summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint
diff options
context:
space:
mode:
Diffstat (limited to 'wiki/src/blueprint')
-rw-r--r--wiki/src/blueprint/Endless_upgrades.mdwn7
-rw-r--r--wiki/src/blueprint/GNOME_bugs_that_affect_Tails.mdwn2
-rw-r--r--wiki/src/blueprint/Linux_containers.mdwn1
-rw-r--r--wiki/src/blueprint/SponsorW/report_2018_08.mdwn80
-rw-r--r--wiki/src/blueprint/Tails_research.mdwn18
-rw-r--r--wiki/src/blueprint/additional_software_packages.mdwn2
-rw-r--r--wiki/src/blueprint/explain_tails.mdwn203
-rw-r--r--wiki/src/blueprint/explain_tails/homepage.css3
-rw-r--r--wiki/src/blueprint/explain_tails/homepage.mdwn77
-rw-r--r--wiki/src/blueprint/explain_tails/simsec.mdwn11
-rw-r--r--wiki/src/blueprint/handheld.mdwn47
-rw-r--r--wiki/src/blueprint/monthly_meeting.mdwn66
-rw-r--r--wiki/src/blueprint/monthly_report.mdwn4
-rw-r--r--wiki/src/blueprint/monthly_report/report_2018_07.mdwn117
-rw-r--r--wiki/src/blueprint/monthly_report/report_2018_08.mdwn50
-rw-r--r--wiki/src/blueprint/non-discriminatory_language.mdwn8
-rw-r--r--wiki/src/blueprint/personas.mdwn756
-rw-r--r--wiki/src/blueprint/randomness_seeding.mdwn144
-rw-r--r--wiki/src/blueprint/replace_Pidgin.mdwn28
-rw-r--r--wiki/src/blueprint/reproducible_builds/report_to_RB_community.mdwn2
20 files changed, 998 insertions, 628 deletions
diff --git a/wiki/src/blueprint/Endless_upgrades.mdwn b/wiki/src/blueprint/Endless_upgrades.mdwn
index d313386..7d0926f 100644
--- a/wiki/src/blueprint/Endless_upgrades.mdwn
+++ b/wiki/src/blueprint/Endless_upgrades.mdwn
@@ -131,6 +131,7 @@ This survey will be updated in a while with [[!tails_ticket 15277]].
- [file system and autoupdate system](https://www.chromium.org/chromium-os/chromiumos-design-docs/filesystem-autoupdate)
- [Android's A/B System Updates](https://source.android.com/devices/tech/ota/ab_updates.html)
* [Endless ostree builder](https://github.com/cosimoc/deb-ostree-builder)
+* [[!debbug 824649 desc=" ostree: document how to prepare and update a .deb-based system root"]]
### Not suitable
@@ -311,7 +312,11 @@ The IUK size is involved in at least four concerns:
`config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper`)
so the upgrade would fail. This is a regression for users with 2 GB
memory: for all of 2.x and 3.x, all IUKs have been under 400 MB,
- which would work fine with 2 GB of memory.
+ which would work fine with 2 GB of memory. If that's a blocker, then
+ we have to solve it by changing the format of the IUKs
+ ([[!tails_ticket 6876]]); we should coordinate this with other changes
+ that will break automated upgrades from Tails N to N+1, such as
+ Tails 4.0 and the migration to overlayfs ([[!tails_ticket 9373]]) .
* Bandwidth needs of the RM. Uploading 10 GB of IUKs can be a pain for
some of us, but that can easily be solved by making it possible to
generate IUKs on lizard (and then compare them with the ones you
diff --git a/wiki/src/blueprint/GNOME_bugs_that_affect_Tails.mdwn b/wiki/src/blueprint/GNOME_bugs_that_affect_Tails.mdwn
index b65d259..fdf1549 100644
--- a/wiki/src/blueprint/GNOME_bugs_that_affect_Tails.mdwn
+++ b/wiki/src/blueprint/GNOME_bugs_that_affect_Tails.mdwn
@@ -26,3 +26,5 @@ Feel free to add any relevant issue to this list.
* [[!gnome_gitlab totem/issues/116 desc="Saving playlist state sometimes hangs totem"]]
* [[!gnome_gitlab yelp/issues/98 desc="Yelp: Clicking a HTML link pointing to an anchor on the page currently viewed opens Nautilus"]]
* [[!gnome_gitlab gdm/issues/251 desc="screensaver doesn't lock with password prompt if password was just set"]]
+* [[!gnome_gitlab gtk/issues/1211 desc="Cursor stays in wait status for some seconds after calling `gtk_show_uri_on_window`"]]
+* [[!gnome_gitlab seahorse/issues/177 desc="Seahorse: Please support finding remote OpenPGP keys by fingerprint"]]
diff --git a/wiki/src/blueprint/Linux_containers.mdwn b/wiki/src/blueprint/Linux_containers.mdwn
index a39a76f..452d7bb 100644
--- a/wiki/src/blueprint/Linux_containers.mdwn
+++ b/wiki/src/blueprint/Linux_containers.mdwn
@@ -138,3 +138,4 @@ Other resources
* [Linux Container Security](http://mjg59.dreamwidth.org/33170.html),
by Matthew Garrett
* Whitepaper by NCC Group on [Linux containers](https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/june/container_whitepaperpdf/) and their weaknesses/strengths
+* Google's design for [Linux containers](https://chromium.googlesource.com/chromiumos/docs/+/master/containers_and_vms.md) within ChromeOS
diff --git a/wiki/src/blueprint/SponsorW/report_2018_08.mdwn b/wiki/src/blueprint/SponsorW/report_2018_08.mdwn
new file mode 100644
index 0000000..901e6634
--- /dev/null
+++ b/wiki/src/blueprint/SponsorW/report_2018_08.mdwn
@@ -0,0 +1,80 @@
+[[!meta title="Tails August 2018 report"]]
+
+[[!toc levels=2]]
+
+This report covers the activity of Tails in August 2018.
+
+Everything in this report is public.
+
+# A. VeraCrypt support in GNOME
+
+## A.1 Research user needs
+
+## A.2 UX & GUI design sprint
+
+## A.3 Write automated tests
+
+## A.4 Add VeraCrypt support to udisks
+
+## A.5 Add VeraCrypt support to GNOME Disks
+
+## A.6 Add VeraCrypt support to GNOME Files
+
+## A.7 Write user documentation
+
+We finished writing the documentation about [[Using VeraCrypt encrypted
+volumes|doc/encryption_and_privacy/veracrypt]] and it was released as
+part of Tails 3.9. ([[!tails_ticket 14468]])
+
+This task is now complete.
+
+## A.8 User testing & community feedback
+
+## A.9 Fix bugs and UX issues
+
+## A.10 Port to the latest version of GNOME
+
+# B. Additional software
+
+## B.2 Write technical design documentation
+
+We wrote and published the technical design documentation for the Additional
+Software feature. [[!tails_ticket 14575]] Small polishing is still needed on
+this item.
+
+## B.4 Implement backend and GUI
+
+We implemented the backend and the GUI and integrated our work in Tails.
+[[!tails_ticket 14594]] This task has been completed.
+
+## B.6 Write user documentation
+
+We finished writing the documentation about [[Install additional
+software|doc/first_steps/additional_software]] and it was released as
+part of Tails 3.9. ([[!tails_ticket 14589]])
+
+This task is now complete.
+
+## B.8 Fix bugs and UX issues
+
+We've been working on fixing bugs and UX issues discovered in the Beta
+release of the Additional Software feature [[!tails_ticket 15567]].
+We committed fixes for 11 out of 15 items, the remaining ones being still in progress.
+
+# C. Deliver new features
+
+## C.1 Major release including objective A
+
+The Unlock Veracrypt Volumes feature was released in [[Tails
+3.9|news/version_3.9]].
+
+## C.2 Major release including objective B
+
+The Additional software feature was released in [[Tails
+3.9|news/version_3.9]].
+
+## C.3 Attend DebConf
+
+Three of us attended DebConf in Hsinchu, Taiwan.
+
+## C.4 Server hardware
diff --git a/wiki/src/blueprint/Tails_research.mdwn b/wiki/src/blueprint/Tails_research.mdwn
index 19c611f..1fa7295 100644
--- a/wiki/src/blueprint/Tails_research.mdwn
+++ b/wiki/src/blueprint/Tails_research.mdwn
@@ -22,22 +22,16 @@ If you have an idea yourself and would like to propose it, please write to us th
## User interface
-If you're an user interface designer you might be delighted to hear that we have a [mailing list](https://tails.boum.org/contribute/how/user_experience/) targeted at you!
+If you're an user interface designer you might be delighted to hear that we have a full [mailing list](https://mailman.boum.org/listinfo/tails-ux) about UX!
-Our page on [improving](https://tails.boum.org/contribute/how/user_experience/) the Tails user interface might also interest you.
+Our page on [improving](https://tails.boum.org/contribute/how/user_experience/) the Tails user interface might also be of interest to you.
## User experience
In the context of Tails, there are some interesting problems that touch upon user experience and usable security. The following points might be an interesting point to start from.
- [Tails Installer](https://tails.boum.org/install/)
-- XXX find more projects
-
-
-
-We have a mailing list dedicated to UX/UI that's called the [Tails-UX](https://mailman.boum.org/listinfo/tails-ux) mailing list.
-
-This is the place where you would want to subscribe, if you're interested in the process of reviewing and/or proposing changes in this area.
+- XXX anything else we'd like to list or swap?
## How to get involved
@@ -58,13 +52,11 @@ The Tor Project has a page dedicated to open open research questions that they f
[Tor project Research](https://research.torproject.org/)
## Academic communities
-The questions posed by Tails might me of interest for researchers from various fields. A list of potentially interested communities that we are aware of can be seen below.
+The questions posed by Tails might me of interest for researchers from various fields. A list of potentially interested communities that we are aware of.
* Anonymity researchers - [PETS](http://petsymposium.org/)
* Usable Privacy and Security - [SOUPS](https://cups.cs.cmu.edu/soups/index.html)
* Computer science in various fields - [USENIX](https://www.usenix.org/conferences)
## Other reasonably secure operating systems
-Often, the reasonably secure operating systems faces similar challenges. Maybe solutions that we can come up with and implement, are interesting for these other projects. We could share time and resources if they're willing.
