[Dev] [consensus due 11-11-16] Defining the nonprism repo

Luke g4jc at openmailbox.org
Wed Oct 26 23:22:45 GMT 2016


Hello All,
Per the last consensus there was the recommendation to keep nonprism
"secure", and to split the iceweasel package into two packages to avoid
impacting users with less "features".[1]

Since your-privacy enforces the iceweasel-nonprism upgrade, many users
did not like it. So the package that is built now was renamed to
iceweasel-hardened. This causes it to not conflict with iceweasel and
hence not bother users any more. Since it is a community package it also
ended up in [pcr].

The problem I see with this is, people are using nonprism thinking they
are getting the most secure setup - and are not. However, it is still
technically in line with the current purpose of nonprism which is "not
using insecure/privacy invasive protocols". The nonprism repo's
descriptive purpose is not very well defined on our wiki, so there is no
statement as to how secure it should be. [2]

To fix this issue I propose the following two proposals for consensus,
and two questions:

1) Re-define or rename [nonprism] so that it also includes packages for
hardened, secure defaults, and less metadata/fingerprinting.

2) Provide a "meta package" that installs
your-privacy-*hardened/options* rather than just your-privacy. It can
recommend packages, but they will not be mandatory and should not
conflict with other software, so that users can comfortably have
"iceweasel"(insecure) and "iceweasel-hardened" both voluntarily
installed on the same system.

3) Should we just remove iceweasel/icedove-nonprism instead of further
complicating things by keeping 3 packages?
e.g. icedove/iceweasel (insecure), icedove/iceweasel(nonprism/non-free
protocols facebook and crapware removed), and iceweasel/icedove-hardened
(which contain actual hardening and some resistance against fingerprinting.)

4) Should iceweasel/icedove-hardened be kept in [pcr] or moved back to
[nonprism] when/if nonprism is re-defined to include hardening?

Why?:
As we now know, PRISM was only a very small portion of global mass
surveillance. [3]
Even if you are not using privacy invasive protocols/apps, it doesn't
really help you at all.

Most of the attacks are done from insecure defaults, (such as WebRTC,
WebSockets, et. all)
and browser fingerprinting.[4]

I think it is the expectation of Parabola's privacy repo to provide the
most secure/privacy respecting packages, even if that means breaking
some features. However, for a reasonable compromise a voluntary meta
package seems like the best option.


Thanks for your input!


Luke

1. https://lists.parabola.nu/pipermail/dev/2016-October/004539.html

2. https://wiki.parabola.nu/Nonprism

3. https://www.privacytools.io/#ukusa

4. https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20161026/e77f5eff/attachment.sig>


More information about the Dev mailing list