×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Will ParanoidLinux Protect the Truly Paranoid?

kdawson posted more than 5 years ago | from the tinfoil-laptop-carrying-case dept.

Linux Business 236

ruphus13 writes "There are still places on the world where having anonymity might mean the difference between life and death. Covering one's tracks is considered to be of such paramount importance that we are now witnessing the rise of a Linux distro catering to the most paranoid. The 'alpha-alpha' version of ParanoidLinux is now out. But is this the best way to protect oneself? Couldn't it be easily circumvented? The article asks, 'Why is it necessary to put the applications and services designed to protect anonymity, to encrypt files, to make the user nameless and faceless, all together, in one distribution? Let's think in a truly paranoid manner. Wouldn't it be far easier for a nefarious government organization to target that distribution's repositories, mirror that singular distribution's disk images with files of its own design, and leave every last one of that distribution's users in the great wide open?' What should truly paranoid user do?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

236 comments

Suggestion (5, Insightful)

msuarezalvarez (667058) | more than 5 years ago | (#25258245)

The truly paranoid user should get some help...

Re:Suggestion (4, Informative)

presidenteloco (659168) | more than 5 years ago | (#25258455)

Just because you're paranoid
doesn't mean they're not out to get you.

Remember, this is the same "they" that
are responsible for every negative thing
that affects you. They are very powerful,
and pretty much omniscient, and although
you are boring, they are not bored
observing and foiling your every move.

Re:Suggestion (1)

Ethanol-fueled (1125189) | more than 5 years ago | (#25258671)

Kinda like this [imdb.com] . Oh, wow, culmination in a reality show taken to the next level.

After the recent debates we(US'ians) know it its certain that the illuminati are not only tedious and uninspired but they can't even make original, decent movies. [note: illuminati==American government==Hollywood]

It's a fucking plot! (1)

mrmeval (662166) | more than 5 years ago | (#25258511)

They are a part of the conspiriakii! They are trying to lull you into false security! GET OFF THE GRID! Burn your credit cards! Burn your drivers license! Burn your birth certificate! GO FAR AWAY!!!!

Re:Suggestion (5, Funny)

Anonymous Coward | more than 5 years ago | (#25258549)

The truly paranoid user should get some help...

So says one of the brainwashed masses. Have you considered that perhaps the only reason you don't believe that the government is reading and writing your thoughts is because you have been programmed to think that way? And have you considered that perhaps the paranoid aren't crazy but they only appear that way because you have been programmed to think that way?

Of course not! This level of introspection would require you to break free of your programming. And even if you were able to independently do so, without wearing a psychotronic radiation deflector beanie you would just be reprogrammed in an instant.

For the rest of us 'paranoids' I recommend that we hunker down and reinforce each others 'crazy' ideas. After all, we are the only ones who recognize our thoughts for what they are: sanity. And no, we don't consider our criticizing of the lack of introspection of the brainwashed masses to be hypocrisy because we *know* that we are right, unlike the brainwashed masses who are programmed to think that way.

Re:Suggestion (2, Funny)

msuarezalvarez (667058) | more than 5 years ago | (#25258767)

Actually, I know for a fact that it is you who has been brainwashed into that state of paranoia: I work for a government agency which does that to people, simply for the entertainment value. Nice to see our out work here too: I rarely get to interact with our subjects!...

Where do you think those 700 thousand million dollars are going to? The whole crash thing is just cover up: that money is coming directly to us. I'll look up your file on Monday first thing in the morning.

Re:Suggestion (3, Funny)

houghi (78078) | more than 5 years ago | (#25258707)

The truly paranoid user should get some help...

I would love to, but who to trust ...

Re:Suggestion (0)

Anonymous Coward | more than 5 years ago | (#25258717)

that's catch 22, he can only help himself as he trusts nobody else..

well (1, Insightful)

fractic (1178341) | more than 5 years ago | (#25258253)

What should truly paranoid user do?

get help?

Re:well (0)

Anonymous Coward | more than 5 years ago | (#25258423)

What should truly paranoid user do?

get help?

If you trust no one who do you get help from?

Posting AC in the spirit of TFA.

Re:well (3, Funny)

fractic (1178341) | more than 5 years ago | (#25258449)

self help books?

