summaryrefslogtreecommitdiffstats
path: root/wiki/src/doc/about/warning.mdwn
diff options
context:
space:
mode:
Diffstat (limited to 'wiki/src/doc/about/warning.mdwn')
-rw-r--r--wiki/src/doc/about/warning.mdwn84
1 files changed, 46 insertions, 38 deletions
diff --git a/wiki/src/doc/about/warning.mdwn b/wiki/src/doc/about/warning.mdwn
index 8245024..38be935 100644
--- a/wiki/src/doc/about/warning.mdwn
+++ b/wiki/src/doc/about/warning.mdwn
@@ -93,9 +93,9 @@ conditions|first_steps/startup_options/bridge_mode]] can help you hide the fact
that you are using Tor.
**The destination server that you are contacting through Tor** can know whether your
-communication comes out from a Tor exit node by consulting the publicly
+communication comes from a Tor exit node by consulting the publicly
available list of exit nodes that might contact it. For example using the [Tor
-Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) of
+Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) from
the Tor Project.
**So using Tails doesn't make you look like any random Internet user.**
@@ -131,18 +131,18 @@ authenticity.
Usually, this is automatically done throught SSL certificates checked by your
browser against a given set of recognized [[!wikipedia
Certificate_authority desc="certificate authorities"]]).
-If you get a security exception message such as this one you might be victim of
-a man-in-the-middle attack and should not bypass it unless you have another
+If you get a security exception message such as this one you might be the victim of
+a man-in-the-middle attack and should not bypass the warning unless you have another
trusted way of checking the certificate's fingerprint with the people running
the service.
[[!img ssl_warning.png link=no alt="This Connection is Untrusted"]]
-But on top of that the certificate authorities model of trust on Internet is
+But on top of that the certificate authorities model of trust on the Internet is
susceptible to various methods of compromise.
For example, on March 15, 2011,
-Comodo, one of the major SSL certificates company, reported that a user account
+Comodo, one of the major SSL certificates authorities, reported that a user account
with an affiliate registration authority had been compromised. It was then used
to create a new user account that issued nine certificate signing requests for
seven domains: mail.google.com, login.live.com, www.google.com, login.yahoo.com
@@ -152,9 +152,9 @@ Compromise](http://blogs.comodo.com/it-security/data-security/the-recent-ra-comp
Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly issued
certificates to a malicious party or parties. Later on, it came to light that
-they were apparently compromised months before or perhaps even in May of 2009 if
-not earlier. Rogue certificates were issued for domains such as google.com,
-mozilla.org, torproject.org, login.yahoo.com and many more. See, [The Tor
+they were apparently compromised months before, perhaps as far back as May of 2009,
+or even earlier. Rogue certificates were issued for domains such as google.com,
+mozilla.org, torproject.org, login.yahoo.com and many more. See [The Tor
Project: The DigiNotar Debacle, and what you should do about
it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it).
@@ -189,7 +189,7 @@ cooperate to attack you.
Tor tries to protect against traffic analysis, where an attacker tries to learn
whom to investigate, but Tor can't protect against traffic confirmation (also
-known as end-to-end correlation), where an attacker tries to confirm an
+known as end-to-end correlation), where an attacker tries to confirm a
hypothesis by monitoring the right locations in the network and then doing the
math.
@@ -201,9 +201,11 @@ Tails doesn't encrypt your documents by default
===============================================
The documents that you might save on storage devices will not be encrypted by
-default, except in the [[encrypted persistent volume|doc/first_steps/persistence]]. But Tails provides you with tools to encrypt your documents, such as
-GnuPG, or encrypt your storage device, such as LUKS. It is likely that the files
-you may create will keep tracks that they were created using Tails.
+default, except in the [[encrypted persistent volume|doc/first_steps/persistence]].
+But Tails provides you with tools to encrypt your documents, such as
+GnuPG, or encrypt your storage devices, such as LUKS.
+
+It is also likely that the files you may create will contain evidence that they were created using Tails.
**If you need to access the local hard-disks** of the computer you are using, be
conscious that you might then leave trace of your activities with Tails on it.
@@ -211,18 +213,24 @@ conscious that you might then leave trace of your activities with Tails on it.
Tails doesn't clear the metadata of your documents for you and doesn't encrypt the Subject: and other headers of your encrypted e-mail messages
===========================================================================================
-Numerous files format store hidden data or metadata inside of the files. Text
-processors or PDF files could store the name of the author, the date and time of
+Numerous files formats store hidden data or metadata inside of the files. Word
+processing or PDF files could store the name of the author, the date and time of
creation of the file, and sometimes even parts of the editing history of the
-fileā€¦ those hidden data depend on the file format and the software used. Please note also, that the Subject: as well as the rest of the header lines of your OpenPGP encrypted e-mail messages are not encrypted. This is not a bug of Tails or the [OpenPGP](http://www.mozilla-enigmail.org/forum/viewtopic.php?f=3&t=328) protocol; it's for backwards compatibility with the original SMTP protocol. Unfortunately no RFC standard exists yet for Subject encryption.
