|
|
---
|
|
|
title: Tails community toolkit notes
|
|
|
title: Tails usability notes
|
|
|
---
|
|
|
|
|
|
# Tactics Guides
|
|
|
|
|
|
## Seting up a working group
|
|
|
|
|
|
- Task-specific account creation
|
|
|
|
|
|
## Using Tails
|
|
|
|
|
|
1. Installing Tails checklist
|
... | ... | @@ -21,12 +17,10 @@ title: Tails community toolkit notes |
|
|
2. Account creation using Tails
|
|
|
3. Captive portals
|
|
|
4. Tails updates & upgrades
|
|
|
5. `sudo dpkg --add-architecture amd64`
|
|
|
6. Download folder
|
|
|
5. ~~`sudo dpkg --add-architecture amd64`~~
|
|
|
6. Tor Browser uploads & downloads
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
# Tool Guides
|
|
|
|
|
|
## Using Linux
|
... | ... | @@ -38,30 +32,17 @@ title: Tails community toolkit notes |
|
|
|
|
|
## Pimp your Tails
|
|
|
|
|
|
1. lock screen
|
|
|
1. lock screen (being fixed)
|
|
|
2. suspend/resume bugs
|
|
|
3. background
|
|
|
4. startup script
|
|
|
5. HID
|
|
|
6. language
|
|
|
7. Timezone setting
|
|
|
8. Atom (`.deb` works on v3.0+ 64bit Tails)
|
|
|
|
|
|
|
|
|
## Existing tool guides for Tails
|
|
|
|
|
|
### KeePassX 2.0.2
|
|
|
|
|
|
- Explain reasons for using v2.0.2
|
|
|
|
|
|
- Then:
|
|
|
```
|
|
|
sudo sh -c 'echo keepassx/jessie-backports >> /live/persistence/TailsData_unlocked/live-additional-software.conf'
|
|
|
sudo apt-get update
|
|
|
sudo apt-get install keepassx
|
|
|
```
|
|
|
4. manually run "startup scripts"
|
|
|
5. languages
|
|
|
6. Timezone settings
|
|
|
7. Atom (`.deb` works on v3.0+ 64bit Tails)
|
|
|
8. Backup
|
|
|
9. VPN-over-Tor
|
|
|
|
|
|
- ???
|
|
|
## Existing SiaB tool guides relevant to Tails
|
|
|
|
|
|
### VeraCrypt
|
|
|
|
... | ... | @@ -95,42 +76,66 @@ tar -xvf veracrypt-1.17-setup.tar.bz2 |
|
|
|
|
|
### Backing up Tails
|
|
|
|
|
|
- CloneZilla?
|
|
|
- Include guides for Windows and Mac for "outside of Tails" backup?
|
|
|
- GUI?
|
|
|
- Windows requires shareware install...
|
|
|
- `dd` equivalent steps for all three OSs?
|
|
|
- Include "inside Tails" backup w/ VeraCrypt?
|
|
|
- Include "inside Tails" backup w/ VeraCrypt? Eww.
|
|
|
|
|
|
|
|
|
### ~~KeePassX 2.0.2~~
|
|
|
|
|
|
- Explain reasons for using v2.0.2
|
|
|
|
|
|
- Then:
|
|
|
```
|
|
|
sudo sh -c 'echo keepassx/jessie-backports >> /live/persistence/TailsData_unlocked/live-additional-software.conf'
|
|
|
sudo apt-get update
|
|
|
sudo apt-get install keepassx
|
|
|
```
|
|
|
|
|
|
- ???
|
|
|
|
|
|
|
|
|
### ~~Jitsi~~
|
|
|
|
|
|
- Insistence on pinging DNS and XMPP servers before connecting prevents it from working on Tails
|
|
|
- Yeah, no.