Re:well (2, Funny)

RiotingPacifist (1228016) | more than 5 years ago | (#25258517)

but can the author be trusted?

Re:well (2, Funny)

coren2000 (788204) | more than 5 years ago | (#25258601)

Only if the self help book is self authored by the paranoid individual.

Re:well (0)

Anonymous Coward | more than 5 years ago | (#25258977)

How would you know it wasn't faked by the government to look paranoid? And would any paranoid individual ever write a book knowing that the publishers might change the words before they sell the book? The only real paranoid self help guides that are worth a damn are those photocopied pages taped on utility poles (but check the tape: generally scotch tape means that it was faked by a government office drone while duct tape is the sign of a true paranoid--unless the government is using the duct tape to look more paranoid, in which case you look to see if it was cut with scissors or torn off raggedly).

Re:well (5, Interesting)

NFN_NLN (633283) | more than 5 years ago | (#25258713)

What should truly paranoid user do?

get help?

get BSD?

Seriously, there is already an OS aimed at security... OpenBSD:

"Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography."

"Audit Process:

Our security auditing team typically has between six and twelve members who continue to search for and fix new security holes. We have been auditing since the summer of 1996. The process we follow to increase security is simply a comprehensive file-by-file analysis of every critical software component. We are not so much looking for security holes, as we are looking for basic software bugs, and if years later someone discovers the problem used to be a security issue, and we fixed it because it was just a bug, well, all the better. Flaws have been found in just about every area of the system. Entire new classes of security problems have been found during our audit, and often source code which had been audited earlier needs re-auditing with these new flaws in mind. Code often gets audited multiple times, and by multiple people with different auditing skills."

Re:well (0)

Anonymous Coward | more than 5 years ago | (#25258793)

You didn't RTFA, did you?
Posting AC on ParanoidLinux ;D

TinfoilHat is much better (2, Funny)

meist3r (1061628) | more than 5 years ago | (#25258263)

It sets up fairly easily and once you've got it running no one will ever come near you again ... to harm you.

Re:TinfoilHat is much better (1)

johndmartiniii (1213700) | more than 5 years ago | (#25258303)

Agreed. Then, once your tinfoil hat is secured in place, you can begin the tedious process of upgrading to covering your ceiling and walls with tinfoil.

Don't forget the floor and to duct-tape the doors and windows.

Re:TinfoilHat is much better (1, Funny)

Anonymous Coward | more than 5 years ago | (#25258569)

How did you know I forgot the door!!! Your one of them aren't you!

Re:TinfoilHat is much better (2, Funny)

Anonymous Coward | more than 5 years ago | (#25258881)

It sets up fairly easily and once you've got it running no one will ever come near you again ... to harm you.

They just want you to think that tinfoilhats protect you. Actually, they work as antennas.

The obvious answer (3, Funny)

jalefkowit (101585) | more than 5 years ago | (#25258265)

What should [the] truly paranoid user do?

Trust no one?

Re:The obvious answer (3, Funny)

plover (150551) | more than 5 years ago | (#25258367)

"Stay Alert! Trust No One! Keep Your Laser Handy!"

and

"Trust The Computer. The Computer is Your Friend."

Re:The obvious answer (2, Funny)

M8e (1008767) | more than 5 years ago | (#25258467)

"Happiness is mandatory"

Re:The obvious answer (1)

morcego (260031) | more than 5 years ago | (#25258823)

"Citizen, please report to the R&D department for your mandatory volunteer program. Have a nice day"

(If you don't don't have UV clearance, don't read past this point. Reading the following text without UV clearance is considered treason)

But the best quote is still: All rules are optional, some are even more optional than the others.

come on (1)

jrozzi (1279772) | more than 5 years ago | (#25258275)

If you are truly that paranoid then you shouldn't even use the Internet and should start taking Xanex or something. The Internet will likely become less private as we move towards more interactive web applications and social networks.

Re:come on (1)

xOneca (1271886) | more than 5 years ago | (#25258865)

Maybe you're right. Nowadays there's people that "can't live" (metaphorically speaking) without the Internet, but you can in fact disconect from the Internet.

