[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r16453: {incognito} Brought the documentation up to date and re-organized it a l (incognito/trunk/root_overlay/usr/share/incognito)
Author: anonym
Date: 2008-08-06 19:00:00 -0400 (Wed, 06 Aug 2008)
New Revision: 16453
Modified:
incognito/trunk/root_overlay/usr/share/incognito/docs.html
Log:
Brought the documentation up to date and re-organized it a little.
Modified: incognito/trunk/root_overlay/usr/share/incognito/docs.html
===================================================================
--- incognito/trunk/root_overlay/usr/share/incognito/docs.html 2008-08-06 22:58:15 UTC (rev 16452)
+++ incognito/trunk/root_overlay/usr/share/incognito/docs.html 2008-08-06 23:00:00 UTC (rev 16453)
@@ -9,28 +9,29 @@
<h2>Contents</h2>
<ul>
-<li><a href="#intent">Intent</a></li>
+<li><a href="#intent">Intent and goals</a></li>
<li><a href="#download">Download</a></li>
<li><a href="#contact">Contact</a></li>
<li><a href="#approach">Approach</a></li>
<li><a href="#impl">Implementation</a></li>
+<ul>
+ <li><a href="#software">Software</a></li>
+ <li><a href="#inter">Internationalization</a></li>
+ <li><a href="#conf">Configuration</a></li>
+ <li><a href="#usb">Persistent User Settings for a USB drive</a></li>
+ <li><a href="#hidden">Hidden services</a></li>
+</ul>
<li><a href="#maintenance">Maintenance</a></li>
<li><a href="#caveats">Caveats</a></li>
<li><a href="#security">Security</a></li>
-<li><a href="#createusb">Copying to a USB Drive</a></li>
</ul>
-<p>
-<strong>NOTICE</strong>: This distribution is provided as-is with no warranty of fitness for a particular purpose, including total anonymity. Anonymity depends not only on the software but also on the user understanding the risks involved and how to overcome those risks.
-</p>
+<p><strong>NOTICE</strong>: This distribution is provided as-is with no warranty of fitness for a particular purpose, including total anonymity. Anonymity depends not only on the software but also on the user understanding the risks involved and how to overcome those risks.</p>
-<a name="intent">
-<h2>Intent / Goals</h2>
+<h2><a name="intent">Intent and goals</h2>
<blockquote>What are we trying to do?</blockquote>
-<p>
-This CD provides a software solution for using various Internet technologies while staying anonymous. It is based primarily on <a href="https://www.torproject.org">Tor</a> while including supporting applications. The target use case is that of using a public computer, such as in a library, securely, or a home computer for easy setup. This distribution may is designed as a LiveCD, but may also be copied to a USB drive to provide persisted user settings, or run from virtual machines such as QEMU, VMWare and VirtualBox.
-</p>
+<p>This CD provides a software solution for using various Internet technologies while staying anonymous. It is based primarily on <a href="https://www.torproject.org">Tor</a> while including supporting applications. The target use case is that of using a public computer, such as in a library, securely, or a home computer for easy setup. This distribution may is designed as a LiveCD, but may also be copied to a USB drive to provide persisted user settings, or run from virtual machines such as QEMU, VMWare and VirtualBox.</p>
<dl>
@@ -78,45 +79,32 @@
</dl>
-<a name="download">
-<h2>Download</h2>
+<h2><a name="download">Download</h2>
-<p>
-See the <a href="http://www.browseanonymouslyanywhere.com/incognito/index.php?option=com_content&task=view&id=26&Itemid=39">download section</a> on <a href="http://www.browseanonymouslyanywhere.com/incognito">__INCOGNITO__'s main site</a> for download information. Various development files (portage snapshot and stage3 tarball) as well as the current version of __INCOGNITO__ can be found at <a href="http://files1.cjb.net/incognito/">http://files1.cjb.net/incognito/</a>.
