Home - noidcc/tails-group-installer GitHub Wiki

The aim of this project is to develope an application to automate the creation of a secure communication system for a group using Tails Live Distribution.

1 Use case:

  • A group needs to create a secure and anonymous communication system. (Synchronous and asynchrnous).
  • This system its for only one purpose and not intended to be reused in other aspects of their life.
  • They are going to meet in person at least once.
  • Users have some knowledge about what encryption, signing, gpg keys are but may not have configured related services and tools before.

2 Threat model:

What we want to protect

  • Identity of members.
  • Location of members.
  • Content of communications.

From who and what

  • Local observer of network
  • Forensic analysis of computer
  • Recovery of data located on usb.
  • Errors in configure properly email/jabber client.
  • E-mail / XMPP providers.

From who and what not

  • Global observer of network
  • Legal or violent coertion.
  • A rogue member ot the group which is the owner of the computer or supplies the Tails Live-USB which are going to be used to create the live-usb for each member.
  • User breaking of identity isolation.

3 Goals and Non Goals

As a basic start we're going to make a basic prototype as a downloadable script which implements autoconfiguration fo the two principal ways of communication making use of available protocols and service in order to keep this simple for a start and relay only on tested tools. ACtual non-goals features may be included in future.

Goals

  1. Keep all features currently available in Tails Distribution regarding security and anonymity
  2. Autoconfig syncrhonous comunications between two members: XMPP + OTR using Pidgin
  3. Autoconfig syncrhonous communication between 2 or more members: mail + GPG using Icedove + Enigmail

Non goals

  1. Syncrhonous group communication: Group OTR (not available by now). It could be implemented by IRC + Trusted provider but for the moment we don't want to trust trusted providers.
  2. Synchronous document edition:
  3. Asyncrhornous document edition:
  4. Automatic creation of accounts.

4 Basic functionality scheme:

  1. Show requirements and warnings.
  2. Ask for number of members.
  3. Ask for first member to enter mail and xmpp accounts data (riseup.net allows both with same account).
  4. Ask for passphrase.
  5. Create key-pairs.
  6. Iterate 3 to 5 until all members are done.
  7. Create persistence folders for each user with GPG keyring, Icedove and Pidgin configuration with key exchange, address book and OTR activated.
  8. Ask for usb device of member 1.
  9. Clone Tails
  10. Create persistence volume
  11. Copy persistence folders
  12. Iterate from 8 to 11 until all user/devices are created