-
-An interesting platform to discuss this would be the [Secure OS](https://secure-os.org/) desktops mailing list.
+There are certain common shared problems in the reasonably secure operating systems space. Maybe solutions that we can come up with and implement, are interesting for these other projects. We could share time and resources if they're willing.
diff --git a/wiki/src/blueprint/additional_software_packages.mdwn b/wiki/src/blueprint/additional_software_packages.mdwn
index 935f3d0..6ca807c 100644
--- a/wiki/src/blueprint/additional_software_packages.mdwn
+++ b/wiki/src/blueprint/additional_software_packages.mdwn
@@ -8,7 +8,7 @@ bloat the ISO image.
The current limitations include:
- - No user interface. Currently you have to edit a file as root. ([[!tails_ticket 5996 desc="#5996"]])
+ - No user interface. Currently you have to edit a file as root. ([[!tails_ticket 14568 desc="#14568"]])
- Their Installation locks the opening of the desktop. ([[!tails_ticket 9059 desc="#9059"]])
diff --git a/wiki/src/blueprint/explain_tails.mdwn b/wiki/src/blueprint/explain_tails.mdwn
index a87db16..3f8f7d6 100644
--- a/wiki/src/blueprint/explain_tails.mdwn
+++ b/wiki/src/blueprint/explain_tails.mdwn
@@ -1,5 +1,168 @@
[[!meta title="Explain Tails"]]
+[[!toc levels=2]]
+
+Structure
+=========
+
+- Homepage
+ - Logo
+ - Tagline
+ - Tails in 2 sentences
+ - Main benefits
+ - News
+ - Testimonials / User stories
+ - Partners / Grants
+- How does Tails work?
+- Get Tails
+ - Is Tails the right tool for me?
+ - Warning
+ - Install Tails 3.8
+- Help
+- Contribute
+ - Design doc
+- Donate
+- About
+ - Awards
+
+Tails in 2 sentences
+====================
+
+Original proposal:
+
+<blockquote>
+<p>Tails is a portable operating system that protects your privacy and
+anonymity.</p>
+
+<p>Just like Windows or macOS, it runs on your computer and allows you
+to edit files, browse the web, and send email.</p>
+
+<p>But unlike a traditional OS, it runs on a USB stick that you can plug
+in and use on almost any computer.</p>
+</blockquote>
+
+Comments:
+
+- 1
+ - Will it protect my privacy when I'm browsing?
+ - Portable?
+ - Do users understand portable in the sense of our context
+- 2
+ - Does the audience know what an OS is?
+ - Runs on a computer?
+ - Runs on a USB stick?
+- 3
+ - Who is targeted? Though I like that it could talk to any type of
+ user -- Very simple statement.
+ - Maybe emphasize that advantages of USB sticks on DVD? (+) others
+ computers?
+ - Maybe the "WHY" is missing? → empowerment
+ - Second sentence may give the impression that it has only basic
+ features.
+ - Is it useful to explain that is does not run on some computers?
+- 4
+ - portable operating system → ♥
+ - By making every 1 look the same
+ - "run on your computer" → ?
+ - [any computer] and forgets everything between sessions
+ - amnesia, forgets everything
+ - everyone looks the same
+- 5
+ - Transportable? Pocketable?
+ - Confidential / Secret
+ - Amnesia → missing
+- 6
+ - Portable!
+ - USB stick in 1st sentence
+ - Instead of Win and macOS
+ - amnesia or keep it for later
+ - merge USB stick with Win & macOS
+
+Updated proposal:
+
+<blockquote>
+
+<p>Tails is a portable operating system that protects your privacy and
+avoids censorship.</p>
+
+<p>Install Tails on a USB stick and run it on any computer instead of
+Windows or macOS.</p>
+
+</blockquote>
+
+Main benefits
+=============
+
+Eileen's version (benefit oriented)
+-----------------------------------
+
+6 main properties:
+
+- 1st row
+ - Portable + light-weight
+ Your secure computer anywhere
+ Take it anywhere on a USB stick
+ - Protects against censorship / surveillance
+ Uses Tor...
+ - No ads, no viruses, no tracking
+ Gives you a cleaner Internet / environment
+
+- 2nd row
+ - Digital privacy toolbox
+ - Preconfigured and secure by default
+ Out-of-the-box
+ - Free software
+ Audited by experts, run by a community, download/install for free
+
+sajolida's version (feature oriented)
+-------------------------------------
+
+- Portable
+ - Use a different computer
+ - Secure OS for your own computer
+ - Amnesia
+ - No virus
+
+- Tor
+ - No censorship
+ - No tracking
+ - Anonymity
+
+- Toolbox
+ - Safe default
+ - Persistence
+
+Metaphors
+=========
+
+Camping
+-------
+
+### Tails as a tent
+
+From "[Writing good documentation](https://platform.internetfreedomfestival.org/en/IFF2018/public/schedule/custom/426)" at the IFF 2018
+
+- [Drawing of an unfolded tent] portable, set up anywhere in the world or your own backyard
+- [Drawing of two similar tents]
+- [Drawing of a tent in a bag] small portable tent fits in backpack, with your belongings.
+- [Drawing of a tent city of similar tents]
+
+- Amnesic
+ - Empty every time its setup
+ - Stored in backpack ("USB stick") along with "stuff" which can be
+ moved into the tent ("persistence") or not.
+- Incognito
+ - Can move around (change "address")
+ - Many tents look alike
+ - Works best among other tents (not in a library)
+- Live
+ - Can carry around in backpack
+ - Can set up in backyard (own laptop) or away from home
+- Put it away when its finished
+
+"[Leave No Trace](https://lnt.org/)" is an organization and a code of ethics
+for outdoor activities.
+
Open relationship
-----------------
@@ -22,44 +185,12 @@ same Tails USB stick.
<a id="iff"></a>
-From "[Writing good documentation](https://platform.internetfreedomfestival.org/en/IFF2018/public/schedule/custom/426)" at the IFF 2018
----------------------------------------------------------------------------------------------------------------------------------------
-
-### Sheet 1
+Other output from [IFF 2018](https://platform.internetfreedomfestival.org/en/IFF2018/public/schedule/custom/426)
+----------------------------------------------------------------------------------------------------------------
-- [Drawing of an unfolded tent] portable, set up anywhere in the world or your own backyard
- [Drawing of a circus tent]
- [Drawing of a magic hat] make things magically disappear
-- [Drawing of two similar tents]
-- [Drawing of a tent in a bag] small portable tent fits in backpack, with your belongings.
-
-### Sheet 2
-
-Tents, The everyperson's
-
-- Amnesic
- - Empty every time its setup
- - Stored in backpack ("USB stick") along with "stuff" which can be
- moved into the tent ("persistence") or not.
-- Incognito
- - Can move around (change "address")
- - Many tents look alike
- - Works best among other tents (not in a library)
-- Live
- - Can carry around in backpack
- - Can set up in backyard (own laptop) or away from home
-
-### Sheet 3
-
-- clean every time where work (normal is really customized)
-- common visual aspect
-- decide what keep
-- [Drawing of a tent city of similar tents]
-
-### Sheet 4
-
- Doesn't leave a trace -- invisibility cloak
-- Tent - put it away when its finished
- New wig every morning
- Incognito mode for your computer
- A caravan -- you're the owner, you can move it anywhere
@@ -70,8 +201,8 @@ Tents, The everyperson's
- Using a bike lock
- Helmet with shades so you're unknown
-From the user testing of Additional Software in January 2018 in Berlin
-----------------------------------------------------------------------
+From the user testing in January 2018 in Berlin
+-----------------------------------------------
- Additional Software P1 talking about how everything we do on the
Internet is tracked: "With Tails I can create that image for myself".
diff --git a/wiki/src/blueprint/explain_tails/homepage.css b/wiki/src/blueprint/explain_tails/homepage.css
new file mode 100644
index 0000000..50c92bc
--- /dev/null
+++ b/wiki/src/blueprint/explain_tails/homepage.css
@@ -0,0 +1,3 @@
+.sidebar {
+ display: none;
+}
diff --git a/wiki/src/blueprint/explain_tails/homepage.mdwn b/wiki/src/blueprint/explain_tails/homepage.mdwn
new file mode 100644
index 0000000..a74f9a5
--- /dev/null
+++ b/wiki/src/blueprint/explain_tails/homepage.mdwn
@@ -0,0 +1,77 @@
+[[!meta title="Tails"]]
+[[!meta stylesheet="bootstrap.min" rel="stylesheet" title=""]]
+[[!meta stylesheet="blueprint/explain_tails/homepage" rel="stylesheet" title=""]]
+
+<div class="row">
+
+<h1>Tails is a portable operating system that protects your privacy and avoids
+censorship.</h1>
+
+</div>
+
+<div class="row">
+
+<h2>Install Tails on a USB stick and run it on any computer instead of Windows
+or macOS.</h2>
+
+</div>
+
+<div class="row">
+
+<div class="col-md-4">
+
+<h3>Your secure computer anywhere</h3>
+
+<p>Turn your own computer into a secure machine or stay safe while using
+someone else's computer.</p>
+
+</div>
+
+<div class="col-md-4">
+
+<h3>Avoid surveillance and censorship</h3>
+
+<p>Tails uses the Tor network for online privacy and censorship
+circumvention.</p>
+
+</div>
+
+<div class="col-md-4">
+
+<h3>No ads, no viruses, no tracking</h3>
+
+<p>Browse the Internet like it should be!</p>
+
+</div>
+
+</div>
+
+<div class="row">
+
+<div class="col-md-4">
+
+<h3>Digital security toolbox</h3>
+
+<p>Tails includes all you need to work on your documents and communicate
+securely with your contacts.</p>
+
+</div>
+
+<div class="col-md-4">
+
+<h3>Secure by default</h3>
+
+<p>All the tools in Tails are preconfigured with security in mind to make them
+easy to use and prevent mistakes.</p>
+
+</div>
+
+<div class="col-md-4">
+
+<h3>Free software</h3>
+
+<p></p>
+
+</div>
+
+</div>
diff --git a/wiki/src/blueprint/explain_tails/simsec.mdwn b/wiki/src/blueprint/explain_tails/simsec.mdwn
index fcfddb5..48bc6de 100644
--- a/wiki/src/blueprint/explain_tails/simsec.mdwn
+++ b/wiki/src/blueprint/explain_tails/simsec.mdwn
@@ -47,7 +47,7 @@ These will help us for future work like defining a graphical style
guide, defining the tone on our website, the type of visuals to use,
etc.