In the future, I think we'll have to be connected to a network (I don't think it'll be the Internet) owned by governments and used for identifying the people, for knowing where they are, etc. All this with a pocket-device, or maybe a in-skin chip.

Yes (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#25258279)

No!

Hermit (5, Insightful)

el_chupanegre (1052384) | more than 5 years ago | (#25258297)

A truly paranoid person would be suspicious of absolutely everyone and everything. That would mean writing your own OS on your own hardware etc etc.

Since this is impossible, go and live in hiding with no human contact or chance thereof.

Why would you download this 'super-safe' OS from some people you never met, through a public unencrypted network, if your life depended on it?

Re:Hermit (1)

jawee (1377909) | more than 5 years ago | (#25258497)

The truly paranoid could just study and compile source code and still get a fully functional working environment (although I doubt it'd be quicker). However, the best thing to do if you are truly paranoid is simply not use a net connected PC at all. Just live without a network connection and keep your PC reasonably secure in its outside location and you're good.

Re:Hermit (1)

SL Baur (19540) | more than 5 years ago | (#25258813)

Why would you download this 'super-safe' OS from some people you never met, through a public unencrypted network, if your life depended on it?

Because the precautions to make that safe are not too tough?

Based on an idea from Cory's book (4, Informative)

Phyrexicaid (1176935) | more than 5 years ago | (#25258301)

Little Brother by Cory Doctorow uses this idea (and name), and the distro was started based on that.

Re:Based on an idea from Cory's book (1)

glitch23 (557124) | more than 5 years ago | (#25258349)

As a followup to this I'll say that the November issue of Linux Journal (I received it today) has an interview with Doctorow.

Re:Based on an idea from Cory's book (0)

Anonymous Coward | more than 5 years ago | (#25258567)

Congratulations, you told us something in TFA! You surely *must* be informative!

If you're in that much trouble... (0)

Anonymous Coward | more than 5 years ago | (#25258305)

...don't use computers, phones or other electronic devices with a network connection. If you're truly paranoid, don't use any at all, regardless of networking capability. Where anonymity means the difference between life and death, cryptography at least puts you behind bars, so you're screwed if you use it and screwed if you don't.

Get real (1)

OriginalArlen (726444) | more than 5 years ago | (#25258315)

So, you'd like me to THINK I should post me extensive array of opinions on this distribution here? Well you're not so smart after all! ha-ha! You'll never get me, you hear me?! neVERE!! hahahahahhahahhahahaahaaaaaa.....

True open source question (4, Insightful)

cdrguru (88047) | more than 5 years ago | (#25258327)

If you do not examine the source, how can you trust any piece of software? You are in effect agreeing to trust the unknown people that have looked at the source. Except in the case of a smallish distribution nobody may have actually looked into that particular distribution in any detail at all.

Of course, there is a greater issue of trust. If you accept chips made by unknown fabricators, do you know what microcode has been implemented? If you cannot examine the "source code" of the chips being used how can you actually trust that these chips are not doing things behind your back to reveal your identity and files?

So without a truly "open" computer, you are trusting a whole raft of unknown individuals and companies with your identity, your data, your reputation.

Moreover, if you are not knowledgeable about programming languages, using any computer is an act of utter faith with plenty of reason to not be so trusting. It is like climbing a mountain with a guide that only lost "a few" parties last year.

Re:True open source question (1)

RiotingPacifist (1228016) | more than 5 years ago | (#25258491)

but how can you know the source code your running is what youve been shown?
even if you compile it all you have to assume your using a clean compiler.

Re:True open source question (2, Insightful)

zxaos (910908) | more than 5 years ago | (#25258633)

You implement your own compiler in assembly, on open chips, and then you compile a checked version of gcc with the compiler you built and go on from there.

Obviously. :p

easy answer (5, Insightful)

schnikies79 (788746) | more than 5 years ago | (#25258329)

"What should truly paranoid user do?"

Stay off the internet.

Re:easy answer (0)

Anonymous Coward | more than 5 years ago | (#25258407)

I thought the FBI is now monitoring people that don't use the internet - they obviously have something to hide.

Re:easy answer (0)

Anonymous Coward | more than 5 years ago | (#25258855)

"What should truly paranoid user do?"

