trust.mdwn 4.95 KB
Newer Older
Tails developers's avatar
Tails developers committed
1
[[!meta title="Trusting Tails"]]
2 3 4 5 6 7 8

Trust is a very problematic issue, and that's the essence of why
security is difficult in every field, including computers and Internet
communication. Do you trust Tails and its developers? Do you think we
have planted backdoors in Tails so we can take control of your
computer, or that we make Tails generate compromised encryption keys
in order to enable the government to spy on you? Do you simply trust
9
our word that we are legit?
10

11 12 13
No matter what your opinion is in this matter you should ask yourself how you
reached your conclusion. Both trust and distrust need to be
established based on facts, not gut feelings, paranoid suspicion,
sajolida's avatar
sajolida committed
14
unfounded hearsay, or our word. Of course, we claim to be honest, but
15 16 17 18 19 20
written assurances are worthless. In order to make an informed
decision you must look at the greater picture of what Tails is
comprised of, our affiliations, and possibly how others trust us.

[[!toc levels=2]]

21 22
<a id="free_software"></a>

23 24 25
Free software and public scrutiny
=================================

Tails developers's avatar
Tails developers committed
26
Free software, [[like Tails|about/license]], enables its users to check
27
exactly what the software distribution consists of and how it
28
functions, since the source code must be made available to all who
29 30 31 32
receive it. Hence a thorough audit of the code can reveal if any
malicious code, like a backdoor, is present. Furthermore, with the
source code it is possible to build the software, and then compare the
result against any version that is already built and being
33
distributed, like the Tails ISO images that [[you can download from
sajolida's avatar
sajolida committed
34
us|install]]. That way it can be determined whether the distributed
35
version actually was built with the source code, or if any malicious
36
changes have been made.
37 38

Of course, most people do not have the knowledge, skills or time
39
required to do this, but due to public scrutiny anyone can have a
40 41
certain degree of implicit trust in Free software, at least if it is
popular enough that other developers look into the source code and do
Tails developers's avatar
Tails developers committed
42
what was described in the previous paragraph. After all, there is a
43 44 45
strong tradition within the Free software community to publicly report
serious issues that are found within software.

Tails developers's avatar
Tails developers committed
46
Trusting Debian GNU/Linux
47 48 49
=========================

The vast majority of all software shipped in Tails comes from the
50
[[Debian GNU/Linux distribution|https://www.debian.org/]]. Debian is
51
arguably the Linux distribution whose software packages are under
52
the deepest public scrutiny. Not only is Debian itself one of the largest
53 54 55 56
Linux distros, but it's also one of the most popular distros to make
derivatives from. Ubuntu Linux, for instance, is a Debian derivative,
and the same goes transitively for all of its derivatives, like Linux
Mint. Thus there are countless people using Debian's software
Tails developers's avatar
Tails developers committed
57
packages, and countless developers inspect their integrity. Very
58 59 60 61 62 63 64 65 66 67 68 69 70 71
serious security issues have been discovered (like the infamous
[[Debian SSH PRNG vulnerability|https://lists.debian.org/debian-security-announce/2008/msg00152.html]]),
but backdoors or other types of intentionally placed security holes
have never been found to our knowledge.

Trusting Tor
============

Tails anonymity is based on Tor, which is developed by [[The Tor
Project|https://www.torproject.org/]]. The development of Tor is under
a lot of public scrutiny both academically (research on attacks and
defenses on onion routing) and engineering-wise (Tor's code has gone
through several external audits, and many independent developers have
read through the sources for other reasons). Again, security issues
72
have been reported, but nothing malicious like a backdoor -- we would
73
argue that it's only uninformed conspiracy theorists that speculate
Tails developers's avatar
Tails developers committed
74
about deliberate backdoors in Tor these days. Furthermore, Tor's
75 76 77 78 79 80 81 82 83
distributed trust model makes it hard for a single entity to capture
an individual's traffic and effectively identify them.

Trusting Tails
==============

One could say that Tails is the union of Debian and Tor. What we do,
essentially, is gluing it all together. Hence, if you trust Debian and
The Tor Project, what remains to establish trust for Tails is to trust
127.0.0.1's avatar
grammar  
127.0.0.1 committed
84
our "glue". As has been mentioned, Tails is Free software, so its
85 86 87
source code is completely open for inspection, and it mainly
consists of a specification for which Debian software packages to
install and how they should be configured. While Tails surely doesn't
88
get the same amount of attention as Debian or Tor, we do have some
89
eyes on us, especially the Tor community, and also some of the
90 91 92
general security community (see our [[audits page|security/audits]]).
Given that Tails' source code is comparably small and devoid of
complexities, we're in a pretty good spot compared to many other
93 94 95
projects of similar nature. Our [[specification and design
document|contribute/design]] is a good starting point to understand
how Tails works, by the way.
96 97 98 99

With all this in light (which you ideally also should try to verify),
you should be able to make an informed decision on whether or not you
should trust our software.