-</p>
+<p>See the <a href="http://www.browseanonymouslyanywhere.com/incognito/index.php?option=com_content&task=view&id=26&Itemid=39">download section</a> on <a href="http://www.browseanonymouslyanywhere.com/incognito">__INCOGNITO__'s main site</a> for download information. Various development files (portage snapshot and stage3 tarball) as well as the current version of __INCOGNITO__ can be found at <a href="http://files1.cjb.net/incognito/">http://files1.cjb.net/incognito/</a>.</p>
-<p>
-The latest version of this document for the current relesase can be found <a href="http://www.anonymityanywhere.com/incognito/index.php?option=com_content&task=view&id=26&Itemid=39">here</a>. The development version of this document can be found at Incognito's subversion repository <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/share/incognito/docs.html">here</a>, although it should be noted that some information which is added dynamically at build will not be present (has mostly to do with information about which software packages that are installed).
-</p>
+<p>The latest version of this document for the current relesase can be found <a href="http://www.anonymityanywhere.com/incognito/index.php?option=com_content&task=view&id=26&Itemid=39">here</a>. The development version of this document can be found at Incognito's subversion repository <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/share/incognito/docs.html">here</a>, although it should be noted that some information which is added dynamically at build will not be present (has mostly to do with information about which software packages that are installed).</p>
-<p>
-The build root for the CD is stored in a <a href="http://subversion.tigris.org">Subversion</a> repository. It can be viewed or checked out at <a href="https://tor-svn.freehaven.net/svn/incognito/">https://tor-svn.freehaven.net/svn/incognito/</a>.
-</p>
+<p>The build root for the CD is stored in a <a href="http://subversion.tigris.org">Subversion</a> repository. It can be viewed or checked out at <a href="https://tor-svn.freehaven.net/svn/incognito/">https://tor-svn.freehaven.net/svn/incognito/</a>.</p>
-<a name="contact">
-<h2>Contact</h2>
-<p>
-As of november 2007, the maintainace of this distribution has passed from the founder, Pat Double, to anonym, who can be contacted through anonym (at) lavabit (dot) com. Please do not contact Pat for anything relating to the current development of __INCOGNITO__. Feature requests and (especially) bug reports are welcome and should be sent to anonym, and please include "__INCOGNITO__" in the subject line to ease mail sorting. Also, please be considerate of any major technology choices, such as <a href="http://www.gentoo.org/proj/en/releng/catalyst">Catalyst</a> and <a href="http://www.gentoo.org">Gentoo Linux</a>, <a href="http://www.kde.org">KDE</a>, etc. These have been chosen because of the developers' familiarity with them and will likely not change ever. If someone would like to maintain a parallell version with, say, Gnome instead of KDE or similar that would probably work just fine. However, since the whole development process is centered around Gentoo Linux' Catalyst, neither of them are negotiable.
-</p>
+<h2><a name="contact">Contact</h2>
-<a name="approach">
-<h2>Approach</h2>
+<p>As of november 2007, the maintainace of this distribution has passed from the founder, Pat Double, to anonym, who can be contacted through anonym (at) lavabit (dot) com. Please do not contact Pat for anything relating to the current development of __INCOGNITO__. Feature requests and (especially) bug reports are welcome and should be sent to anonym, and please include "__INCOGNITO__" in the subject line to ease mail sorting. Also, please be considerate of any major technology choices, such as <a href="http://www.gentoo.org/proj/en/releng/catalyst">Catalyst</a> and <a href="http://www.gentoo.org">Gentoo Linux</a>, <a href="http://www.kde.org">KDE</a>, etc. These have been chosen because of the developers' familiarity with them and will likely not change ever. If someone would like to maintain a parallell version with, say, Gnome instead of KDE or similar that would probably work just fine. However, since the whole development process is centered around Gentoo Linux' Catalyst, neither of them are negotiable.</p>
+
+
+<h2><a name="approach">Approach</h2>
<blockquote>What is needed to reach our goals?</blockquote>
-<p>
-</p>
-<a name="impl">
-<h2>Implementation</h2>
+<h2><a name="impl">Implementation</h2>
<blockquote>How did we implement our approach in order to reach our goals.</blockquote>
-<h3>Software</h3>
-<p>
-The following software is used in __INCOGNITO__. The version of the packages is included on the CD at /usr/share/packages.txt but note that this package list currently will contain a few package that are not already installed as it is generated before catalyst unmerges them in the last stage.