Stay off the internet.

damn skippy.

Borrow wifi - get someone to type for you (4, Interesting)

presidenteloco (659168) | more than 5 years ago | (#25258383)

1. Always borrow random open wifi access points,
in a geographic pattern not centered around your habitual location
2. Get a new unknowing assistant to type in roughly what you want to say each time. There are pattern detectors for your ways of expressing things.
3. Establish online identities such as gmail that have no tie whatsoever to any of your identity info or financial info

Re:Borrow wifi - get someone to type for you (1)

XLR8DST8 (994744) | more than 5 years ago | (#25259097)

problem with #2 is that you then have a witness. one of which disposing of will have problems of its own.

I can't use it. (0)

Anonymous Coward | more than 5 years ago | (#25258403)

I was afraid to login because, well, how do I truly know that it is really my machine? Or if it's really the exact same distro I put on and it didn't update behind my back?

Sorry, folks, it's just not paranoid enough for me.

Not that I need it. I have nothing to hide. I don't see why the NSA is spying on me, but they ARE!

And, I'm SURE this site was created to spy on me. I can't believe the Government has spent ALL this money on a site like this just to spy on me. What do all of you posters get out of this?!? Or are you all one guy faking being a bunch of posters just to see what I'm doing?

I need to leave this site - I'm ON TO YOU NSA!!

Quite Franky (5, Funny)

eclectro (227083) | more than 5 years ago | (#25258411)

This slashdot story was posted to get us to use Paranoid Linux, which can only mean that some one planted a backdoor in it.

nothing/no where, to hide (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25258429)

if our lives deepend on secrets, then that's all we'll have?

greed, fear & ego are unprecedented evile's primary weapons. those, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' life0cidal hired goons' agenda. most of yOUR dwindling resources are being squandered on the 'wars', & continuation of the billionerrors stock markup FraUD/pyramid schemes. nobody ever mentions the real long term costs of those debacles in both life & any notion of prosperity for us, or our children, not to mention the abuse of the consciences of those of us who still have one. see you on the other side of it. the lights are coming up all over now. conspiracy theorists are being vindicated. some might choose a tin umbrella to go with their hats. the fairytail is winding down now. let your conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

http://news.google.com/?ncl=1216734813&hl=en&topic=n
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A
http://news.yahoo.com/s/ap/20080918/ap_on_re_us/tent_cities;_ylt=A0wNcyS6yNJIZBoBSxKs0NUE
http://www.nytimes.com/2008/05/29/world/29amnesty.html?hp
http://www.cnn.com/2008/US/06/02/nasa.global.warming.ap/index.html
http://www.cnn.com/2008/US/weather/06/05/severe.weather.ap/index.html
http://www.cnn.com/2008/US/weather/06/02/honore.preparedness/index.html
http://www.nytimes.com/2008/06/01/opinion/01dowd.html?em&ex=1212638400&en=744b7cebc86723e5&ei=5087%0A
http://www.cnn.com/2008/POLITICS/06/05/senate.iraq/index.html
http://www.nytimes.com/2008/06/17/washington/17contractor.html?hp
http://www.nytimes.com/2008/07/03/world/middleeast/03kurdistan.html?_r=1&hp&oref=slogin
http://biz.yahoo.com/ap/080708/cheney_climate.html
http://news.yahoo.com/s/politico/20080805/pl_politico/12308;_ylt=A0wNcxTPdJhILAYAVQms0NUE
http://www.cnn.com/2008/POLITICS/09/18/voting.problems/index.html
http://news.yahoo.com/s/nm/20080903/ts_nm/environment_arctic_dc;_ylt=A0wNcwhhcb5It3EBoy2s0NUE
(talk about cowardlly race fixing/bad theater/fiction?) http://money.cnn.com/2008/09/19/news/economy/sec_short_selling/index.htm?cnn=yes
http://www.nytimes.com/2008/10/04/opinion/04sat1.html?_r=1&oref=slogin
(the teaching of hate as a way of 'life' synonymous with failed dictatorships) http://news.yahoo.com/s/ap/20081004/ap_on_re_us/newspapers_islam_dvd;_ylt=A0wNcwWdfudITHkACAus0NUE

is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.