-XXX: Link to resources on brand attributes
+- [Mozilla Open Design: Creative Strategy On View](https://blog.mozilla.org/opendesign/creative-strategy-on-view/)
### Deliverable
@@ -82,6 +82,14 @@ interface.
first-time users?
- How should it sound?
+### References
+
+- <https://styleguide.mailchimp.com/>
+- <http://voiceandtone.com/>
+- <https://uxdesign.cc/ux-writing-content-strategy-lessons-from-facebook-286e8ac76307>
+- <https://medium.com/level-up-web/technical-writing-as-a-part-of-user-experience-2cfd97554d09>
+- <http://uxpajournal.org/overlap-influence-intertwining-the-interplay-of-ux-and-technical-communication/>
+
### Deliverable
- Suggestions in copy and documentation for clarity and tone.
@@ -230,6 +238,7 @@ Structured explanation
### Examples
+- <https://icloak.me/>
- <https://www.apple.com/apple-watch-series-3/>
- <https://www.tunnelbear.com/>
diff --git a/wiki/src/blueprint/handheld.mdwn b/wiki/src/blueprint/handheld.mdwn
index a0f31dd..f4390aa 100644
--- a/wiki/src/blueprint/handheld.mdwn
+++ b/wiki/src/blueprint/handheld.mdwn
@@ -11,10 +11,26 @@ Generic
* Minimized applications in the taskbar can't be raised via the
taskbar. They can be raised via the *Activities Overwiew*.
-Toshiba Encore 2
-----------------
+Toshiba Encore 2 WT8-B
+----------------------
+
+* Intel Atom CPU Z3735F @ 1.33GHz (Bay Trail)
+* can cold-boot from USB: hold down the Vol+ button, then hold down
+ the Power button, until the boot selection menu appears.
+ Select the desired boot device and press the Windows key.
-feature/jessie + 32-bit UEFI, 20150507:
+### Tails pre-3.9 devel branch (Stretch) + feature/15763-linux-4.17
+
+* MAC spoofing fails
+* Backlight tuning: GNOME Shell offers the UI, but it has no visible effect.
+* Display rotation (probably because we don't install `iio-sensor-proxy`)
+* Sound card is detected but no sound output. The kernel complains
+ about missing `intel/fw_sst_0f28.bin` firmware while it's supposed
+ to be shipped in [[!debpts firmware-intel-sound]].
+ <http://www.studioteabag.com/science/dell-venue-pro-linux/#ALSA> has
+ some configuration tricks that might help.
+
+### feature/jessie + 32-bit UEFI, 20150507
* The Florence virtual keyboard is not very usable:
- its default font size is way too small, but that can be configured
@@ -35,16 +51,33 @@ feature/jessie + 32-bit UEFI, 20150507:
Works fine
==========
-Generic
--------
-
Toshiba Encore 2
----------------
-feature/jessie + 32-bit UEFI, 20150507:
+### Tails pre-3.9 devel branch (Stretch) + feature/15763-linux-4.17
+
+* _sometimes_ boots fine after:
+ - removing `slab_nomerge`, `slub_debug=FZP`, `vsyscall=none`, `page_poison=1`,
+ `quiet` and `splash` → XXX: which of these changes are are really needed?
+ - adding `nosplash` → XXX: really needed?
+ - adding `clocksource=tsc tsc=reliable` → XXX: really needed?
+ - `intel_idle.max_cstate=1` (<https://bugzilla.kernel.org/show_bug.cgi?id=109051>) → XXX: really needed?
+* Battery level monitoring
+
+### feature/jessie + 32-bit UEFI, 20150507
* boots fine with `nomodeset` (otherwise screen blanks at `switching
to inteldrmfb from simplefb`, although the OS continues loading)
* X.Org with KMS
* touchscreen
* USB
+
+Resources
+=========
+
+* <https://twitter.com/kapper1224> gave an inspiring talk at DebConf18
+ ([slides](https://www.slideshare.net/kapper1224/hacking-with-x86-windows-tablet-and-mobile-devices-on-debian-debconf18))
+ about "Hacking with x86 Windows Tablet and mobile devices on
+ Debian".
+* <https://nmilosev.svbtle.com/fedora-on-baytrail-tablets-2017-edition>
+* <http://www.studioteabag.com/science/dell-venue-pro-linux/>
diff --git a/wiki/src/blueprint/monthly_meeting.mdwn b/wiki/src/blueprint/monthly_meeting.mdwn
index e30b317..6eb9bd0 100644
--- a/wiki/src/blueprint/monthly_meeting.mdwn
+++ b/wiki/src/blueprint/monthly_meeting.mdwn
@@ -23,66 +23,10 @@ Discussions
[[Prepare a discussion|contribute/meetings#preparing-a-discussion]]
and add your topic here:
-### Strategic planning
+- [[!tails_ticket 15895 desc="#15895: Remove some of our predefined bookmarks"]]
-We'll discuss "Oppressed people can safely use Tails (e.g. without being detected) [B, +5-3]".
-
-See [[blueprint/strategic_planning]] for the terminology.
-
-### Gather comments on our draft personas
-
-Chapter 3: [[Riou, the protest organizer|personas#riou]]
-
-From the work that we did at the last summit, we drafted skeletons of
-personas: a very basic description of what kind of users they are.
-
-We are still missing lots of:
-
-- Details, to bring them to life
-- Research, to make sure they represent real users accurately
-- Collective discussions, to decide how much effort we want to dedicate
- to make Tails work better for each of them
-
-But, still I wanted to gather some initial comments from all of you on
-the work that we already.
-
-We drafted four personas:
-
-- Kim, the surveilled at home
-- Cris, the sensitive information gatherer
-- Riou, the protest organizer
-- Derya, the privacy advocate
-
-Until in May, June, July, and August I'll propose you to comment of each
-of them, one each month.
-
-I'm interested in gathering as much feedback from you as possible, like
-in a brainstorming, but I want to refrain from discussing each comment.
-
-Comments I'm interested in:
-
-- Stuff you would add, change, or remove in each section of the
- skeleton.
-
- For example:
-
- « *I think that Kim is too scared to use the shared computer from his
- institution and instead he's rather borrowing from time to time the
- computer of a trusted friend.* »
-
-- External data or research that could feed this persona.
-
- For example:
-
- « *Here is an article recently about the repression of gay youth in
- Africa: https://example.com/.* »
-
-- You raw subjectivity.
-
- For example:
-
- « *I won't be able to work with a persona named Kim because I have
- daily nightmares involving Kim Jong-un.* »
+ sajolida: I'll be at Tor meeting on October 3, so please postpone this
+ discussion if I'm not at the meeting.
Roles
=====
@@ -99,8 +43,8 @@ designate themselves beforehand.
| May 2018 | sajolida | segfault |
| June 2018 | intrigeri | u |
| July 2018 | sajolida | u |
-| August 2018 | | |
-| September 2018 | | intrigeri |
+| August 2018 | sajolida | segfault |
+| September 2018 | muri | intrigeri |
| October 2018 | | |
| November 2018 | intrigeri | |
| December 2018 | | |
diff --git a/wiki/src/blueprint/monthly_report.mdwn b/wiki/src/blueprint/monthly_report.mdwn
index be6953c..7588f94 100644
--- a/wiki/src/blueprint/monthly_report.mdwn
+++ b/wiki/src/blueprint/monthly_report.mdwn
@@ -24,9 +24,9 @@ beginning of May.
- June 2018: sajolida
- July 2018: pablonatalino & emmapeel
- August 2018: intrigeri
- - September 2018:
+ - September 2018: sajolida
- October 2018: u
- - November 2018: sajolida
+ - November 2018: muri
- December 2018: spriver
### 2017
diff --git a/wiki/src/blueprint/monthly_report/report_2018_07.mdwn b/wiki/src/blueprint/monthly_report/report_2018_07.mdwn
deleted file mode 100644
index 06d9af0..0000000
--- a/wiki/src/blueprint/monthly_report/report_2018_07.mdwn
+++ /dev/null
@@ -1,117 +0,0 @@
-[[!meta title="Tails report for July, 2018"]]
-[[!meta date="Tue, 10 Apr 2018 01:23:45 +0000"]] XXX: adjust date
-
-[[!toc]]
-
-Releases
-========
-
-* [[Tails VERSION was released on MONTH DAY|news/version_VERSION]] ([major|minor] release).
-
-* Tails VERSION+1 is [[scheduled for MONTH DAY|contribute/calendar]].
-
-The following changes were introduced in Tails VERSION:
-
-XXX: Copy the "Changes" section of the release notes, and compact a bit:
-
-* Remove lines about software upgrade (that's not Tails itself).
-* Remove screenshots.
-* Remove "New features" and "Upgrades and changes" headlines.
-* Remove line about Changelog.
-
-Code
-====
-
-XXX: If you feel like it and developers don't do it themselves,
- list important code work that is not covered already by the
- Release section (for example, the changes being worked on for
- the next version).
-
-Documentation and website
-=========================
-
-XXX: If you feel like it and technical writers don't do it
- themselves, explore the Git history:
-
- git log --patch --since='1 October' --until='1 November' origin/master -- "*.*m*"
-
-User experience
-===============
-
-XXX: If you feel like it and the UX team does not do it
- themselves, check the archives of tails-ux:
- <https://mailman.boum.org/pipermail/tails-ux/>
-
-Hot topics on our help desk
-===========================
-
-XXX: Ask tails-bugs@boum.org to list hot topics for the last month.
-
-1.
-
-1.
-
-1.
