Home - noidcc/tails-group-installer GitHub Wiki
The aim of this project is to develope an application to automate the creation of a secure communication system for a group using Tails Live Distribution.
1 Use case:
- A group needs to create a secure and anonymous communication system. (Synchronous and asynchrnous).
- This system its for only one purpose and not intended to be reused in other aspects of their life.
- They are going to meet in person at least once.
- Users have some knowledge about what encryption, signing, gpg keys are but may not have configured related services and tools before.
2 Threat model:
What we want to protect
- Identity of members.
- Location of members.
- Content of communications.
From who and what
- Local observer of network
- Forensic analysis of computer
- Recovery of data located on usb.
- Errors in configure properly email/jabber client.
- E-mail / XMPP providers.
From who and what not
- Global observer of network
- Legal or violent coertion.
- A rogue member ot the group which is the owner of the computer or supplies the Tails Live-USB which are going to be used to create the live-usb for each member.
- User breaking of identity isolation.
3 Goals and Non Goals
As a basic start we're going to make a basic prototype as a downloadable script which implements autoconfiguration fo the two principal ways of communication making use of available protocols and service in order to keep this simple for a start and relay only on tested tools. ACtual non-goals features may be included in future.
Goals
- Keep all features currently available in Tails Distribution regarding security and anonymity
- Autoconfig syncrhonous comunications between two members: XMPP + OTR using Pidgin
- Autoconfig syncrhonous communication between 2 or more members: mail + GPG using Icedove + Enigmail
Non goals
- Syncrhonous group communication: Group OTR (not available by now). It could be implemented by IRC + Trusted provider but for the moment we don't want to trust trusted providers.
- Synchronous document edition:
- Asyncrhornous document edition:
- Automatic creation of accounts.
4 Basic functionality scheme:
- Show requirements and warnings.
- Ask for number of members.
- Ask for first member to enter mail and xmpp accounts data (riseup.net allows both with same account).
- Ask for passphrase.
- Create key-pairs.
- Iterate 3 to 5 until all members are done.
- Create persistence folders for each user with GPG keyring, Icedove and Pidgin configuration with key exchange, address book and OTR activated.
- Ask for usb device of member 1.
- Clone Tails
- Create persistence volume
- Copy persistence folders
- Iterate from 8 to 11 until all user/devices are created