-</p>
+<h3><a name="software">Software</h3>
+<p>The following software is used in __INCOGNITO__. The version of the packages is included on the CD at /usr/share/packages.txt but note that this package list currently will contain a few package that are not already installed as it is generated before catalyst unmerges them in the last stage.</p>
+
<dl>
<dt><a href="http://www.gentoo.org">Gentoo Linux</a> (<a href="http://www.kernel.org">kernel 2.6</a> <!-- #version(sys-kernel/gentoo-sources) -->)</dt>
@@ -236,15 +224,13 @@
<dt><a href="<!-- #homepage(net-p2p/ktorrent) -->">KDE - KTorrent</a> <!-- #version(net-p2p/ktorrent) --></dt>
<dd><!-- #description(net-p2p/ktorrent) --></dd>
-</dl>
-</p>
+</dl></p>
-<h3>Internationalization</h3>
-<p>
-The following locales are installed. If you'd like to see another locale, please let us know.
-</p>
+<h3><a name="inter">Internationalization</h3>
+<p>The following locales are installed. If you'd like to see another locale, please let us know.</p>
+
<ul>
<li>ar_EG (Egyptian Arabic)</li>
@@ -266,27 +252,28 @@
See <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/locale.gen">/etc/locale.gen</a> for the selected languages. See <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a> for how this configuration is applied.
-<h3>Configuration</h3>
+<h3><a name="conf">Configuration</h3>
+
+
<h4>The Tor™ software</h4>
-<p>
-The Tor software is currently configured as a client only. The client listens on SOCKS port 9050 with a control port 9051 (using cookie authentication), as a transparent proxy on port 9040 and as a DNS server on port 8853. Only connections from localhost are accepted. It can be argued that running a server would increase your anonymity for a number for reasons but we still feel that most users probably would not want this due to the added consumption of bandwidth.
-</p>
+<p>The Tor software is currently configured as a client only. The client listens on SOCKS port 9050 with a control port 9051 (using cookie authentication), as a transparent proxy on port 9040 and as a DNS server on port 8853. Only connections from localhost are accepted. It can be argued that running a server would increase your anonymity for a number for reasons but we still feel that most users probably would not want this due to the added consumption of bandwidth.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
</ul>
+
<h4>Mixminion</h4>
-<p>
-Mixminion cannot be configured as a server as these servers need to be very reliable. As a client the default configuration seems to be acceptable. Note that TorK has built-in support for Mixminion with an easy to use interface (lacking PGP support, unfortunately).
-</p>
+<p>Mixminion cannot be configured as a server as these servers need to be very reliable. As a client the default configuration seems to be acceptable. Note that TorK has built-in support for Mixminion with an easy to use interface (lacking PGP support, unfortunately).</p>
+
+
<h4>DNS</h4>
-<p>
-DNS leaks are controlled by using a local caching DNS server, pdnsd, that in turn performs its DNS lookups through the Tor network. pdnsd is the server configured in /etc/resolv.conf, listening on localhost. There is a security concern that some application could attempt to do its own DNS resolution without consulting /etc/resolv.conf, and therefore UDP packets are blocked in order to prevent leaks. Another solution may be to use the Linux network filter to forward UDP lookups to the local DNS server.
-</p>
+<p>DNS leaks are controlled by using a local caching DNS server, pdnsd, that in turn performs its DNS lookups through the Tor network. pdnsd is the server configured in /etc/resolv.conf, listening on localhost. There is a security concern that some application could attempt to do its own DNS resolution without consulting /etc/resolv.conf, and therefore UDP packets are blocked in order to prevent leaks. Another solution may be to use the Linux network filter to forward UDP lookups to the local DNS server.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/resolv.conf">/etc/resolv.conf</a></li>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/conf.d/pdnsd">/etc/conf.d/pdnsd</a></li>
@@ -295,151 +282,159 @@
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (loaded by the standard Gentoo /etc/init.d/iptables service)</li>
</ul>
+
<h4>HTTP Proxy</h4>
-<p>
-Polipo provides with caching HTTP proxy funtionality. It contacts the Tor software via SOCKS5 to make the real connections.