-
-Infrastructure
-==============
-
-XXX: Count the number of tests in /features at the beginning of next month
-
- git checkout `git rev-list -n 1 --before="June 1" origin/devel`
- git grep --extended-regexp '^\s*Scenario:' -- features/*.feature | wc -l
-
-XXX: Report only if more scenarios have been written and add the diff from the previous month, for example:
-
- - Our test suite covers SCENARIOS scenarios, DIFF more that in May.
-
-Funding
-=======
-
-XXX: The fundraising team should look at the fundraising Git.
-
- git log --patch --since='1 December' --until='1 January' origin/master
-
-XXX: The fundraising and accounting teams should look at the archives of <tails-fundraising@boum.org> and <tails-accounting@boum.org>.
-
-Outreach
-========
-
-Past events
------------
-
-Upcoming events
----------------
-
-On-going discussions
-====================
-
-XXX: Link to the thread on <https://mailman.boum.org/pipermail/tails-XXX/>.
-
-Press and testimonials
-======================
-
-XXX: Copy content from press/media_appearances_2018.mdwn
- This page is continuously updated by tails-press@boum.org, so if
- it's empty there might be nothing special to report.
-
-Translation
-===========
-
-XXX: Add the output of `contribute/l10n_tricks/language_statistics.sh`
-XXX: Add the output of (adjust month!):
-
- git checkout $(git rev-list -n 1 --before="September 1" origin/master) && \
- git submodule update --init && \
- ./wiki/src/contribute/l10n_tricks/language_statistics.sh
-
-Metrics
-=======
-
-* Tails has been started more than BOOTS/MONTH times this month. This makes BOOTS/DAY boots a day on average.
-* SIGS downloads of the OpenPGP signature of Tails ISO from our website.
-* WHISPERBACK bug reports were received through WhisperBack.
-
-[[How do we know this?|support/faq#boot_statistics]]
-
-XXX: Ask <tails@boum.org> for these numbers.
diff --git a/wiki/src/blueprint/monthly_report/report_2018_08.mdwn b/wiki/src/blueprint/monthly_report/report_2018_08.mdwn
index d7270f8..9c95abb 100644
--- a/wiki/src/blueprint/monthly_report/report_2018_08.mdwn
+++ b/wiki/src/blueprint/monthly_report/report_2018_08.mdwn
@@ -30,17 +30,39 @@ XXX: If you feel like it and developers don't do it themselves,
Documentation and website
=========================
-XXX: If you feel like it and technical writers don't do it
- themselves, explore the Git history:
+We documented how to:
- git log --patch --since='1 October' --until='1 November' origin/master -- "*.*m*"
+- [[Install additional software|doc/first_steps/additional_software]].
+
+- [[Unlock VeraCrypt volumes|doc/encryption_and_privacy/veracrypt]].
+
+- Fix [[Persistent folder disappearing and persistent feature
+ configurations not loading|support/known_issues#persistence-disappears]].
+
+- Fix [[Tails behaving weirdly if an automatic upgrade is only
+ partially applied|support/known_issues#partial-upgrade]].
+
+- Calculate the [[food budget for contributors attending events
+ on behalf of Tails|contribute/sponsorship_to_attend_events]].
User experience
===============
-XXX: If you feel like it and the UX team does not do it
- themselves, check the archives of tails-ux:
- <https://mailman.boum.org/pipermail/tails-ux/>
+- We presented a first version of our personas to the community and
+ agreed on focusing on [[Riou, The Censorship
+ Evader|blueprint/personas#riou]], as our primary persona.
+
+<a href="https://git.tails.boum.org/ux/plain/personas/posters.pdf"><img src="https://git.tails.boum.org/ux/plain/personas/posters.png"></a>
+
+- We completed the [[collaboration with Simply
+ Secure|blueprint/explain_tails/simsec]] on the Tails identity (aka.
+ "brand") and making it easier to understand what is Tails and how it
+ works. This work lays the foundation to:
+
+ - Redefining our visual style and tone.
+ - [[Explanation of Tails|blueprint/explain_tails]] on our home and about pages.
+
+ We will report on this in more details later.
Hot topics on our help desk
===========================
@@ -68,6 +90,11 @@ XXX: Report only if more scenarios have been written and add the diff from the p
Funding
=======
+- *DeepOnion* partnered with Tails and donated 0.154 btc.
+
+- *Handshake Foundation* partnered with Tails and donated
+ $200&thinsp;000.
+
XXX: The fundraising team should look at the fundraising Git.
git log --patch --since='1 December' --until='1 January' origin/master
@@ -83,6 +110,15 @@ Past events
Upcoming events
---------------
+- sajolida will be at [Tor meeting in Mexico
+ City](https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity)
+ from September 29 to October 3 and will present Tails during the open
+ days on October 2.
+
+- sajolida will discuss Tails, user experience, and free software at the
+ Coloquio de Privacidad y Anonimato of UNAM in Mexico City on October
+ 4&ndash;5.
+
On-going discussions
====================
@@ -110,7 +146,7 @@ Metrics
* Tails has been started more than BOOTS/MONTH times this month. This makes BOOTS/DAY boots a day on average.
* SIGS downloads of the OpenPGP signature of Tails ISO from our website.
-* WHISPERBACK bug reports were received through WhisperBack.
+* 74 bug reports were received through WhisperBack.
[[How do we know this?|support/faq#boot_statistics]]
diff --git a/wiki/src/blueprint/non-discriminatory_language.mdwn b/wiki/src/blueprint/non-discriminatory_language.mdwn
index 4d69251..c3c22bd 100644
--- a/wiki/src/blueprint/non-discriminatory_language.mdwn
+++ b/wiki/src/blueprint/non-discriminatory_language.mdwn
@@ -3,7 +3,9 @@ Also tracked by ticket: [[!tails_ticket 10181]]
What's the problem
------------------
-some ideas/suggestions:
+We want the Tails community to be diverse. In order to achieve this, our documentation should be the most welcoming possible, to all spectra of gender and provide the same openness in all translations. Also see [Debian's diversity statement](https://www.debian.org/intro/diversity).
+
+Some ideas/suggestions:
* Can we measure how severe the problem is?
@@ -84,8 +86,8 @@ General examples how discrimination via language works
WIP
-Possible in-practice solutions
-------------------------------
+Possible in-practice solutions (German)
+---------------------------------------
* add a "disclaimer" that we address everyone and that we understand the general problem but use common wording as it's less complicated. -> aka. leave as it is
* use both female/male wording, e.g. "Benutzerinnen und Benutzer".
diff --git a/wiki/src/blueprint/personas.mdwn b/wiki/src/blueprint/personas.mdwn
index 0d1e8f5..4a3bedc 100644
--- a/wiki/src/blueprint/personas.mdwn
+++ b/wiki/src/blueprint/personas.mdwn
@@ -1,8 +1,6 @@
[[!meta title="Personas"]]
-[[!toc levels=3]]
-
-# Big picture
+[[!toc levels=2]]
This is about [[!tails_ticket 11162]].
@@ -24,16 +22,10 @@ This is about [[!tails_ticket 11162]].
- Accessibility and inclusion
- [Designing for the extremes (or why your average user doesn’t exist)](https://sugoru.com/2013/07/14/designing-for-the-extremes/)
- [Personas for Accessible UX](https://www.slideshare.net/whitneyq/personas-for-accessible-ux)
- - [Inclusive Design at Microsoft](https://www.microsoft.com/en-us/design/inclusive)
+ - [Inclusive Design at Microsoft](https://www.microsoft.com/design/inclusive/)
# Data sources
-- [*Internews*: Digital Security and Journalists, A SnapShot of
- Awareness and Practice in Pakistan](https://www.internews.org/sites/default/files/resources/Internews_PK_Secure_Journalist_2012-08.pdf).
-
-- [*Digital Rights Foundation*: Digital (In)security of Journalists in
- Pakistan](https://digitalrightsfoundation.pk/wp-content/uploads/2018/01/Report-Digi-Insecurity-of-Journos.pdf).
-
- [*Mozilla*: 10 Fascinating Things We Learned When We Asked The World ‘How
Connected Are You?’](https://blog.mozilla.org/blog/2017/11/01/10-fascinating-things-we-learned-when-we-asked-the-world-how-connected-are-you/).
@@ -54,26 +46,11 @@ This is about [[!tails_ticket 11162]].
different causal beliefs related to computer security, and about the
actions they regularly undertake to protect their computers.
-- [*Javier Garza Ramos*, Journalist Security in the Digital
- World](http://www.cima.ned.org/wp-content/uploads/2016/03/CIMA-Journalist-Digital-Tools-03-01-15.pdf)
- is a survey of 154 journalists worldwide on their digital security
- practices.
-
-- [Jennifer R. Henrichsen](https://www.asc.upenn.edu/people/jennifer-r-henrichsen) is
- doing a research with journalists and digital security trainers to
- shed light on journalists' perceptions toward digital security
- technologies, including motivations to adopt and barriers to adoption.
- In March 2018, the results of her research were not published yet.
-
-- [EFF: Privacy By Practice, Not Just By Policy: A System Administrator
- Advocating for Student Privacy](https://www.eff.org/deeplinks/2017/03/privacy-practice-not-just-policy-system-administrator-advocating-student-privacy)
- is an interesting story about the use of Chromebooks in schools and
- the internal resistance about its threat to privacy.
+# Archive of the process
-- [Tails-project: Regarding USB sticks for domestic violence
- survivors](https://mailman.boum.org/pipermail/tails-project/2017-March/000757.html)
+[[!toggle id="2016-08" text="Collective brainstorming in August 2016"]]
-# Collective brainstorming in August 2016
+[[!toggleable id="2016-08" text="""
Use cases:
@@ -148,9 +125,11 @@ Use cases:
- A person without the need for a big storage uses Tails as their main
operating system to have more privacy.
-<a id="2017-08"></a>
+"""]]
+
+[[!toggle id="2017-08" text="Collective process from August 2017"]]
-# Collective process from August 2017
+[[!toggleable id="2017-08" text="""
Summary of a 2 hours session we did with 12 core contributors.
@@ -214,390 +193,553 @@ conception and gestation*.
- All together we summarize these goals by identifying main goals and
subgoals. (10')
- - Final goals:
+ See "User goals for using Tails" below.