http://www.google.com/search?hl=en&q=weather+manipulation&btnG=Search
http://video.google.com/videosearch?hl=en&q=video+cloud+spraying

'The current rate of extinction is around 10 to 100 times the usual background level, and has been elevated above the background level since the Pleistocene. The current extinction rate is more rapid than in any other extinction event in earth history, and 50% of species could be extinct by the end of this century. While the role of humans is unclear in the longer-term extinction pattern, it is clear that factors such as deforestation, habitat destruction, hunting, the introduction of non-native species, pollution and climate change have reduced biodiversity profoundly.' (wiki)

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

Stupidest idea ever (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#25258433)

It'll be slightly less effective than double ROT13 encryption.

Probably thought of by a nigger.

Re:Stupidest idea ever (0)

Anonymous Coward | more than 5 years ago | (#25259009)

Impossible! Infrareds can't do stuff like that. You have to atleast have clearens INDIGO.

Only one real answer (1)

geekmux (1040042) | more than 5 years ago | (#25258441)

Find a balance of functionality and security that you're comfortable with. It really is that simple.

Besides, if you're truly that paranoid, using a computer is the least of your worries. It's waaaay down the list after you've shaved all the hair off your body (no DNA by hair sample) and chewed your own fingertips off (fingerprints), severed every tie to any other human that knew you or your history, and dug out that deep hole you plan on living in somewhere in Alaska.

Attention! This might be a honeypot! (0)

Anonymous Coward | more than 5 years ago | (#25258443)

Someone (an agency?) might have put this story on /. in order to find out how you protect yourself from eavesdropping and which Linux distro you use. Do not answer to this thread thruthfully!!!

All summed up in one simple statement... (0)

Anonymous Coward | more than 5 years ago | (#25258471)

And always know where your towel is!

Checksums (0)

Anonymous Coward | more than 5 years ago | (#25258503)

Am I missing something obvious, or is this exactly what MD5 checksums on the main site, and the error checking built into BitTorrent files, are designed for?

Re:Checksums (1)

zxaos (910908) | more than 5 years ago | (#25258663)

Ah, but couldn't a malicious third party intercept your request to their servers and replace the listed MD5 checksum with a different checksum for the modified distribution?

Re:Checksums (1)

Daimanta (1140543) | more than 5 years ago | (#25258809)

Use SSL. Should be safe. Or maybe a SFTP to the FTP server. These questions should seriously be asked. Try to be Eve and break( tap/alter/corrupt) the connection between Alice and Bob.

Re:Checksums (1)

zxaos (910908) | more than 5 years ago | (#25258885)

Ok, what about a situation where all traffic is routed through a specific, malicious third party and there is no previously existing certificate information. Couldn't they fake data from a CA if you have no data to start with trusting? Then they could masquerade as the distro server by having the routing server be the endpoint of the ssl connection while simultaneously opening another ssl connection to the true server, making the request to the true server, editing it as necessary, and then sending it back over the initial, masqueraded link?

Re:Checksums (1)

zxaos (910908) | more than 5 years ago | (#25258945)

Sorry, re-reading that I wasn't clear. Wouldn't it be possible for a malicious third party to trick you into negotiating a SSL connection with a proxy instead of the remote server? Granted, they'd either have to compromise a root certificate authority key to make it invisible, but they could just disallow ALL SSL traffic unless you accept said certificate provided by them.

Use OpenBSD (1)

BhaKi (1316335) | more than 5 years ago | (#25258581)

The truly paranoid user would use OpenBSD, assuming of course that he's got out of M$ world.

Ssh... (0)

Anonymous Coward | more than 5 years ago | (#25258595)

I'm too paranoid to post under my real alias.

Maybe Paranoid Linux should rather be called Anonymous Coward Linux?

Paranoia (1, Insightful)

Renraku (518261) | more than 5 years ago | (#25258597)

The truly paranoid are irrational and contradictory.

They do things like refuse to fly on planes because the government obviously staged 9/11 and killed all of those people on the planes, so they don't want to become a part of that. But they'll work in the same areas that would be likely targets if another round of 9/11-esque hijackings occurred. They do things wrap everything in tin foil to keep the mind control/thought reading beams out, but happily sit in conspiracy theory forums all day, and go to work or to the store to get supplies.