-</p>
+<p>Polipo provides with caching HTTP proxy funtionality. It contacts the Tor software via SOCKS5 to make the real connections.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/polipo/config">/etc/polipo/config</a></li>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/env.d/99proxy">/etc/env.d/99proxy</a></li>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc">/var/lib/kdesession/kioslaverc</a> (copied to /home/__INCOGNITO_USER__/.kde/... during build)</li>
</ul>
+
<h4>SOCKS libraries</h4>
-<p>
-tsocks (patched for Tor usage as per the ebuild's tordns USE flag) and dante are installed. Note that it is unnecessary with the Linux network filter (see below) and the local DNS server to socksify or torify apps. This is done at a lower level. These libraries are here due to dependencies and configured for completeness.
-</p>
+<p>tsocks (patched for Tor usage as per the ebuild's tordns USE flag) and dante are installed. Note that it is unnecessary with the Linux network filter (see below) and the local DNS server to socksify or torify apps. This is done at a lower level. These libraries are here due to dependencies and configured for completeness.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/socks/">/etc/socks/</a></li>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/env.d/99proxy">/etc/env.d/99proxy</a></li>
</ul>
+
+<h4>Network Filter</h4>
+
+<p>One serious security issue is that we don't know what software will attempt to contact the network and whether their proxy settings are setup to use the Tor SOCKS proxy or polipo HTTP(s) proxy correctly. This is solved by forwarding all direct TCP connections through Tor's transparent proxy. Linux has a kernel level network filter that accomplishes this.</p>
+
+<ul>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (loaded by the standard Gentoo /etc/init.d/iptables service)</li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
+</ul>
+
+
<h4>Random MAC Address</h4>
-<p>
-The macchanger program can be used to change the network card MAC addresses to a random value. Gentoo has direct support for macchanger so all we need to do is configure it. The configuration is set to "random-ending" which is equivalent to "macchanger -e", meaning the vendor and media type are not changed. This is done to not draw attention to the changed MAC address in case someone is watching. Using a random MAC address may improve anonymity with respect to the LAN and prevent mapping the user to a specific physical location.
-</p>
-</p>
-This functionality is not enabled by default as some DHCP servers may be configured with specific MAC addresses. In the boot menu there is an "Enable/Disable MAC changer" option that can be set before a language is chosen and the system starts booting.
-</p>
+<p>The macchanger program can be used to change the network card MAC addresses to a random value. Gentoo has direct support for macchanger so all we need to do is configure it. The configuration is set to "random-ending" which is equivalent to "macchanger -e", meaning the vendor and media type are not changed. This is done to not draw attention to the changed MAC address in case someone is watching. Using a random MAC address may improve anonymity with respect to the LAN and prevent mapping the user to a specific physical location.</p>
+<p>This functionality is not enabled by default as some DHCP servers may be configured with specific MAC addresses. In the boot menu there is an "Enable/Disable MAC changer" option that can be set before a language is chosen and the system starts booting.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/macchanger">/etc/init.d/macchanger</a></li>
</ul>
+
<h4>Mozilla Firefox</h4>
-<p>
-Firefox uses Torbutton in order to prevent attacks using JavaScript, plugins and other non-HTTP features. It is configured to be enabled on start and uses polipo as HTTP(s) proxy and Tor as SOCKS proxy. SOCKS is configured to perform name resolution through the proxy. Firefox is also configured to not cache (mainly to reduce memory usage for CD users as disk writes will be stored there), history (just in case) and many other things. The Firefox config is pretty heavily commented, so any other relevant settings may be invastigated by looking in it.