+
+"""]]
- **A. I want to hide information about myself**
+User goals for using Tails
+==========================
- - I want to keep content & information secret from my government
- - I want to keep information secret from my family and close people
- - I want to access sensitive information stealthily
- - I want to hide my identity
- - I want to hide my location and identity
- - I want to hide my location
- - I don't want to raise suspicion
+#### A. I want to hide information about myself
- **B. I want to communicate and collaborate securely**
+- I want to keep information secret from my government
+- I want to keep information secret from my family and close people
+- I want to access sensitive information stealthily
+- I want to hide my identity
+- I want to hide my location
+- I don't want to raise suspicion
- - I want to communicate securely with known peers
- - I want to communicate securely with unknown peers
- - I want to communicate with others who are under surveillance
- - We want to share and work on documents privately
+#### B. I want to communicate and collaborate securely
- **C. I want to store information safely**
+- I want to communicate securely with known peers
+- I want to communicate securely with unknown peers
+- I want to communicate with others who are under surveillance
+- We want to share and work on documents privately
- - I need to safely store my data
- - I want to edit or anonymize my data
+#### C. I want to store information safely
- **D. I want to leave no trace on the computer**
+- I need to safely store my data
+- I want to edit or anonymize my data
- - I need to use a computer that is not mine
+#### D. I want to leave no trace on the computer
- **E. I want information to be free**
+- I need to use a computer that is not mine
- - I want to access censored information online
- - I want to publish sensitive information
+#### E. I want information to be free
- **F. I don't want my data to be gathered by corporations and governments**
+- I want to access censored information online
+- I want to publish sensitive information
- - I want to understand people using Tails
- - I just want more privacy
+#### F. I don't want my data to be gathered by corporations and governments
-# Skeletons
+- I want to understand people using Tails
+- I just want more privacy
-After this collective session, the core team working on the personas (3
-people) started preparing skeletons, rough descriptions of each persona,
-based on the main goals identified earlier. Each persona is primarily
-focused on a single main goal but also corresponds to some subgoals of
-other categories.
+# Personas
-On top of demographics, background, and technical skills information,
-our framework includes holistic security and threat modeling information
-(based on the [Personas Framework for Internet
-Freedom](http://internetfreedom.secondmuse.com/framework-elements/developing-personas/)
-developed by SecondMuse):
+Our framework includes holistic security and threat modeling information based
+on the [Personas Framework for Internet Freedom](http://internetfreedom.secondmuse.com/framework-elements/developing-personas/)
+developed by SecondMuse:
- 1. Name (genderneutral)
- 2. Occupation
- 3. Background
- 4. Motivations
- 5. Challenges and threats
- 6. Communications
- 7. Goals
- 8. Use cases
- 9. Definition of security
- 10. Key Technologies used regularly
- a. Features used in Tails
- b. Features used outside of Tails
- 11. Threat perception
- 12. Security precautions
+- Name (genderneutral)
+- Occupation
+- Background
+- Motivations
+- Challenges and threats
+- Communications
+- Goals
+- Use cases
+- Definition of security
+- Key Technologies used regularly
+ - Features used in Tails
+ - Features used outside of Tails
+- Threat perception
+- Security precautions
<a id="kim"></a>
-## Kim, the surveilled at home
-
-- **Background**
-
- - Kim is a gay youth from Nigeria that has been institutionalized.
- - Kim has been abused at home.
- - Kim is using a shared a computer.
-
-- **Motivations**
-
- - Kim is searching for help and support groups online and also tries
- to find solidarity.
- - Kim wants to feel normal.
- - Kim wants to avoid surveillance from mentors in the institution they
- lives in.
- - Kim does not want to leave traces on the shared computer and prefers
- to hide their identity by accessing information stealthily.
-
-- **Challenges and threats**:
-
- - The computer room is crowded
- - Can't meet with support groups openly and has to do it online
- - Surveillance from mentors
- - Time is limited
- - Fear of previous abusers
- - Worried about saving information safely
- - Needs to know keyboard shortcuts for switching applications in case
- somebody walks behind them
- - Needs safe storage for email addresses and nicknames
- - Needs access to books online
- - Needs to use a pseudonym
- - Needs a stealth or dedicated email address
- - Needs to store data in the cloud or an encrypted device in case Kim
- gets searched
-
-- **Communications**
-
- - Online support groups: forums, websites
- - Known peers: chat, email
- - Unknown peers: chat, email, forums
- - Psychologist online: forums, websites
-
-- **Goals**
-
- A. I want to hide information about myself
- - I want to keep content & information secret from my government
- - I want to keep information secret from my family and close people
- - I want to access sensitive information stealthily
- - I want to hide my identity
- - I want to hide my location and identity
- - I want to hide my location
- - I don't want to raise suspicion
-
- B. I want to communicate and collaborate securely
- - I want to communicate securely with known peers
- - I want to communicate securely with unknown peers
-
- D. I want to leave no trace on the computer
- - I need to use a computer that is not mine
-
- E. I want information to be free
- - I want to access censored information online
+## Kim, The Surveilled at Home (16-19)
+
+### Background
+
+- Is living in a very religious family in the US.
+
+- Tried to come out as trans to their family in the past but they don't
+ believe them and think they are just a complicated teenager.
+
+- Tried to run away in the past and since then their family is
+ controlling their movements and relationships.
+
+- Has a violent father.
+
+- Is going to a religious school which is aware of the situation and
+ keeps a close eye on them.
+
+### Motivations
+
+- Is searching for help and support groups online and also tries to find
+ solidarity.
+
+- Is planning to escape their family for good and reach a safe house.
+
+- Wants to feel safe.
+
+- Wants to avoid surveillance from their family and school.
+
+- Doesn't want to leave traces on the shared computer and prefers to
+ hide their identity by accessing information stealthily.
+
+### Challenges and threats
+
+- Their mobile phone and the computers in the family are monitored.
+
+- Computers at school are monitored.
+
+- Doesn't have their own computer and sometimes borrow the computer from
+ their older sister.
+
+- Can't meet with support groups openly and has to do it online.
+
+- Has limited time when using computers.
+
+- Is worried about saving information safely.
+
+- Needs to know keyboard shortcuts for switching applications in case
+ somebody walks behind them.
+
+- Needs safe storage for email addresses and nicknames.
+
+- Needs access to books online.
+
+- Needs to use a pseudonym.
+
+- Needs a stealth or dedicated email address.
+
+- Needs to document abuses in their family and school and keep it safe.
+
+### Communications
+
+- Online support groups: forums, websites.
+
+- Known peers: chat, email.
+
+- Unknown peers: chat, email, forums.
+
+- Psychologist and solidarity groups online: forums, websites.
+
+### Primary goals
+
+#### A. I want to hide information about myself
+
+- I want to keep information secret from my family and close people
+- I want to access sensitive information stealthily
+- I want to hide my identity
+- I want to hide my location
+- I don't want to raise suspicion
+
+#### D. I want to leave no trace on the computer
+
+- I need to use a computer that is not mine
+
+### Secondary goals
+
+#### B. I want to communicate and collaborate securely
+
+- I want to communicate securely with known peers
+- I want to communicate securely with unknown peers
+
+#### C. I want to store information safely
+
+- I need to safely store my data
+
+#### E. I want information to be free
+
+- I want to access censored information online
<!--
-- **Use cases**
+### Use cases
+
+### Definition of security
-- **Definition of security**
+### Key technologies used regularly
-- **Key technologies used regularly**
+#### Features used in Tails
- a. Features used in Tails
+- Windows Camouflage
- b. Features used outside of Tails
+#### Features used outside of Tails
-- **Threat perception**
+### Threat perception
-- **Security precautions**
+### Security precautions
-->
+### References
+
+- [EFF: Privacy By Practice, Not Just By Policy: A System Administrator Advocating for Student Privacy](https://www.eff.org/deeplinks/2017/03/privacy-practice-not-just-policy-system-administrator-advocating-student-privacy)
+
+- [Tails-project: Regarding USB sticks for domestic violence survivors](https://mailman.boum.org/pipermail/tails-project/2017-March/000757.html)
+
+- [Laura Durso & Gary Gates: LGBT Youth Survey](http://williamsinstitute.law.ucla.edu/wp-content/uploads/Durso-Gates-LGBT-Homeless-Youth-Survey-July-2012.pdf)
+
+- [The Guardian: Safe houses offer sanctuary to LGBT youngsters in Manchester and London](https://www.theguardian.com/society/2013/sep/04/safe-houses-sanctuary-lgbt-young-people)
+
+- [GLAAD: North Philly preparing safe house for LGBT Youth](https://www.glaad.org/blog/north-philly-preparing-safe-house-lgbt-youth)
+
+- [Net Orbit: School Network Monitoring](http://www.net-orbit.com/school-network-monitoring.html)
+
+- [Net Nanny: Parental Control Software & Website Blocker](https://www.netnanny.com/)
+
+- [Norton: Family Premier](https://us.norton.com/norton-family-premier/)
+
+- [HackBlossom: DIY Cybersecurity for Domestic Violence](https://hackblossom.org/domestic-violence/)
+
<a id="cris"></a>
-## Cris, the sensitive information gatherer
+## Cris, The Information Gatherer (50-60)
+
+### Background
+
+- Is a Mexican journalist living in the United States for their safety.
+
+- Is doing high-stakes investigation on the government, the mafia, and
+ drug related trafficking and corruption.
+
+- Is visiting Mexico to interview locals and needs to get out of the
+ country with the collected information and media safely.
+
+- Needs to communicate with journalistic partners and sources and to
+ protect these communications as well as the identity of their
+ interview partners.
-- **Background**
+- Needs to store and edit the collected information safely. They also
+ need to keep metadata in order to prove the evidence.
- - Cris is a Mexican refugee based in the United States.
- - Cris is an investigative journalist doing high stake reporting on
- the government, the mafia, and drug related trafficking and
- corruption.
- - Cris is visiting Mexico to interview locals and needs to get
- out of the country with the collected information and media safely.
- - Cris needs to communicate with journalistic partners and sources and
- to protect these communications as well as the identity of Cris'
- interview partners.
- - Cris needs to store and edit the collected information safely. They
- also need to keep metadata in order to prove the evidence.
- Furthermore they also need to send big videos files over the
- Internet for somebody else to edit it.
