Re: Fwd: Outreachy 2017, OpenPGP
(Tails developer speaking. Disclaimer: I've not looked closely at
Clean Room since a while, so I might be relying on
> I have a few questions:
> ->What exactly is the difference between Tails that we are trying to build
> and Clean room that we can live boot
I bet that the Clean Room functionality could very well be provided in
Tails with rather little effort (Tails already provides encrypted
persistence with a nice configuration GUI + an "offline" mode where no
network device drivers can be loaded). I think this approach would
have a number of advantages over yet another Live system with greatly
overlapping problems to solve.
But Tails is a third-party Debian derivative, and plausibly some
potential users are more comfortable with using a Debian "pure blend"
for managing private key material. Now, chances are that the
overlapping part between Tails and Clean Room has seen more scrutiny
by security researchers in Tails, and I suspect that Clean Room won't
become high profile enough to change that, at least on the short term.
So I don't know :)
> ->Apart from maintaining anonymity in TAILS what is the other use of the
> TAILS operating system.
I'll paste stuff we've written elsewhere:
Tails is a live operating system that can be started on almost any
computer from a USB stick or a DVD. Tails provides a platform to
solve many digital threats by "doing the right thing" out of the
box; most notably, allowing storage of data and configuration while
protecting against device seizure, and Internet filtering
circumvention beyond web browsing (for example, email and
People use Tails to write books and create movies. People use Tails to
chat off-the-record, browse the web anonymously, and share sensitive
documents. Many human rights defenders depend on Tails to do their daily
work, if not simply to stay alive.
Tails provides a secure platform that improves endpoint security by
making it comparatively easier to use the right tools in the right way.
We strongly believe that usability is a security feature: the
theoretically most secure piece of software is of no use if the people
who need it cannot use it. Furthermore, if misused a security tool can
be even more dangerous by providing a false sense of security. That's
why we put a strong emphasis on user experience, documentation, and
working in close relationship with organizations working in the field.