Updates over DarkNet | Security

Aye, I was communicating with some of my more legal (work in law) friends.
OSes like PureOS came up, and they had this concept I hadn’t thought of.

What if Purism gets forced to send you the wrong piece of code?

This is a key issue in the USA, our government is inherently lacking in protections for:
https://www.privacytools.io/classic/#ukusa

However, they had some ideas to get around it. For instance, if you fully anonymize everything you cannot pick an individual out. Therefore, everyone must be affected for this type of attack.
This way with reproducible build we should be able to spot attacks.

Features like this have been out for a while, especially in Debian. With projects like apt-transport-i2p , apt-transport-tor, DebTorrent (Bittorrent Over I2p),e.c.t

In fact, Debian officially supports TOR:
https://bits.debian.org/2016/08/debian-and-tor-services-available-as-onion-services.html

Therefore, I wanted to create a discussion about fixing this issue before it grows into a bigger problem. International users are reluctant to use PureOS, this might change that.

Edit:
Reaaaaaallyy hating the max 2 links.

4 Likes

The warrant canary is part of the solution.

Is there even a mechanism to pick an individual out? Is the individual identifiable to the distribution mechanism even if not using anonymity? Does the distribution mechanism have the capability to discriminate?

A lot of people may be using mirrors for updates. That makes it more complicated still.

what targets are we talking about ?

@reC The key thing is verifying they aren’t forced to send you a bad (malicious) file.

Because, if somebody did make them, they couldn’t tell it was you.

Therefore, even if just a few users check the authenticity (reproducible builds) the whole OS ecosystem, can be checked for this type of attacks.

Does the distribution mechanism have the capability to discriminate?

Undeniably, they know your IP after all.

Plus, in the USA (my country) we do not have many legal protections for back-door implementations: https://www.wikipedia.org/wiki/NSA_spying_scandal
https://www.wikipedia.org/wiki/Lavabit#Suspension_and_gag_order

If the warrant canary get closed, then we are too late.
A case may be able to ensue if they use Darknet, as it would disturb their business entirely.

@kieran


Please note, the issue isn’t to evade law enforcement.
The issue is to protect against political repression and mass surveillance.

do they even have to be forced ?

i mean the www is centralised and most of the infrastructure is proprietary (full of back-doors and malware). you’re more or less talking about a sophisticated adversary here that has ACCESS and is heavily funded.

do we even know what kind of infrastructure Purism is running on ? Amazon-Web-Services probably …

Ed Snowden uses qubesOS so that’s that …