+- Needs to send big videos files over the Internet for somebody else to
+ edit it.
-- **Motivations**
+### Motivations
- - Publish information about corrupted politicians and harm they did.
- - Turn public opinion against these people.
+- Publish information about corrupted politicians and harm they did.
-- **Challenges and threats**
+- Bring them in front of a court.
- - Access information
- - Publish under pseudonyms
- - Hide their location and identity
- - Stealth research by visiting journalists
- - Bring information outside of the country
+### Challenges and threats
-- **Communications**
+- Access information.
- - Local interviewees: leaking platform, mobile phone messaging
- - Journalistic partners: emails, mobile phone messaging
- - Publication: websites, cloud storage
+- Hide what they are working on until it's made public.
-- **Goals**
+- Research stealthily by visiting journalists.
- A. I want to hide information about myself
- - I want to keep content & information secret from my government
- - I want to access sensitive information stealthily
- - I want to hide my identity
- - I don't want to raise suspicion
+- Bring information outside of the country.
- B. I want to communicate and collaborate securely
- - I want to communicate securely with known peers
- - I want to communicate securely with unknown peers
- - I want to communicate with others who are under surveillance
- - We want to share and work on documents privately
+### Communications
- C. I want to store information safely
- - I need to safely store my data
- - I want to edit or anonymize my data
+- Local interviewees: leaking platform, mobile phone messaging.
- E. I want information to be free
- - I want to publish sensitive information
+- Journalistic partners: emails, mobile phone messaging.
+
+- Publication: websites, cloud storage.
+
+### Primary goals
+
+#### B. I want to communicate and collaborate securely
+
+- I want to communicate securely with known peers
+- I want to communicate securely with unknown peers
+- I want to communicate with others who are under surveillance
+- We want to share and work on documents privately
+
+#### C. I want to store information safely
+
+- I need to safely store my data
+- I want to edit or anonymize my data
+
+### Secondary goals
+
+#### A. I want to hide information about myself
+
+- I want to keep information secret from my government
+- I want to access sensitive information stealthily
+- I want to hide my identity
+- I want to hide my location
+
+#### E. I want information to be free
+
+- I want to publish sensitive information
<!--
-- **Use cases**
+### Use cases
-- **Definition of security**
+### Definition of security
-- **Key technologies used regularly**
+### Key technologies used regularly
- a. Features used in Tails
+#### Features used in Tails
- b. Features used outside of Tails
+#### Features used outside of Tails
-- **Threat perception**
+### Threat perception
-- **Security precautions**
+### Security precautions
-->
+### References
+
+- [The Citizen Lab: Reckless Exploit Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware](https://citizenlab.ca/2017/06/reckless-exploit-mexico-nso/)
+
+- [Wikipedia: List of journalists and media workers killed in Mexico](https://en.wikipedia.org/wiki/List_of_journalists_and_media_workers_killed_in_Mexico)
+
+- Interviews
+ - [[Claudia & Felix|interviews#Claudia]]
+ - [[Joana & Orlando|interviews#Joana]]
+
+- [Digital Rights Foundation: Digital (In)security of Journalists in Pakistan](https://digitalrightsfoundation.pk/wp-content/uploads/2018/01/Report-Digi-Insecurity-of-Journos.pdf)
+
+- [Javier Garza Ramos, Journalist Security in the Digital World](http://www.cima.ned.org/wp-content/uploads/2016/03/CIMA-Journalist-Digital-Tools-03-01-15.pdf)
+
+- [Jennifer R. Henrichsen](https://www.asc.upenn.edu/people/jennifer-r-henrichsen) is
+ doing a research with journalists and digital security trainers to
+ shed light on journalists' perceptions toward digital security
+ technologies, including motivations to adopt and barriers to adoption.
+ In March 2018, the results of her research were not published yet.
+
+- [Forensic Architecture: The Ayotzinapa Case](https://www.forensic-architecture.org/case/ayotzinapa/)
+
+- Gaby Weber is a German journalist and has researched quite a bit on
+ nazi past in Argentina, involving Mercedes Benz. She uses Tails.
+
+- [The Guardian: Whistleblowers wanted: Mexican journalists seek tips through website)](https://www.theguardian.com/world/2015/mar/16/whistleblowers-mexico-journalists-website)
+
<a id="riou"></a>
-## Riou, the protest organizer
+## Riou, The Censorship Evader (20-30)
+
+### Background
+
+- Is a social science student in Hanoi.
+
+- Is part of a group organizing a public massive protest against new
+ government policies and laws.
+
+- Is considered to be quite tech-savvy by others in their group though
+ they never really studied computer science.
+
+- Wants to be stealthy and anonymous, but the protest needs to be public
+ and advertised.
+
+- Their group needs to send out strategic information to the public so
+ that citizens actually know where to show up.
+
+- In order to publish this information, their group uses websites which
+ are not hosted on servers within the country, so that the government
+ cannot shut them down but these websites are censored within the
+ country.
+
+- Their group uses social media: Twitter, Facebook, YouTube, etc.
+
+- Their group doesn't trust the local press but sometimes interacts
+ pseudonymously with the international press or the Vietnamese diaspora
+ (on social media, over email, etc.).
-- **Background**
+- Their group is doing most of their communication beforehand.
- - Riou is a student in Hong Kong, who participates in the Umbrella
- movement.
- - Riou organizes a public massive protest against new government
- policies and laws. The organizers need to be stealthy and anonymous,
- but the protest needs to be public and advertised. The organizers
- need to send out strategic information to the press and to the
- public so that citizens actually know where to show up. In order to
- publish this information they use websites which are not in the
- country, so that the government cannot shut them down.
- - During the protest they leave their phones at home. They are doing
- most of their communication beforehand. Although they take photos
- and videos of the protests and try to publish this information on
- websites which are censored within the country. They got to get it
- online as soon as it's produced on social media and they also want
- to stream the protest and speeches. They might want to do that on
- devices that are not theirs, so that they can hide their involvement
- in the organization of this protest.
+- During the protest, leaves their phones at home and use devices that
+ are not theirs (burner phones, cameras, etc.), so that they can hide
+ their involvement in the organization of this protest.
-- **Motivations**
+- After the protest, their group tries to publish text and images about
+ the protest as soon as possible.
- - Riou wants to lead social change in their country without being put
- themselves under the spotlight.
- - Riou wants information to be free in their country: they want to
- speak freely and they want others to have access to uncensored
- information.
+### Motivations
-- **Challenges and threats**
+- Wants to lead social change in their country without being put
+ themselves under the spotlight.
- - Use networks
- - Access information online
- - Use applications that the government is not monitoring
- - Use mesh applications
+- Wants information to be free in their country: they want to speak
+ freely and they want others to have access to uncensored information.
-- **Communications**
+### Challenges and threats
- - Internal communications: chat, encrypted emails
- - External communications: censored websites
+- Use networks.
-- **Goals**
+- Access information online.
- A. I want to hide information about myself
- - I want to keep content & information secret from my government
- - I want to hide my identity
- - I want to hide my location
- - I don't want to raise suspicion
+- Use applications that the government is not monitoring.
- B. I want to communicate and collaborate securely
- - I want to communicate securely with known peers
+- Use mesh applications.
- E. I want information to be free
- - I want to access censored information online
- - I want to publish sensitive information
+- Help others access censored information; for example by teaching
+ people anti-censorship technologies.
+
+### Communications
+
+- Internal communications: chat, encrypted emails.
+
+- External communications: censored websites.
+
+### Primary goal
+
+#### E. I want information to be free
+
+- I want to access censored information online
+- I want to publish sensitive information
+
+### Secondary goals
+
+#### A. I want to hide information about myself
+
+- I want to keep information secret from my government
+- I want to hide my identity
+- I want to hide my location
+- I don't want to raise suspicion
+
+#### B. I want to communicate and collaborate securely
+
+- I want to communicate securely with known peers
+- I want to communicate securely with unknown peers
<!--
-- **Use cases**
+### Use cases
+
+### Definition of security
-- **Definition of security**
+### Key technologies used regularly
-- **Key technologies used regularly**
+#### Features used in Tails
- a. Features used in Tails
+- *emmapeel: riou eeds backups too, for the team to share the
+ different pictures like a mediagoblin or something*
+- *emmapeel: if the organizers communicate stealthily, maybe they can
+ share the pictures with onionshare*
+- *sajolida: so maybe Riou gives out Tails sticks during the
+ protest!!*
+- *sajolida: or gives out outreach material or translate Tails into
+ their language, etc.*
- b. Features used outside of Tails
+#### Features used outside of Tails
-- **Threat perception**
+- *emmapeel: maybe they have one of those canon cameras with hacked
+ firmware and can encrypt the pictures when they are taken, just i
+ case they get caught*
+- *groente: maybe riou runs a clandestine private bridge and wants to
+ share this with fellow protesters?*
+- *emmapeel: riou will have a mac then! :S*
+- *u: and a apfelphone :)*
-- **Security precautions**
+#### Threat perception
+
+#### Security precautions
-->
+### References
+
+- [Viet Tan: Vietnam Cyber Dialogue 2017 Report](http://viettan.org/en/vietnam-cyber-dialogue-2017-report/)
+
+- [OpenNet Initiative: Update on threats to freedom of expression online in Vietnam](https://opennet.net/blog/2012/09/update-threats-freedom-expression-online-vietnam)
+
+- [SecondMuse: Understanding Internet Freemdom - Vietnam's Digital Activits](http://internetfreedom.secondmuse.com/wp-content/uploads/2015/08/if_vietnam_v1.1.pdf)
+
+- [Wikipedia: Censorship in Vietnam](https://en.wikipedia.org/wiki/Censorship_in_Vietnam)
+
+- [Wikipedia: Internet censorship in Vietnam](https://en.wikipedia.org/wiki/Internet_censorship_in_Vietnam)
+
+- [The New York Times: Vietnamese Protest an Opening for Chinese Territorial Interests](https://www.nytimes.com/2018/06/11/world/asia/vietnamese-protest-chinese.html)
+
<a id="derya"></a>
-## Derya, the privacy advocate
+## Derya, The Privacy Advocate (30-40)
+
+### Background
+
+- Works for an e-commence company in Lebanon.
