AdHocSecurebox is an opinionated collection of scripts/docs to deal with sensitive data with average hardware and open source software. Work in progress.
This issue is about remember me to, maybe, rename this project to something actually less vague.
Is "TailsOS-for-non-whistleblowers" name a joke, subliminal message, etc?
The "TailsOS-for-non-whistleblowers" means literally "TailsOS (scripts/documentation) for non whistleblowers", both because I did not had a better naming and because any script/documentation would be very likely to not be a good idea be used by whistleblowers. Also see this Reddit post. If you are out of time, this quote
"Being a confidential source entails a lot of risk, and I think about 70% of this risk involves what they do before they first talk to a journalist." Micah Lee
As I was not sure if I would eventually stop updating this repository and move to new projects, but since I am optimized for searching, possibly people (and I'm saying IT personal or governmental staff) could be arrested for use this repository instead of official documentation or extra care. So in the absence of a better description, this title would be less wrong.
So, is literally not for whistleblower?
No. This is not for whistleblower.
This does not means that this project have backdoor or something. In fact, as I'm moving to AI/S Ethics area, I'm morally against this put backdoor. But do exist so many potential threat models that would be impracticable put anything open but do exist valid usages where Tails is a good software and the person is not someone that his current country have the right to do deep investigation.
Does it mans its not useful for government IT, auditing, etc?
Some of these scripts or documentation could possible be useful of you don't trust the hardware, software or your corporation network and have to do crypt operations (like SSH servers or encrypt/decrypt backups as part of weekly drill with human intervention). But even if you work at some Government and is "investigating/auditing" possible breaches is reasonable you ask upfront written authorization because you would totally seems suspicious for using this project.
One example that does not involve cyber attacks from other countries (the ones sponsored by Govermanent agencies) can be as dumb (yet able to do huge damage) as ransomware. On a recent case on Brazil, even the backups got attacked, not just the production data:
Like I said: is likely that do exist valid use cases where the daily use machine, by having direct access all the time to other servers, could be an issue. Compared to other Linux distros, Tails by default is more secure for crypto operations and even if you do not use these scripts (but have to use the standard Tails Persistence) by default it already is encrypted.
The initial target audience of this project
TODO: add description of the initial reasons for this project. But definitely mention about Domestic Violence survivors (fititnt, 2020-11-07 21:11 BRT)
This project today is 22 days old, have the exact url https://github.com/fititnt/TailsOS-for-non-whistleblowers and had 2 releases, TailsOS-for-non-whistleblowers v1.0 and TailsOS-for-non-whistleblowers v2.0. The current quick description (the v3.0 still not released) is
This issue is about remember me to, maybe, rename this project to something actually less vague.
Is "TailsOS-for-non-whistleblowers" name a joke, subliminal message, etc?
The "TailsOS-for-non-whistleblowers" means literally "TailsOS (scripts/documentation) for non whistleblowers", both because I did not had a better naming and because any script/documentation would be very likely to not be a good idea be used by whistleblowers. Also see this Reddit post. If you are out of time, this quote
As I was not sure if I would eventually stop updating this repository and move to new projects, but since I am optimized for searching, possibly people (and I'm saying IT personal or governmental staff) could be arrested for use this repository instead of official documentation or extra care. So in the absence of a better description, this title would be less wrong.
So, is literally not for whistleblower?
No. This is not for whistleblower.
This does not means that this project have backdoor or something. In fact, as I'm moving to AI/S Ethics area, I'm morally against this put backdoor. But do exist so many potential threat models that would be impracticable put anything open but do exist valid usages where Tails is a good software and the person is not someone that his current country have the right to do deep investigation.
Does it mans its not useful for government IT, auditing, etc?
Some of these scripts or documentation could possible be useful of you don't trust the hardware, software or your corporation network and have to do crypt operations (like SSH servers or encrypt/decrypt backups as part of weekly drill with human intervention). But even if you work at some Government and is "investigating/auditing" possible breaches is reasonable you ask upfront written authorization because you would totally seems suspicious for using this project.
One example that does not involve cyber attacks from other countries (the ones sponsored by Govermanent agencies) can be as dumb (yet able to do huge damage) as ransomware. On a recent case on Brazil, even the backups got attacked, not just the production data:
Like I said: is likely that do exist valid use cases where the daily use machine, by having direct access all the time to other servers, could be an issue. Compared to other Linux distros, Tails by default is more secure for crypto operations and even if you do not use these scripts (but have to use the standard Tails Persistence) by default it already is encrypted.
The initial target audience of this project