aforensics
commented
2 years ago Various things in the Tails system might look like nefarious spyware when you take a look and are truly concerned, it's good to be vigilant.
But our code doesn't do any uploading of anything to anywhere, only downloading of packages via Debian APT system and an optional extension pack direct download to virtualbox servers, all using Tails' Tor connection. (never clearnet.)
This code is transparent and non-obfuscated. You can inspect it, compile it independently yourself, and ask someone with coding knowledge to check it for you.
Whatever is causing what you see, you should post the error message on other forums to try to figure out what it is. Debian forums, wherever is good to ask about apparmor or dmesg, unix.stackexchange.com, etc.
It might be something quite automatic (designed by OS developers way upstream in default Debian code) and isn't nefarious, once you know what's actually happening.
Closed
The following is how i noticed. It gave me the following error when i tried to start my virtual system: The VirtualBox Linux kernel driver is either not loaded or not set up correctly. Please try setting it up again by executing
'/sbin/vboxconfig'
as root.
Which i did, however it didn't work due to some permission problems. It failed and told me to use dmesg to find out why. When i used dmesg i saw what it did in the background. I picked two messages out of many:
audit: type=1400 audit(1651914430.711:1128): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/home/amnesia/.cache/thumbnails/large/3678dc849747c84908498dd948db8f71.png" pid=10995 comm="pool-firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Dropped outbound packet: IN= OUT=wlan0 SRC=i removed the adress DST=i removed the adress LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=762031 PROTO=ICMPv6 TYPE=133 CODE=0 UID=0 GID=0
So it looks like it sent files from my cache to some address. Like why does a script that is supposed to change settings open cache files and sends them somewhere?