+
+- Is very privacy conscious. They use only free software on their
+ personal computer but at work their job is to optimize sells by
+ analyzing what people buy most and why.
+
+- Knows more than average about computers and the Internet but has no
+ strong technical background.
+
+- Often gives digital security advice to friends in Lebanon and to other
+ people online in Arabic and Turkish.
+
+- Sometimes contributes to free software projects in their free time.
+ For example, they translate lots of software into Arabic and Turkish.
+
+- Does a lot of trekking and backpacking around the world.
-- **Background**
+- Has some bitcoins for fun, speculation, and a bit of tax-free
+ business.
- - Derya is a content writer for an e-commerce website.
- - Derya is a Turkish refugee living in Germany.
- - Derya contributes to free software projects in their free time. For
- example, they translate lots of software into Turkish.
- - Derya gives digital security trainings and advices to activist
- friends in Germany and Turkey.
- - Derya knows more than average about computers and the Internet but
- has no strong technical background.
- - Derya is very privacy concious. They use only free software on their
- personal computer but at work their job is to optimize the sells of
- their e-commerce company by analyzing what people buy most and why.
+### Motivations
-- **Motivations**
+- Is outraged by all kinds of privacy violations and knows that
+ everybody is watched upon in one way or another.
- - Derya is outraged by all kinds of privacy violations and knows that
- everybody is watched upon in one way or another.
- - Derya wants to contribute to free software projects from their place
- of work.
- - Derya wants to help activists in Turkey and Germany to hide their
- identities, communicate securely, and publish sensitive information.
- - Derya wants to help their family and friends in Turkey circumvent
- censorship.
- - Derya doesn't want the Turkish government to know that they are a
- digital security trainer.
+- Wants to know everything about how online surveillance works and is
+ always learning new privacy-preserving technologies.
-- **Challenges and threats**
+- Wants to contribute to free software projects from their place of
+ work.
- - Getting busted by their boss or colleagues while taking some time
- off their work.
- - Crossing-borders to give digital security trainings.
- - Staying up-to-date with privacy tools and knowing how to explain
- them to others.
+- Wants to write on his blog, access his emails, and use other people's
+ computer safely while traveling.
-- **Communications**
+### Challenges and threats
- - Free software contribution: encrypted and unencrypted emails and chat
- - Organizing digital security trainings: smart phone messaging apps
+- Staying up-to-date with privacy tools and knowing how to explain them
+ to others.
-- **Goals**
+- Getting busted by their boss or colleagues while taking some time off
+ their work.
- A. I want to hide information about myself
- - I want to keep content & information secret from my government
- - I want to keep information secret from my family and close people
- - I want to hide my identity
- - I don't want to raise suspicion
+### Communications
- B. I want to communicate and collaborate securely
- - I want to communicate securely with known peers
- - I want to communicate with others who are under surveillance
+- Free software contribution: encrypted and unencrypted emails and chat.
- D. I want to leave no trace on the computer
- - I need to use a computer that is not mine
+- While traveling: emails and social media.
- E. I want information to be free
- - I want to access censored information online
+### Primary goal
- F. I don't want my data to be gathered by corporations and governments
- - I want to understand people using Tails
- - I just want more privacy
+#### F. I don't want my data to be gathered by corporations and governments
+
+- I want to understand people using Tails
+- I just want more privacy
+
+### Secondary goals
+
+#### D. I want to leave no trace on the computer
+
+- I need to use a computer that is not mine
+
+#### E. I want information to be free
+
+- I want to access censored information online
<!--
-- **Use cases**
+### Use cases
+
+### Definition of security
+
+### Key Technologies used regularly
-- **Definition of security**
+#### Features used in Tails
-- **Key Technologies used regularly**
+- *emmapeel: maybe Derya wants to print and make posters, flyers, etc*
- a. Features used in Tails
- b. Features used outside of Tails
+#### Features used outside of Tails
-- **Threat perception**
+### Threat perception
-- **Security precautions**
+### Security precautions
-->
diff --git a/wiki/src/blueprint/randomness_seeding.mdwn b/wiki/src/blueprint/randomness_seeding.mdwn
index a8184bc..0759060 100644
--- a/wiki/src/blueprint/randomness_seeding.mdwn
+++ b/wiki/src/blueprint/randomness_seeding.mdwn
@@ -1,33 +1,43 @@
-# /dev/random and /dev/urandom radomness seeding in Tails
-
-/dev/random and /dev/urandom are special Linux devices that provide access from
-user land to the Linux kernel Cryptographically Secure Pseudo Random Number
-Generator (CSPRNG). This generator is used for almost every security protocol,
-like TLS/SSL key generation, choosing TCP sequences, ASLR offsets, and GPG key
-generation [1]. In order for this CSPRNG to be really cryptographically secure,
-it's recommended to seed it with a 'good' entropy source, even though The Linux
-kernel collects entropy from several sources, for example keyboard typing,
+# /dev/random and /dev/urandom randomness seeding in Tails
+
+/dev/random and /dev/urandom are special Linux devices that provide
+access from user land to the Linux kernel Cryptographically Secure
+Pseudo Random Number Generator (CSPRNG). This generator is used for
+almost every security protocol, like TLS/SSL key generation, choosing
+TCP sequences, ASLR offsets, and
+[https://eprint.iacr.org/2006/086.pdf](GPG key generation) . In order
+for this CSPRNG to indeed be cryptographically secure, it's recommended
+to seed it with a 'good' entropy source, even though The Linux kernel
+collects entropy from several sources, for example keyboard typing,
mouse movement, among others.
-Because of the Tails nature of being amnesic, and run from different type of
-live devices (from DVDs to USB sticks), special care must be taken to ensure
-the system still gets enough entropy and boots with enough randomness. This is
-not easy in the Tails context, where the system is almost always booting the
-same way. Even the squashfs file is ordered to optimize boot time.
-
-Although these problem have been documented since a long time (see [7] and
-[8]), there's not much done to tackle the problem. We looked at notes and
-research from LiveCD OS's and supply them here for completements sake. Whonix
-has a [wiki page](https://www.whonix.org/wiki/Dev/Entropy) with some notes, and
-Qubes has tickets about this ([3],[4],[5] and [6]).
+Because of Tails' feature of being amnesic, and run from different types
+of live devices (from DVDs to USB sticks), special care must be taken to
+ensure the system gets enough entropy and boots with enough randomness.
+This proves to be hard within the Tails context, where the system is
+almost always booting the same way. Even the squashfs file is ordered to
+optimize boot time.
+
+Although these problems have been documented since a long time (see
+[https://www.av8n.com/computer/htm/secure-random.htm] and
+[http://www.av8n.com/computer/htm/fixup-live-cd.htm]), there's not much
+done to tackle the problem. We looked at notes and research from LiveCD
+OS's and supply them here for completeness' sake. Whonix has a [wiki
+page](https://www.whonix.org/wiki/Dev/Entropy) with some notes, and
+Qubes has tickets about this
+[http://wiki.qubes-os.org/trac/ticket/673](Qubes 673),
+[https://github.com/QubesOS/qubes-issues/issues/1311](Qubes 1311),
+[https://groups.google.com/forum/#!msg/qubes-devel/Q65boPAbqbE/9ZOZUInQCgAJ](Qubes devel),
+[https://groups.google.com/forum/#!topic/qubes-devel/5wI8ygbaohk](Qubes devel).
## Current situation
See the related [[design document|contribute/design/random]]
-Tails do not ship /var/lib/urandom/random-seed in the ISO, since it means
-shipping a fixed known value for every Tails installation which means its
-entropy contribution is zero, and breaks reproducibility of the ISO image.
+Tails does not ship /var/lib/urandom/random-seed in the ISO, since it
+means shipping a fixed known value for every Tails installation, which
+in turn means that entropy contribution would be zero. Furthermore, this
+breaks reproducibility of the ISO image.
Without this random seed, systemd-random-seed won't write anything to
/dev/urandom, so we rely purely on the kernel CSPRNG and current system entropy
@@ -39,8 +49,8 @@ Tails ships Haveged and rngd since a while. Still there are concerns about
Haveged's reliability to provide cryptographically secure randomness, and rngd
is only really useful when random generator devices are used.
-Taking other measures to seed the Linux Kernel CSPRNG with good material is
-something worst spending efforts on.
+Taking other measures to seed the Linux Kernel CSPRNG with good material seems
+worth spending efforts on.
## Use cases
@@ -55,33 +65,33 @@ add one.
On the other hand, that's not the installation method we want to support the
most, and probably not the most used when people want to secure other
-communication types than HTTPS (e.g persistence is very usefull for OpenPGP key
+communication types than HTTPS (e.g persistence is very useful for OpenPGP key
storage and usage, chat account configuration, ...).
So we may eventually just document somewhere to users that they MUST NOT use
-this type of installation if they want to rely on good cryptograpy for their
+this type of installation if they want to rely on good cryptography for their
communications and key generation, or that they should wait after having
-interacting a long (but hard to define) time with the system so that it had time
+interacted a long (but hard to define) time with the system so that it had time
to collect entropy, and does not rely on the CSPRNG, Haveged and rngd only.
We could also add some kind of notification to users when entropy gets too low,
-or just saying them that the way they use Tails is not compatible with strong
+or just tell them that the way they use Tails is not compatible with strong
cryptography.
### Intermediary USB
This type of installation is supposed to be used when people are installing
Tails from another OS (except Debian and Ubuntu, where they can use the Tails
-installer). In most case, this means having a bit by bit copy of the Tails ISO
+installer). In most cases, this means having a bit-by-bit copy of the Tails ISO
on the USB stick, except for Windows where we ask to use the [Universal USB
Installer](http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/)
In this case the situation is pretty much the same than with the DVD one. No
-seed, and adding one is very difficult if not impossible (except with the
+seed. And adding one is very difficult if not impossible (except with the
Windows installation where we may ask upstream to implement that in the
Universal USB Installer, but well...).
-That's also not really the way we encourge users to use Tails, so as with DVD
+That's also not really the way we encourage users to use Tails, so as with DVD
there's maybe no point to fix the situation here, and the same workaround could
be applied (document it).
