[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Free WiFi Bootable Ditros

Hash: SHA512

Katya Titov:
> I'm wondering whether there are any bootable distros out there
> which are designed to be used on free WiFi networks (e.g.
> Starbucks, McDonalds) and enforce some level of network encryption.
> Tails would obviously provide a solution here by forcing everything
> through Tor, but I can also see alternatives which force the use of
> an IPSEC VPN, or only allow outbound access to ports which are
> commonly used for secure access (443, 993, etc).

Neither Tor nor Tails fall into the category "designed for free wifi
networks". If Tails where focused primary at public wifis, their
planed mac changer feature had much more priority. [1] Tor provides
anonymity and circumvention, Tails is a LiveCD/USB designed for
privacy and anonymity. If you use them for their purposes, they are good.

But do you rather risk Tor exit nodes sniffing your traffic than
public wifis? Either you are aware of risks of transmitting data over
insecure networks, which is the internet, and take yourself care of
end to end encryption or you don't care at all.

If you are in an uncensored country, Tor/Tails are not so good for
your general surfing. Slow speed, many youtube videos are not
available because they are blocked in Tor Browser, Google will ask for
captcha, Google mail will require phone authentication, I've read
reports, some accounts such as paypal will get blocked if you access
them over Tor...

> It wouldn't need to be an entire distro, just a set of scripts
> which configured the local firewall (iptables, ipfw, even the
> regular Windows firewall) to only allow secure connections, and
> established a Tor or VPN connection (if necessary).

At least with iptables I know it's be easy to limit yourself to a few
outgoing ports.

> This would mean I could use my regular desktop environment to read
> email, check social networks, etc all the while being reasonably
> confident that any traffic which would normally traverse the
> network unsecured (updates, etc, and any misconfigured software)
> would not get access.

You falsely assume that a free wifi hotspot is less secure than a
regular internet access point. You should configure your system in a
way it doesn't matter if there is a man in the middle. (signed
updates, patched correctly configured software, etc.)

If you believe the free wifi hotspot is less secure than your regular
home/cooperate network, you can build a VPN tunnel to your regular
network. That is also safe and routes all your traffic through it.
Alternatively you could use a VPN service.

[1] https://tails.boum.org/todo/macchanger/

tor-talk mailing list