-</p>
+<p>Firefox uses Torbutton in order to prevent attacks using JavaScript, plugins and other non-HTTP features. It is configured to always be enabled on Firefox start and uses polipo as HTTP(s) proxy and Tor as SOCKS proxy. SOCKS is configured to perform name resolution through the proxy. Firefox is also configured to not cache (mainly to reduce memory usage for CD users as disk writes will be stored there), history (just in case) and many other things. The Firefox config is pretty heavily commented, so any other relevant settings may be invastigated by looking in it.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/">/var/lib/firefox-config/</a> (copied to /home/__INCOGNITO_USER__/.mozilla during build)</li>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js">Firefox config</a></li>
</ul>
+
+<h4>Mozilla Thunderbird</h4>
+
+<p>Thunderbird's proxy settings are set up to use Tor. An old version of Torbutton (1.0.4.01, when it still supported Thunderbird) is installed solely for the purpose of scrubbing the <em>real</em> IP address and hostname from the EHLO/HELO messages which otherwise would be sent in the clear to the SMTP server. Furthermore, the first ten or so accounts that a user will create are pre-configured to not use HTML as that otherwise may break PGP usage. See the comments in the Thunderbird config for more settings.</p>
+
+<ul>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/thunderbird-config/">/var/lib/thunderbird-config/</a> (copied to /home/__INCOGNITO_USER__/.thunderbird during build)</li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/thunderbird-config/rhy4kriw.default/prefs.js">Thunderbird config</a></li>
+</ul>
+
+
<h4>Bookmarks</h4>
-<p>
-Firefox have preset bookmarks related to anonymity.
-</p>
+<p>Firefox have preset bookmarks related to anonymity.</p>
+
<ul>
<li>Firefox: <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default%20User/bookmarks.html">bookmarks.html</a></li>
</ul>
+
<h4>XChat</h4>
-<p>
-XChat is configured to use the Tor software as a SOCKS5 proxy. It will pass the hostname through SOCKS5 so that the exit node does the DNS resolution. In addition all ctcp responses except PING are disabled as they otherwise could disclose useragent, system time and other information.
-</p>
+<p>XChat is configured to use the Tor software as a SOCKS5 proxy. It will pass the hostname through SOCKS5 so that the exit node does the DNS resolution. In addition all ctcp responses except PING are disabled as they otherwise could disclose useragent, system time and other information.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/xchat-config">xchat-config</a></li>
-<a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/ctcpreply.conf">ctcpreply.conf</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/ctcpreply.conf">ctcpreply.conf</a></li>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
</ul>
+
<h4>Pidgin</h4>
-<p>
-Pidgin is configured to not log anything and to use the Tor SOCKS proxy. Additionally the Off-the-record Messaging plugin and two IRC enhancing plugins are loaded automatically. The IRC More plugins is patched to not report useragent among and to use empty part/quit messages to prevent fingerprinting.
-</p>
+<p>Pidgin is configured to not log anything and to use the Tor SOCKS proxy. Additionally the Off-the-record Messaging plugin and two IRC enhancing plugins are loaded automatically. The IRC More plugin is patched to not report useragent and to use empty part/quit messages to prevent fingerprinting.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/pidgin-config/prefs.xml">Pidgin config</a></li>
<li>a href="https://tor-svn.freehaven.net/svn/incognito/trunk/portage.overlay/x11-plugins/purple-plugin_pack/files/hide-stuff.patch">hide-stuff.patch</a></li>
</ul>
-<h4>Network Filter</h4>
-<p>
-One serious security issue is that we don't know what software will attempt to contact the network and whether their proxy settings are setup to use the Tor SOCKS proxy or polipo HTTP(s) proxy correctly. This is solved by forwarding all direct TCP connections through Tor's transparent proxy. Linux has a kernel level network filter that accomplishes this.
-</p>
-<ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (loaded by the standard Gentoo /etc/init.d/iptables service)</li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
-</ul>
-
-
<h4>Host system RAM</h4>
-<p>
-When shutting down the system RAM is securely wiped. RAM can actually be read after the machine shuts off with the right equipment. The software doing this is smem, part of the <a href="http://www.thc.org/">secure-delete</a> package. This process can take a while. If you are booting from a CD it should eject, and if you are booting from a USB drive you can remove the drive once prompted. In either case you can leave the computer and let it finish on its own, or simply turn it off if you are not worrie about this attack.