+file, depending on the file format and the software used.
+
+Please note also, that the Subject: as well as the rest of the header lines of your
+OpenPGP encrypted e-mail messages are not encrypted. This is not a bug of Tails or
+the [OpenPGP](http://www.mozilla-enigmail.org/forum/viewtopic.php?f=3&t=328) protocol;
+it's due to backwards compatibility with the original SMTP protocol. Unfortunately no
+RFC standard exists yet for Subject: line encryption.
-Images file formats, like TIFF of JPEG, probably take the prize in this field.
-Those files, created by digital cameras or mobile phones, contain a metadata
+Image file formats, like TIFF of JPEG, probably take the prize for most hidden data.
+These files, created by digital cameras or mobile phones, contain a metadata
format called EXIF which can include the date, time and sometimes the GPS
-coordinates of the picture, the brand and serial number of the device which took
-it as well as a thumbnail of the original image. Image processing software tend
-to keep those data intact. Internet is full of cropped or blurred images for
-which the EXIF thumbnail still contains the full original picture.
+coordinates when the picture was taken, the brand and serial number of the device which took
+it, as well as a thumbnail of the original image. Image processing software tends
+to keep this metadata intact. The internet is full of cropped or blurred images in
+which the included EXIF thumbnail still shows the original picture.
**Tails doesn't clear the metadata of your files for you**. Yet. Still it's in
Tails' design goal to help you do that. For example, Tails already comes with
@@ -235,15 +243,15 @@ A global passive adversary would be a person or an entity able to monitor at the
same time the traffic between all the computers in a network. By studying, for
example, the timing and volume patterns of the different communications across
the network, it would be statistically possible to identify Tor circuits and
-thus matching Tor users and destination servers.
+thus match Tor users and destination servers.
It is part of Tor's initial trade-off not to address such a threat in order to
create a low-latency communication service usable for web browsing, Internet
chat or SSH connections.
-For more expert information see [Tor Project: The Second-Generation Onion
-Router](https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf),
-part 3. Design goals and assumptions.
+For more expert information see the Tor design paper, "[Tor Project: The Second-Generation Onion
+Router](https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf)",
+specifically, "Part 3. Design goals and assumptions."
<a id="identities"></a>
@@ -252,19 +260,19 @@ Tails doesn't magically separate your different contextual identities
It is usually not advisable to use the same Tails session to perform two tasks
or endorse two contextual identities that you really want to keep separate
-from another. For example hiding your location to check your email and
-publishing anonymously a document.
+from one another. For example hiding your location to check your email and
+anonymously publishing a document.
-First, because Tor tends to reuse the same circuits, for example amongst a same
+First, because Tor tends to reuse the same circuits, for example, within the same
browsing session. Since the exit node of a circuit knows both the destination
-server (and possibly the content of the communication if not encrypted) and the
+server (and possibly the content of the communication if it's not encrypted) and the
address of the previous relay it received the communication from, it makes it
-easier to correlate the several browsing requests as part of a same circuit and
-possibly made by a same user. If you are facing a global adversary as described
-above, it might then also be in position to do this correlation.
+easier to correlate several browsing requests as part of a same circuit and
+possibly made by the same user. If you are facing a global adversary as described
+above, it might then also be in a position to do this correlation.
-Second, in case of a security hole or a misuse in using Tails or one of its
-application, information about your session could be leaked. That could reveal
+Second, in case of a security hole or an error in using Tails or one of its
+applications, information about your session could be leaked. That could reveal
that the same person was behind the various actions made during the session.
**The solution to both threats is to shutdown and restart Tails** every time
@@ -280,7 +288,7 @@ Tails doesn't make your crappy passwords stronger
=================================================
Tor allows you to be anonymous online; Tails allows you to leave no trace on the
-computer you're using. But again, **neither of both are magic spells for computer
+computer you're using. But again, **neither or both are magic spells for computer
security**.
If you use weak passwords, they can be guessed by brute-force attacks with or
@@ -291,6 +299,6 @@ Weak_password#Examples_of_weak_passwords desc="Wikipedia: Weak Passwords"]].
Tails is a work in progress
===========================
-Tails, as well as all the software it includes, are on continuous development
-and might contain programming errors or security holes. [[Stay
+Tails, as well as all the software it includes, are continuously being developed
+and may contain programming errors or security holes. [[Stay
tuned|download#stay_tuned]] to Tails development.