|
|
|
- Also: insistence on pinging DNS and XMPP servers before connecting prevents it from working on Tails
|
|
|
|
|
|
|
|
|
## New tool guides for Tails
|
|
|
|
|
|
### Pidgin OMEMO and message carbons
|
|
|
## Possible New tool guides for Tails
|
|
|
|
|
|
Sources:
|
|
|
- [OMEMO plugin](https://github.com/gkdr/lurch)
|
|
|
- [Message carbons plugin](https://github.com/gkdr/carbons)
|
|
|
|
|
|
```
|
|
|
sudo apt-get install build-essential cmake libpurple-dev libmxml-dev libxml2-dev libsqlite3-dev libgcrypt20-dev libglib2.0-dev
|
|
|
cd ~/Persistence/src
|
|
|
git clone https://github.com/gkdr/lurch/
|
|
|
git clone https://github.com/gkdr/carbons.git
|
|
|
cd lurch
|
|
|
git submodule update --init --recursive
|
|
|
make
|
|
|
make install-home
|
|
|
cd ../carbons
|
|
|
make
|
|
|
make install
|
|
|
```
|
|
|
### Two-factor authentication on the desktop
|
|
|
|
|
|
- KeePassXC's built-in 2fa features
|
|
|
- [Yubico Authenticator?](https://www.yubico.com/support/download/)
|
|
|
- [Binary download](https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-3.0.1.tar.gz)
|
|
|
- [Source](https://github.com/Yubico/yubioath-desktop)
|
|
|
- [Yubikey](https://www.yubico.com/why-yubico/for-individuals/) instructions?
|
|
|
- **Support for:**
|
|
|
- Gmail and Google Accounts
|
|
|
- GitHub
|
|
|
- Dropbox (using U2F)
|
|
|
- WordPress
|
|
|
- Dropbox (using TOTP)
|
|
|
- Evernote
|
|
|
- **No support for:**
|
|
|
- Twitter?
|
|
|
- Facebook?
|
|
|
- ~~[This guy's setup?](https://brianreiter.org/2015/05/11/2-step-verification-code-generator-for-unix-terminal/)~~
|
|
|
- ~~`sudo apt-get install libpam-google-authenticator`~~
|
|
|
- ~~`sudo apt-get install otpw-bin` ([source](https://blog.dhampir.no/content/one-time-passwords-in-debian-wheezy-with-libpam-otpw))~~
|
|
|
|
|
|
### Onionshare
|
|
|
|
|
|
- ~~[Issues with tor *control port*](https://labs.riseup.net/code/issues/7870)~~
|
|
|
|
|
|
|
|
|
### Gajim
|
|
|
|
|
|
Kind of working...
|
|
|
|
|
|
#### Debian packages on Tails 3.3?
|
|
|
|
... | ... | @@ -244,46 +249,12 @@ wget -r -l1 -np -nH --cut-dirs=2 -P /home/amnesia/.local/share/gajim/plugins htt |
|
|
- [General-purpose downloader](https://github.com/iNPUTmice/ImageDownloader) that doesn't work in Tails (from [Issue 19](https://github.com/omemo/gajim-omemo/issues/19))
|
|
|
- [Wrapper to select the "browser" used by Gajim to download images](https://gist.github.com/iNPUTmice/b5667a61d17bffb33c23) (from [Issue 19](https://github.com/omemo/gajim-omemo/issues/19))
|
|
|
|
|
|
### Two-factor authentication on the desktop
|
|
|
|
|
|
- KeePassXC
|
|
|
- ~~[This guy's badass setup?](https://brianreiter.org/2015/05/11/2-step-verification-code-generator-for-unix-terminal/)~~
|
|
|
- [Yubico Authenticator?](https://www.yubico.com/support/download/)
|
|
|
- [Binary download](https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-3.0.1.tar.gz)
|
|
|
- [Source](https://github.com/Yubico/yubioath-desktop)
|
|
|
- [Yubikey](https://www.yubico.com/why-yubico/for-individuals/) instructions?
|
|
|
- **Support for:**
|
|
|
- Gmail and Google Accounts
|
|
|
- GitHub
|
|
|
- Dropbox (using U2F)
|
|
|
- WordPress
|
|
|
- Dropbox (using TOTP)
|
|
|
- Evernote
|
|
|
- **No support for:**
|
|
|
- Twitter?
|
|
|
- Facebook?