-</p>
+<p>When shutting down the system RAM is securely wiped. RAM can actually be read after the machine shuts off with the right equipment. The software doing this is smem, part of the <a href="http://www.thc.org/">secure-delete</a> package. This process can take a while. If you are booting from a CD it should eject, and if you are booting from a USB drive you can remove the drive once prompted. In either case you can leave the computer and let it finish on its own, or simply turn it off if you are not worrie about this attack.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/patches/secure_halt.patch">/var/patches/secure_halt.patch</a> (applied during build)</li>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
</ul>
<h4>Passwords</h4>
-<p>
-There are two user's that are intended to be used for logins, '__INCOGNITO_USER__' and 'root'. Since this is a CD/USB the passwords are empty. This should not be a security concern because the user will remove the CD/USB when done and there should be no services allowing logins from the network. Suggestions for mor esecure solutions are welcome, though.
-</p>
+<p>There are two users that are intended to be used for logins, '__INCOGNITO_USER__' and 'root'. Since this is a CD/USB the passwords are empty. This should not be a security concern because the user will remove the CD/USB when done and there should be no services allowing logins from the network. Suggestions for better solutions are welcome, though.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
</ul>
-<h4>Running the CD from a Windows session</h4>
-<p>
-__INCOGNITO__ may be run inside a Windows session in case the computer cannot boot media. <a href="http://fabrice.bellard.free.fr/qemu/">QEMU</a> is used to run the CD in a virtual PC. CTRL-ALT-F can be used to make the virtual machine full screen. Note that this will work for Windows 2000/XP or greater. A security concern that is not covered in this case is a keystroke logger. Keystrokes still run through the host operating system and can be logged, so beware.
-</p>
+<h4>Running __INCOGNITO__ in virtual machines</h4>
-<h3>Configuration copied from USB drive</h3>
+<p>__INCOGNITO__ may of course be run in virtual machines. Due to the popularity of <a href="http://www.vmware.com/">VMWare</a> we include <a href="http://open-vm-tools.sourceforge.net/">open-vm-tools</a> (an open-source alternative to VMware tools) as well as special video and input divers for an improved user experience in that environment. Due to the closed-source nature of VMWare we try to encourage users of open VMs, like <a href="http://virtualbox.org/">VirtualBox</a> and <a href="http://fabrice.bellard.free.fr/qemu/">QEMU</a>, by making sure that these also work. In the case of VirtualBox both video and input drivers are included.</p>
-<p>
-Certain configurations are copied from the USB drive on boot. The following table lists the configuration, where it should exist on the USB drive and where it is copied into.
-</p>
+<p>Security concerns for all VMs are a keyloggers, viruses and other malware in the host OS which a guest OS like __INCOGNITO__ cannot defend against.</p>
-<table>
-<tr><th>Software</th><th>USB drive location</th><th>Destination</th></tr>
-<tr><td>OpenVPN</td><td>/keys/openvpn</td><td>/etc/openvpn</td>
-<tr><td colspan="3">The following are only copied if a persistent home cannot be created.</td></tr>
-<tr><td>SSH</td><td>/keys/ssh</td><td>/home/__INCOGNITO_USER__/.ssh</td>
-</table>
+<h4>Running __INCOGNITO__ inside a Windows session</h4>
+<p><a href="http://fabrice.bellard.free.fr/qemu/">QEMU</a> for Microsoft Window ships with __INCOGNITO__ and is used to run the CD/USB in a virtual machine whenever native boot is impossible or not desirable. Note that this will work for Windows 2000/XP or greater only.</p>
+
+
+<h3><a name="usb">Persistent User Settings for a USB drive</h3>
+
+<p>The CD may be copied to a USB drive. Why do that? USB drives are easier to carry, harder to break, offer file storage and persistent user settings between sessions. There is a script provided that will copy the CD to a USB drive and make the drive bootable. Note the script depends on the Gentoo LiveCD structure, it probably won't work when run on another LiveCD setup.</p>
+
+<p>The persistent home volume can be stored as a <a href="http://www.truecrypt.org">TrueCrypt</a> volume or unencrypted. For the Un*x savvy, the unencrypted volume is stored as an ext3 file on the USB drive. The file home.tc (TrueCrypt) or home.ext3.img (unencrypted) on the USB drive and can be removed to reset to the CD defaults or copied elsewhere for a backup. You will need to do a clean shutdown to make sure your settings are saved. When booting from a writable media and there is no home volume you will be prompted to create one, you may choose not to do so and to disable the feature altogether with the possibility to enable it again from within the GUI.</p>
+
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/external-config-setup">/etc/init.d/external-config-setup</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/create-usb">/usr/sbin/create-usb</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/create-homevol">/usr/sbin/create-homevol</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/enable-persistent">/usr/sbin/enable-persistent</a></li>
</ul>
-<a name="persistent">
+<h3>Configuration copied from USB drive</h3>
-<h3>Persistent User Settings for a USB drive</h3>
+<p>Certain configurations are copied from the USB drive on boot if no persistent drive is mounted. The following table lists the configuration, where it should exist on the USB drive and where it is copied into.</p>
-<p>
-When the CD is copied to a USB drive (see <a href="#createusb">here</a>) the user settings may be persisted across sessions. The home volume can be stored as a <a href="http://www.truecrypt.org">TrueCrypt</a> volume or unencrypted. For the Un*x savvy, the unencrypted volume is stored as an ext3 file on the USB drive. The file home.tc (TrueCrypt) or home.ext3.img (unencrypted) on the USB drive stores these settings and can be removed to reset to the CD defaults or copied elsewhere for a backup. You will need to do a clean shutdown (described above) to make sure your settings are saved. When booting from a writable media and there is no home volume you will be prompted to create one, you may choose not to do so.