If the paranoid want to find fault, they'll find fault. Obviously this is a thinly-veiled attempt by the government to see what the paranoid want to hide.

Just not in a public place. (3, Interesting)

RockoTDF (1042780) | more than 5 years ago | (#25258623)

The truly paranoid user should get use a liveCD with a mac address scrambler off of a wireless connection that does not belong to them.

The truly paranoid shouldn't be online (2, Funny)

fortapocalypse (1231686) | more than 5 years ago | (#25258667)

Forget Linux, throw away all electronic devices, and follow these handy tips:
1. Preferably find a wife/husband related to you (the closer the better, because you can trust your blood kin more, but avoid anything closer than 3rd cousins if possible).
2. Squat on a large remote property you don't own (preferably somewhere considered by other folk to be inhabitable).
3. Have 10-50 kids (more than that and you might just be inviting mutiny).
4. Teach kids to how to hunt, fish, and guard the perimeter of the property you're squatting on.
5. Please note that aluminum foil around the head isn't safe anymore because of darn nanotechnology, in fact nothing is completely safe. But making everything from nature is as safe as your going to get, so make everything from all natural materials that you find and grow yourself.
6. Stop reading slashdot. They watch people that read slashdot.

Re:The truly paranoid shouldn't be online (1)

Daimanta (1140543) | more than 5 years ago | (#25258775)

"3. Have 10-50 kids (more than that and you might just be inviting mutiny)."

4. Let each of those kids have another 10-50 kids.
5. Outbreed the rest of the country eventually(or settle in Liechtenstein for quicker results)
6. Elect yourself as head of state or use your numbers to start a rebellion
7. Use your country to take over the world
8. ??????
9. Profit
(10. Realise that being paranoid pays off)

Feeble... (1)

Giant Electronic Bra (1229876) | more than 5 years ago | (#25258675)

In any case an effort like this is, for the truly paranoid, feeble. The mechanisms available, proven mechanisms, are well known.

First of all you cannot trust any binary which was compiled with a toolchain which is not itself trusted at least as much as the code you are compiling. It is a well known fact that Ken Ritchie (IIRC it was he) added a block of code to pcc (the portable C compiler) which detected the compilation of the 'login' program and added a back door to it. Then he also added a piece of code which caused pcc when compiling ITSELF added both of these behaviors to the new pcc binary. This resulted in a period of a number of years in which the backdoor existed in virtually all Unix based systems. The pernicious part is, pcc's SOURCE code contained no trace of any of this because the source for the hack only existed ONCE, in the orginal 'ancestor' copy of pcc from which all others descended. It would be at best VERY difficult to know that some similar technique was not used on any given distribution. In theory one could do analysis of every binary, but then how do you know your debugger and disassembler aren't lying to you? Etc.

Even assuming you have by some process guaranteed you have a clean set of binaries, why would you think that the hardware you're running them on is trustworthy? It would be foolish to assume that of the billions of transistors of which your CPU is composed that some small fraction are not dedicated to nefarious purposes...

No, the people working on this may think they're paranoid, but frankly if they thought about it a bit more, they would realize they are not 1/10th paranoid enough...

Sorry, Ken Thompson (brain fart...) (2, Interesting)

Giant Electronic Bra (1229876) | more than 5 years ago | (#25258709)

"It is also possible to create a backdoor without modifying the source code of a program, or even modifying it after compilation. This can be done by rewriting the compiler so that it recognizes code during compilation that triggers inclusion of a backdoor in the compiled output. When the compromised compiler finds such code, it compiles it as normal, but also inserts a backdoor (perhaps a password recognition routine). So, when the user provides that input, he gains access to some (likely undocumented) aspect of program operation. This attack was first outlined by Ken Thompson in his famous paper Reflections on Trusting Trust."

http://en.wikipedia.org/wiki/Backdoor_(computing) [wikipedia.org]

Errmmm, location of that scary place (1)

arikol (728226) | more than 5 years ago | (#25258703)

That scary place where you have to protect your identity so the secret police don't get you in the middle of the night, isn't that called U.S.A. ?

