Tails removed .iso download links from their site because they thought their users were too stupid to verify a gpg signature.
They replaced it with a browser extension that downloads it and does the verification for you (It tests a SHA256 hash of the binary which it downloads from the browser extension authors site instead of doing a gpg web of trust verification).
you can go through your whitelist and audit it yourself, but there doesn't seem to be any way to change the way it interacts with subdomains
I don't know about alternatives, though ... probably should give RequestPolicy a go, but I'm too much in the habit of using NS
Nothing they said has anything to do with mgtow male feminist betafaggots
As if your IP isn't exposed to the server when you directly download? I mean I don't necessarily support Tails in their decision but this is the most retarded fucking reasoning for not doing something I ever heard from a supposedly technologically minded individual.
the tails server/mirror. 1 or 2 ips.
the bittorrent swarm: any random fucker including people who want to see what IPs are downloading tails.
Does that answer your question?
Yes you're right, exposing your IP address to literally anyone who bothers connecting to the tracker is exactly the same as exposing your IP address to a single centralized server.
tails is tor dude lmao fuck off.
I am not sure if you're genuinely retarded or "trolling"
Isn't Tor TCP only?
They wanted to simplify downloads but they went overboard and actually made it more complicated.
They were probably inspired by Tor Browser's auto-updating (which whatever you think of it actually works well), but they flopped.
Wtf are you doing nigger you can't edit posts on this site
Because the NSA totally wouldn't be interested in who connects to tails' server.
Hey he kept his word, the feature he added later that sends details of LAN IPs you access to a remote server without asking isn't used to display ads :^)
They can't if you use Tor, but you can't use Tor to download over BitTorrent. So right now, it will be very difficult to get your tails .iso without broadcasting your IP.
>NoScript 2.0rc5 and above extends its protection against DNS rebinding to those attacks which specifically target your router's external (WAN) IP address. In order to protect it, NoScript needs to detect the WAN IP currently exposed to internet web sites by your HTTP requests: for this purpose, NoScript sends a completely anonymous query to the secure.informaction.com/ipecho web service, which provides back this information on a secure channel, typically once a day.
I remember years ago opening up firefox and watching the addresses it connected to, figuring out which belonged to which 'security' addon. By the end of that experience a lot of garbage was uninstalled.
Why can't be both?
Who says it's mine in the first place?
So it's got part of a proper definition of a botent, just lovely.
Tails confirmed for Status: DEPRECATED
Tails is deprecated everyone move onto literally another linux distrobution that can run as a live distro
Well users are too stupid to verify a gpg signature, but making the process even more complicated and easier to subvert doesn't help.
You don't know what a botnet is, do you. It's not sending data to NoScript HQ, or to Google, or the NSA - It's making an ipecho query. A secure one at that, seeing as it's over HTTPS
Holy shit, such faggotry. How can you faggots use shit like this?
Unlike many browsers, Firefox doesn't always isolate an add-on’s functions.
but the image is verified good once you download it so what difference does that make?
Stfu. This coc Frasco is madness here on tech. WHO GIVES A FUCK. Linus gives zero. No one would push him because he codes in c better then the rest.
Because no suck program will intercept the packet stream and inject a infected .iso
but an infected .iso wouldn't verify. that's the whole point of signing it
Yes goyim, just ignore them, nothing could possibly go wrong.
the browser extension doesn't check GPG signature, it checks a SHA256 sum.
Why were they making users check with GPG instead the much much easier task of just running a SHA256 hash on the file and checking?
but where do you get the checksum from? if you download it from the same source (compromised website or over mitm'd http) then it still doesn't help
a gpg signature can only be made by someone with the private key. a hash can be made by anyone. if tails devs aren't stupid (i'm not sure anymore) they would make the signature on a seperate machine so a website compromise would be obvious when the signature doesn't match. if they do it with just a hash the attacker can just change the hash file at the same time
yet a GPG signature magically fixes this?
also since we are getting technical:
tails isos are hosted on mirrors (different servers, not run by the actual tor guys) that somehow have the same domain name as the tor site - I do not know what their rational for doing this is... but that is why the iso is a http [not https] download.
the signature/hash is hosted with https though, so surely it's magically safe because we know the central certificate authority model is looking out for us. /s
Take your samefagging and ebin deprecated maymay with you to >>>/reddit/.