-</p>
+<table border="1">
+<tr><th align=left>Software</th><th align=left>USB drive location</th><th align=left>Destination</th></tr>
+<tr><td>OpenVPN</td><td>/keys/openvpn</td><td>/etc/openvpn</td>
+<tr><td>SSH</td><td>/keys/ssh</td><td>/home/__INCOGNITO_USER__/.ssh</td>
+</table>
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/external-config-setup">/etc/init.d/external-config-setup</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/create-homevol">/usr/sbin/create-homevol</a></li>
</ul>
-<h3>Hidden Services</h3>
-<p>
-Hidden HTML content may be served if running from an USB drive. Content is limited to static HTML pages. The content is stored in the home directory and so takes advantage of TrueCrypt encryption. The directory structure follows.
-</p>
+<h3><a name="hidden">Hidden Services</h3>
+<p>Hidden HTML content may be served if running from an USB drive. Content is limited to static HTML pages. The content is stored in the home directory and so takes advantage of TrueCrypt encryption. The directory structure follows.</p>
+
<dl>
<dt>/home/hidden/[name]</dt>
<dd>Base directory for hidden content where [name] can be anything (sane) that you'd like.</dd>
@@ -453,34 +448,24 @@
<dd>The HTML content. Use index.html for your default page.</dd>
</dl>
-<p>
-The <a href="<!-- #homepage(www-servers/lighttpd) -->">lighttpd</a> server is used to serve the content. Configuration of the server is done at boot time in the <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/hidden-service">/etc/init.d/hidden-service</a> init script.
-</p>
-<p>
-The host name to use for the hidden service can be found in the /home/hidden/[name]/conf/hostname file for that service. This file is created by the Tor software when configuring the hidden service. The host name will be the same across sessions and machines as it and the private key are stored in the /home/hidden/[name]/conf directory.
-</p>
-<p>
-Changes to /home/hidden (service addition/removal, /home/hidden/[name]/conf change) can be applied using the following command from a terminal. To get a terminal on full, type "Alt-F2", "konsole". On tiny right-click on the desktop and choose "xterm".
+<p>The <a href="<!-- #homepage(www-servers/lighttpd) -->">lighttpd</a> server is used to serve the content. Configuration of the server is done at boot time in the <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/hidden-service">/etc/init.d/hidden-service</a> init script.</p>
+<p>The host name to use for the hidden service can be found in the /home/hidden/[name]/conf/hostname file for that service. This file is created by the Tor software when configuring the hidden service. The host name will be the same across sessions and machines as it and the private key are stored in the /home/hidden/[name]/conf directory.</p>
+<p>Changes to /home/hidden (service addition/removal, /home/hidden/[name]/conf change) can be applied using the following command from a terminal. To get a terminal on full, type "Alt-F2", "konsole". On tiny right-click on the desktop and choose "xterm".
<code>
su -c /etc/init.d/hidden-service restart
</code>
-Note that content changes in /home/hidden/[name]/www should take effect immediately without running the above command.