|
|
|
|
|
|
- ~~`sudo apt-get install libpam-google-authenticator`~~
|
|
|
- ~~`sudo apt-get install otpw-bin` ([source](https://blog.dhampir.no/content/one-time-passwords-in-debian-wheezy-with-libpam-otpw))~~
|
|
|
|
|
|
### Onionshare?
|
|
|
|
|
|
- ~~[Issues with tor *control port*](https://labs.riseup.net/code/issues/7870)~~
|
|
|
|
|
|
### Gobby?
|
|
|
|
|
|
- [Decentralized, encrypted, Collaborative editing (and chat)](https://gobby.github.io/)
|
|
|
- Debian packages:
|
|
|
- Editor: `gobby-infinote`
|
|
|
- Daemon: `infinoted`
|
|
|
- [Download](https://github.com/gobby/gobby/wiki/Download)
|
|
|
- Source:
|
|
|
- [Github](https://github.com/gobby/gobby)
|
|
|
- [Libinfinity](http://releases.0x539.de/libinfinity/libinfinity-0.6.7.tar.gz)
|
|
|
- [Gobby](http://releases.0x539.de/gobby/gobby-0.5.0.tar.gz)
|
|
|
|
|
|
### Signal Desktop (Electron alpha)
|
|
|
|
|
|
Not working...
|
|
|
|
|
|
#### Install using Debian package
|
|
|
|
|
|
##### Step 1: Update Signal Desktop to version 0.43.4+ and accept the new permissions
|
... | ... | @@ -385,6 +356,21 @@ nvm deactivate |
|
|
- [From source](https://gist.github.com/shvchk/60b8410edf7eb00e7696f1534d47428d)
|
|
|
- [Updated walkthrough on building from source?](https://frederik.lindenaar.nl/2017/03/02/signal-desktop-stand-alone-os-x-application.html)
|
|
|
|
|
|
|
|
|
|
|
|
### ~~Gobby?~~
|
|
|
|
|
|
- [Decentralized, encrypted, Collaborative editing (and chat)](https://gobby.github.io/)
|
|
|
- Debian packages:
|
|
|
- Editor: `gobby-infinote`
|
|
|
- Daemon: `infinoted`
|
|
|
- [Download](https://github.com/gobby/gobby/wiki/Download)
|
|
|
- Source:
|
|
|
- [Github](https://github.com/gobby/gobby)
|
|
|
- [Libinfinity](http://releases.0x539.de/libinfinity/libinfinity-0.6.7.tar.gz)
|
|
|
- [Gobby](http://releases.0x539.de/gobby/gobby-0.5.0.tar.gz)
|
|
|
|
|
|
|
|
|
### ~~CoyIM?~~
|
|
|
|
|
|
- Alpha, OTR-enabled IM client for [Subgraph](https://subgraph.com/sgos/secure-communication/index.en.html#coyim)
|
... | ... | @@ -455,21 +441,22 @@ dconf write /org/gnome/desktop/lockdown/disable-lock-screen "'false'" |
|
|
|
|
|
## Misc
|
|
|
|
|
|
- Ask Sajolida:
|
|
|
- Research:
|
|
|
- Is the pycurl DNS issue fixed? (re. Gajim's `url_image_preview` plugin)
|
|
|
- Is torsocks reliable? (`WARNING torsocks[19791]: [syscall] Unsupported syscall number 331. Denying the call (in tsocks_syscall() at syscall.c:465)`)
|
|
|
- Best way to use `git clone` (and perhaps `npm install`) via Tor? The latter "works" via torsocks; the former does not
|
|
|
- Add timezone setting to startup script?
|
|
|
- .desktop stuff
|
|
|
- Research on Tor -> VPN chaining
|
|
|
- [tor -> ssh](https://tech.michaelaltfield.net/2015/05/31/tor-vpn-in-tails-to-bypass-tor-blocking/#comment-69)
|
|
|
|
|
|
- `npm install` "works" via torsocks...but does it really?
|
|
|
- Look into `.desktop` files
|
|
|
- Research on Tor -> VPN chaining
|
|
|
- [tor -> ssh](https://tech.michaelaltfield.net/2015/05/31/tor-vpn-in-tails-to-bypass-tor-blocking/#comment-69)
|
|
|
- Look into roadmap for persistent Tor bridges
|
|
|
- Look into roadmap for VeraCrypt integration
|
|
|
- Look into feasibility of KeePassXC migration
|
|
|
|
|
|
## Write up installlation instructions for:
|
|
|
## Test installlation instructions for:
|
|
|
|
|
|
1. VeraCrypt
|
|
|
2. Gajim
|
|
|
3. KeePassX 2.0.2
|
|
|
2. KeePassXC
|
|
|
3. Gajim/OMEMO?
|
|
|
|
|
|
---
|
|
|
|
... | ... | |