@@ -92,10 +102,11 @@ That's supposed to be the standard way to use Tails.
Note that in this case, there are two situations: booting this installation
with persistence enabled, and without.
-It is worth noting too that the first time this Tails installation is booted,
-most of the time the first step is to configure persistence, which means
-creating an encrypted partition. At this step though, there is at the moment
-probably very little entropy, so this may weaken the LUKS volume encryption.
+It is worth noting that the first time this Tails installation is
+booted, most of the time the first step is to configure persistence,
+which means creating an encrypted partition. At this step though, there
+is probably very little entropy at this moment, which may weaken the
+LUKS volume encryption.
### Virtual Machines
@@ -120,6 +131,9 @@ partition is created.
### Use the Tails installer to create a better seed [[!tails_ticket 11897]]
+Note that we'll likely soon distribute a USB image and won't use Tails
+installer anymore for creating Tails devices. [[!tails_ticket 15292]]
+
Tails installer can be used on Debian and Ubuntu, and is the tool people
running OSX or Windows are told to use to install their final Tails
USB stick with, by using an intermediary Tails to create the final USB.
@@ -128,32 +142,34 @@ Tails installer could store a seed in the FAT filesystem of the system
partition. That would workaround this first boot problem not handled by the
persistence option.
-We can't sadly update this seed while running Tails, as mounting RW the system
+We sadly can't update this seed while running Tails, as read-write mounting the system
FAT partition during a Tails session does not work. So the question whether updating it
or not is open.
If we want to do so, we'll have to update it at the system shutdown. This will
mean remount this partition, write the new random seed, then unmount it and
start the shutdown of the system. Obviously we can do this only in normal
-shutdown process, and will have to avoid it in emergency shutdown mode.
+shutdown process, and we'll have to avoid it in emergency shutdown mode.
We may alternatively not update it, and use it only when the persistence is not
enabled. That would still be a unique source of entropy per Tails installation,
-so that would be a better situation that the current one.
+so that would be a better situation than the current one.
One drawback: this would break the ability to verify this system partition with
a simple shasum operation.
### Use stronger/more entropy collectors [[!tails_ticket 5650]]
-As already stated, Tails run Haveged, and rngd (since 2.6 for the later).
+As already stated, Tails runs Haveged, and rngd (since 2.6 for the later).
We may want to add other sources though, given there are concerns about Haveged,
and rngd starts only when a hardware RNG is detected, which is not so often the
case.
-XXX: It would be nice to have a study (read: a survey of packages, etc) of all the
-useful entropy gathering daemons that might be of use on a Tails system. (and have this tested on computers with/without intel rng or things like an entropykey)
+XXX: It would be nice to have a study (read: a survey of packages, etc)
+of all the useful entropy gathering daemons that might be of use on a
+Tails system. (and have this tested on computers with/without intel rng
+or things like an entropykey)
An evaluation of some of them [has been done
already](https://volumelabs.net/best-random-data-software/)
@@ -167,43 +183,43 @@ Possible candidates:
* randomsound: probably a bad idea in the Tails context as we're discussing a
Greeter option to deactivate the microphone.
-### Block booting till enough entropy has been gathered
+### Block booting until enough entropy has been gathered
-One way to ensure Tails is booting with enough entropy would be to block during
-the boot if the system is lacking of it.
+One way to ensure Tails is booting with enough entropy would be to block
+the boot while the system is lacking it.
But this brings questions about how to interact correctly with the users,
as blocking without notifications would be terrible UX. Also Tails boot time is
a bit long already, and this may grow it quite a bit more again.
XXX: So before going on, we need a bit more data about the state of the entropy when
-Tails boot, specially now that we have several entropy collector daemons. It may
-very well be that this case do not happen anymore. And if it is, we need to know
-on average how much time that blocking would last. [Sycamoreone] [[!tails_ticket
+Tails boots, especially now that we have several entropy collector daemons. It may
+very well be that this case does not happen anymore. And if it does, we need to know
+on average how much time that blocking would last. [[!tails_ticket
11758]]
-### Regulary check available entropy and notify if low
+### Regularly check available entropy and notify if low
-An idea that has been mentioned several time is to have a service that
-check if the available entropy is high enough, and notify the user if
-it's not the case. One downside, is that observing the entropy pool costs
+An idea that has been mentioned several times is to have a service that
+checks if the available entropy is high enough, and notifies the user if
+it's not the case. One downside is, that observing the entropy pool costs
randomness, so this may have to be implemented with care or is worth
discussing/researching the costs/benefits.
+## Also see
+
+* [Schleuder thread about haveged](https://0xacab.org/schleuder/schleuder/issues/194)
+* The
+ [federal office for IT security in Germany analysed the rng in linux kernel 4.9 and all changes made up to 4.17](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=10).
+* [checking for available entropy](https://salsa.debian.org/tookmund-guest/pgpcr/issues/16)
+
## Related tickets
This is about [[!tails_ticket 7642]], [[!tails_ticket 7675]],
[[!tails_ticket 6116]], [[!tails_ticket 11897]] and friends.
-## References
-
-* [1] <https://eprint.iacr.org/2006/086.pdf>
-* [2] <https://eprint.iacr.org/2013/338.pdf>
-* [3] <http://wiki.qubes-os.org/trac/ticket/673>
-* [4] <https://github.com/QubesOS/qubes-issues/issues/1311>
-* [5] <https://groups.google.com/forum/#!msg/qubes-devel/Q65boPAbqbE/9ZOZUInQCgAJ>
-* [6] <https://groups.google.com/forum/#!topic/qubes-devel/5wI8ygbaohk>
-* [7] <https://www.av8n.com/computer/htm/secure-random.htm>
-* [8] <http://www.av8n.com/computer/htm/fixup-live-cd.htm>
-* [9] <https://www.python.org/dev/peps/pep-0506/>
-* [10]<https://docs.python.org/2/library/os.html#os.urandom>
+## More references
+
+* <https://eprint.iacr.org/2013/338.pdf>
+* <https://www.python.org/dev/peps/pep-0506/>
+* <https://docs.python.org/2/library/os.html#os.urandom>
diff --git a/wiki/src/blueprint/replace_Pidgin.mdwn b/wiki/src/blueprint/replace_Pidgin.mdwn
index 8a2a938..603598b 100644
--- a/wiki/src/blueprint/replace_Pidgin.mdwn
+++ b/wiki/src/blueprint/replace_Pidgin.mdwn
@@ -4,12 +4,13 @@ It would be nice to replace Pidgin with another secure IM client. Unfortunately
The document can also list candidate clients together with some indication where they are lacking (and where they shine).
-TODO: Would a pair of two separate client (XMPP and IRC) also be okay, or are we only looking for a single client that can do both? In fact, it is not even clear if Tails needs to contain an IRC client at all, after #tails and #tails-dev have been moved to XMPP.
-
[[!toc levels=3]]
# Requirements
+**Note**: this is a work in progress. See [[!tails_ticket 11686]]
+and its blockers for the next steps.
+
**Note**: the key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
@@ -44,8 +45,6 @@ The client must have a easy to use GUI that makes it hard for users to use the c
The client must support connections using TLS.
-TODO: Is STARTTLS needed?
-
### Support for Tor
The client must support Tor and must not leak any private data (hostname, username, local IP, ...) at the application level.
@@ -62,6 +61,15 @@ TODO: Pidgin already has an apparmor profile; should we require that a replaceme
The client MUST NOT save logs of conversations.
+### Candidates
+
+Suggested by sajolida on <https://mailman.boum.org/pipermail/tails-dev/2016-January/010123.html>:
+
+* private group chat
+* search and archive past public communications
+* offline-friendliness
+* <https://dymaxion.org/essays/pleasestop.html>
+
## XMPP (Jabber)
*( Here is a [list](https://developer.pidgin.im/wiki/SupportedXEPs) of XMPP extensions supported by Pidgin )*
@@ -75,16 +83,22 @@ The client must support SASL authentication.
# Candidate alternatives
-## CoyIM (based on xmpp-client) ([[!tails_ticket 8574]])
+## CoyIM
* [Homepage](https://coy.im/)
-* [Github](https://github.com/twstrike/coyim/)
+* [Github](https://github.com/coyim/coyim/)
* CoyIM only supports XMPP.
* CoyIM [is in Debian](https://tracker.debian.org/pkg/coyim)
+* Support for multi-user chatrooms (MUC) is [in
+ progress](https://github.com/coyim/coyim/projects/2) and lacks some
+ important features such as having a persistent list of rooms
+ persistently saved in the configuration
* Supports Tor, TLS, OTR
* Supports creation of random accounts.
+* Supports importing accounts from Pidgin.
* No logging, no clickable links.
* Not audited.
+* Test results in Tails: [[!tails_ticket 8574]]
## dino
@@ -92,7 +106,7 @@ The client must support SASL authentication.
* implemented in GTK+/Vala
* supports XMPP and OMEMO; OTR support is
[not high on the todo list](https://github.com/dino/dino/issues/97)
-* is be [[!debpts dino-im desc="in Debian"]] experimental
+* is [[!debpts dino-im desc="in Debian"]] Buster
* the Debian maintainer wants to add an AppArmor profile and got in
touch with intrigeri about it
diff --git a/wiki/src/blueprint/reproducible_builds/report_to_RB_community.mdwn b/wiki/src/blueprint/reproducible_builds/report_to_RB_community.mdwn
index 7926e03..0abde64 100644
--- a/wiki/src/blueprint/reproducible_builds/report_to_RB_community.mdwn
+++ b/wiki/src/blueprint/reproducible_builds/report_to_RB_community.mdwn
@@ -161,7 +161,7 @@ A number of files are simply emptied or excluded when creating the
SquashFS (some to optimize size, some because they are not needed in
there so we did not bother generating them in a deterministic manner):
- - <https://git-tails.immerda.ch/tails/tree/config/chroot_local-includes/usr/share/amnesia/build/mksquashfs-excludes>
+ - <https://git-tails.immerda.ch/tails/tree/config/chroot_local-includes/usr/share/tails/build/mksquashfs-excludes>
- <https://git-tails.immerda.ch/tails/tree/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing>
We considered dropping even more stuff such as the fontconfig cache,