-</p>
+Note that content changes in /home/hidden/[name]/www should take effect immediately without running the above command.</p>
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/hidden-service">/etc/init.d/hidden-service</a></li>
</ul>
-<a name="maintenance">
-<h2>Maintenance</h2>
+
+<h2><a name="maintenance">Maintenance</h2>
<blockquote>(How to keep the implementation current for anonymity, security and usefulness.)</blockquote>
-<p>
-The Gentoo Catalyst release build tool is used to build the CD. This tool is designed to make the CD easy to maintain. For an update of only the Tor software it takes a simple version bump and 30 minutes for the tiny CD, two hours for the full version. Human effort is minimal, Catalyst does most of the work. A full update of all software takes several hours to compile, but this is seldom done or needed and again generally requires little human effort. Adding or removing software to/from the CD is also generally trivial.
-</p>
+<p>The Gentoo Catalyst release build tool is used to build the CD. This tool is designed to make the CD easy to maintain. For an update of only the Tor software it takes a simple version bump and 30 minutes for the tiny CD, two hours for the full version. Human effort is minimal, Catalyst does most of the work. A full update of all software takes several hours to compile, but this is seldom done or needed and again generally requires little human effort. Adding or removing software to/from the CD is also generally trivial.</p>
-<p>
-The following applications are kept up to date as soon as possible. Others may be updated sooner if a major security problem occurs (Firefox, etc.)
-<p>
+<p>The following applications are kept up to date as soon as possible. Others may be updated sooner if a major security problem occurs (Firefox, Thunderbird etc.)</p>
<ul>
<li>Tor</li>
@@ -490,37 +475,22 @@
<li>Mixminion</li>
</ul>
-<p>
-Remaining applications, including the base system, will be updated on a roughly two month schedule. It takes a long time to compile everything from scratch and sometimes there are problems that need to be addressed. Most of the packages are marked stable by Gentoo so there are not many problems.
-</p>
+<p>Remaining applications, including the base system, will be updated to whatever Portage deems is stable in each new release. It takes a long time to compile everything from scratch and sometimes there are problems that need to be addressed. Most of the packages are marked stable by Gentoo so there are not many problems.</p>
-<a name="caveats">
-<h2>Caveats</h2>
+
+<h2><a name="caveats">Caveats</h2>
<blockquote>Side effects of the implementation that may be undesirable.</blockquote>
-<p>
-UDP is a problem. The Tor software does not provide anonymity using UDP yet. Outgoing UDP packets are dropped altogether.
-</p>
+<p>UDP is a problem. The Tor software does not provide anonymity using UDP yet. Outgoing UDP packets are dropped altogether.</p>
-<p>
-When using a USB drive your user settings are stored on the drive unsecured. If any personal information is stored by the applications you use then you must keep your drive secure from potential threats, for example by using the optional encryption and a strong passphrase.
-</p>
+<p>When using a USB drive your user settings are stored on the drive unsecured. If any personal information is stored by the applications you use then you must keep your drive secure from potential threats, for example by using the optional encryption and a strong passphrase.</p>
-<a name="security">
-<h2>Security</h2>
+
+<h2><a name="security">Security</h2>
<blockquote>Agreements and disagreements with our approach or implementation.</blockquote>
-<p>
-(It would be great to have links to peer reviews here.)
-</p>
+<p>(It would be great to have links to peer reviews here.)</p>
-<a name="createusb">
-<h2>Copying to a USB Drive</h2>
-
-<p>
-The CD may be copied to a USB drive. Why do that? USB drives are easier to carry, harder to break, offer file storage and persistent user settings between sessions. There is a script provided that will copy the CD to a USB drive and make the drive bootable. When booting the user is presented with the option to create a persistent home directory with optional encryption (see <a href="#persistent">here</a> for details). On the desktop after booting the CD there will be an icon for copying to a USB drive (on tiny right click on the desktop and choose "Create USB" from the menu.) See the <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/create-usb">/usr/sbin/create-usb</a> script for technical details. Note the script depends on the Gentoo LiveCD structure, it probably won't work when run on another LiveCD setup.
-</p>
-
</body>
</html>