More like amrite?
obviously you have to to verify their key out of band the first time you use it. once their identity is established you can download all future releases from 3rd party mirrors and verify they haven't been fucked with
You can download with BitTorrent
Good thing tbh.
A solution to your none problem.
no one ever uploads malicious torrents :^)
The amount of stupidity in this thread from both sides is why I dislike avid supporters of Tor. I wouldn't mind a backdoor in Tor, maybe then the feds will v& all the retards and they'll finally shut the fuck up. Oh wait! Tor is funded by the government and was started by the US Navy LOL LOL LOL
oh so you're crying because you can't abuse the devs and expect them to put up with you i thought you might be complaining about something real
Good thing that you can't be abusive to men and that the "abuse" was targeted at real devs instead of "packagers active in the privacy space" like Erinn Clark, right?
Sounds like they're as tired of the "jews develop tor" meme as the rest of us.
I give a shit. There was a brief period in 2014 in between Holla Forums banning gg and moot cucking Holla Forums where threads didn't get derailed by fucktards. It was a glorious time.
Was that the same period when there was a holocaust denial thread on the front page for a week, and there wasn't a single idiot getting triggered by hot opinions who posted in it?
If you actually kept to your own thread it wouldn't be a problem. Same with bronies and pedos on Holla Forums. But then here you are derailing a thread about shitty security with some bullshit about jews.
What ever happened to Deutschland den Deutschen? Can't we just have Holla Forums threads for techies?
I'm neither from Holla Forums, nor the user who posted about Jews. My first post ITT was here .
If you want that, either get /a/'s moderation or /tg/'s Holla Forumsitical leanings. Either way, it's probably too late.
Oh, my bad. So what's the story with the Erinn Clark thing anyway? I heard the bit about Andrea Shepard getting shit on twitter and she seems ok. Like, she was against banning that guy from lambdaconf for example. It doesn't really sound that bad to want people to stop posting crazy rants on your dev mailing list.
Pretty much what I said: Diversity hire from Debian Women, started as a packager and key signer before being relocated to the "privacy space", no one ever said anything about it despite Tor having competent female devs, and the only Tor dev other than Appelbaum mentioned on /g/. Like Andrea Sheperd however, I don't think the hacker known as 4chan targeted her, but she did back the methwhale's money laundering scheme.
bump because massive retarded decision. Education would have been better than removing the links out right.
christ on a bike
A bittorrent swarm (with GPG) and a Firefox only addon that only checks the 256sum of in binary file is some how safer? Firefox's addon's have never ever had issues, not even recently where addons could highjack the feature's of other addons due to the lack of a sandbox. Nope never. Who checks the far bottom right hand corner though? Usually the only things there are (R) and (C). Also who usually follow steps these days, what with super important fast pace lives and such? Reading? GTO nerd.Hopefully obvious sarcasm.
Being this triggered by a single word
isnt tails just a shitty live iso that happens to run everything in tor
couldn't you do that with anything fucking live iso and just install tor?
you wouldn't know if you were leaking sensitive data. tails only has the one network available so everything goes through it. installing and configuring all the privacy enabled tools would also get annoying if you had to do it every time
Fuck man I hope Tails and Whonix switch to a non-systemd soon
but i bet they'll never do it
starting to think Holla Forums is just that dumb
Something fishy is going on. It seems very odd that they would outright call the direct download unsafe and then try to direct all the users to install a browser add on which can be used in invade your privacy.
i prefer whonix in qubes. you can set up a tails like disposable vm so it discards changes when you close it
This. This doesn't make any sense.
18:05 < riskc> when clicking on "install tails" on tails.boum.org, it reads "Installing Tails can be quite long but we hope you will still have a good time :)". Well, the process is artificially prolonged by the site maintainers. Why does one have to click oneself through a big wizard and is not just presented a direct iso dl link like in the past??
| |> | |3 |
| | | |3=> |
The backdoor will be found soon. You'll see it soooonnnn (tm).