[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Free WiFi Bootable Ditros

> Katya Titov:
>> I'm wondering whether there are any bootable distros out there
>> which are designed to be used on free WiFi networks (e.g.
>> Starbucks, McDonalds) and enforce some level of network encryption.
>> Tails would obviously provide a solution here by forcing everything
>> through Tor, but I can also see alternatives which force the use of
>> an IPSEC VPN, or only allow outbound access to ports which are
>> commonly used for secure access (443, 993, etc).
> Neither Tor nor Tails fall into the category "designed for free wifi
> networks". If Tails where focused primary at public wifis, their
> planed mac changer feature had much more priority. [1] Tor provides
> anonymity and circumvention, Tails is a LiveCD/USB designed for
> privacy and anonymity. If you use them for their purposes, they are
> good.


> But do you rather risk Tor exit nodes sniffing your traffic than
> public wifis? Either you are aware of risks of transmitting data over
> insecure networks, which is the internet, and take yourself care of
> end to end encryption or you don't care at all.

Yes, I agree with Andrew, I would rather trust Tor nodes than public 

> > It wouldn't need to be an entire distro, just a set of scripts
> > which configured the local firewall (iptables, ipfw, even the
> > regular Windows firewall) to only allow secure connections, and
> > established a Tor or VPN connection (if necessary).
> At least with iptables I know it's be easy to limit yourself to a few
> outgoing ports.
> > This would mean I could use my regular desktop environment to read
> > email, check social networks, etc all the while being reasonably
> > confident that any traffic which would normally traverse the
> > network unsecured (updates, etc, and any misconfigured software)
> > would not get access.
> You falsely assume that a free wifi hotspot is less secure than a
> regular internet access point. You should configure your system in a
> way it doesn't matter if there is a man in the middle. (signed
> updates, patched correctly configured software, etc.)

Agreed, but this is becoming harder to do as operating systems and the
software we use becomes more complex. The best way to solve this would
be to ensure that the OS only does what you allow it to. But outside
one of the BSDs or a very minimal Linux distro this is pretty much
impossible these days -- they're just too complex. So using a distro
which doesn't update, or only allowing updates over secure channels and
blocking all other attempts may be effective.

> If you believe the free wifi hotspot is less secure than your regular
> home/cooperate network, you can build a VPN tunnel to your regular
> network. That is also safe and routes all your traffic through it.
> Alternatively you could use a VPN service.

Yes, that's an option, but I'm looking for something minimal at the
moment, and trying to counter my impression that the risk of
interception when using public WiFi is too great. As Andrew said: "The
decision on the risks are yours."

tor-talk mailing list