on your hard drive it creates a virtual hard
145
00:13:10,100 --> 00:13:15,710
drive that uses as a temporary hard drive while tails is running one's tales is closed.
146
00:13:15,710 --> 00:13:22,420
This virtual drive is deleted but it's not necessarily permanently deleted deleted files depending on
147
00:13:22,410 --> 00:13:27,840
the hard drive might only be marked as new sectors or not want completely.
148
00:13:27,860 --> 00:13:31,400
And this is more of a variable with solid state drives.
149
00:13:31,410 --> 00:13:36,170
This is a virtual machine issue though and not a tails issue.
150
00:13:36,960 --> 00:13:41,430
There are all weaknesses but we're going to cover those specifically in the section on Tor.
151
00:13:41,460 --> 00:13:43,300
Those are just tails weaknesses
17637
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.