Re:Errmmm, location of that scary place (1)

arikol (728226) | more than 5 years ago | (#25258735)

Of course, if you're innocent you have NOTHING to fear. FNORD they'll just detain you and send you to Gitmo

Even more troubling (1)

d_jedi (773213) | more than 5 years ago | (#25258731)

In these jurisdictions.. wouldn't the fact that you've downloaded/used ParanoidLinux suggest you have something to hide, and hence need to be sent to a re-education though labour camp?

Dont use alpha-alpha software (0)

Anonymous Coward | more than 5 years ago | (#25258761)

The truly paranoid would want something much more stable and time-proven than alpha-alpha software I'd think. Maybe go with OpenBSD or a more stable distro with SELinux.

Signature (1)

holizz (737615) | more than 5 years ago | (#25258805)

> Wouldn't it be far easier for a nefarious government organization to target that distribution's repositories, mirror that singular distribution's disk images with files of its own design, and leave every last one of that distribution's users in the great wide open?

I believe Debian solved this problem long ago, it's called public-key encryption.

This leaves one thing the user must do: acquire the distributor's public key from a trusted source. Unfortunately as far as I know only APT-based distributions sign all their packages, leaving everybody else putting a lot of trust in their sysadmin/ISP/government.

This is what you get... (1, Funny)

Anonymous Coward | more than 5 years ago | (#25258845)

-----BEGIN PGP MESSAGE----- jA0EAwMC3Y3ZOSlLpKNgycAHw2kwRePQBGcBvD1OI4mBCRlBFayMVSrTJtW0KBol Glh0nvrU7ium8C+EVIBYghTRhd8lfJvme7fJnv1QURuOLVonj/+Mx0AMs7+Vi18Y 3hsOybSIton3BG0iQA2ujdm+ynngefwsxX9wnap+KjHBZ6jvds6SQnoIL6yX/o59 e3zVpVCZuiCIuq8y9oNw+meSU6r/KkVMBHFExb2dBZOjdGSaMleo8/l0MxxXDuWa hpqzHFQJBPOiwVu3+BSXJ5XC9wUCAl61Pg== =D/fa -----END PGP MESSAGE-----

This is probably not a unique source (1)

causality (777677) | more than 5 years ago | (#25258903)

Wouldn't it be far easier for a nefarious government organization to target that distribution's repositories, mirror that singular distribution's disk images with files of its own design, and leave every last one of that distribution's users in the great wide open?' What should truly paranoid user do?"

If you don't or can't trust the single distribution's integrity, there's an easy alternative that no one seems to have mentioned. You can always check which tools ParanoidLinux includes and how they are configured, and then go download a more ordinary (less attention-attracting, if you really are paranoid) distribution. Then just install those same open-source tools and configure them in a similar manner and you no longer need to trust that particular distribution. If you believe that someone or a group of people wants to compromise the ParanoidLinux distribution, then by doing this you have just forced them to also compromise every other Linux distribution in order to achieve the same result.

This is, after all, what security is about. You really cannot make anything impossible to compromise; what you can do is make your system more and more difficult for an adversary to both successfully compromise and to successfully compromise without being detected. Personally, I consider a system to be "secure" when the effort needed to compromise it is far, far more expensive than anything that would be gained by doing so.

What should truly paranoid user do? (1)

[cx] (181186) | more than 5 years ago | (#25258923)

Obviously look for UFOs, watch re-runs of X-Files and try to summon our intergalactic serpent overlords, of course.

potential solution, linux not included (0)

Anonymous Coward | more than 5 years ago | (#25258927)

You'd be better off with a tweaked bare bones openBSD system. Configure a remote server with TOR and a Freenet/Darknet node for anything serious. Depends on if you're disseminating or hiding.

Nothing will stop a (smart) determined attacker with physical access, so why keep anything incriminating locally?

...and don't forget to put /home on your IronKey just to be a dick to the forensics tech. ;P

BS Alert (0)

Anonymous Coward | more than 5 years ago | (#25259013)

"The 'alpha-alpha' version of ParanoidLinux is now out."

No, it is *NOT*.

I can't belive Slashdot published this story without ANY fact checking.

Re:BS Alert (0)

Anonymous Coward | more than 5 years ago | (#25259103)

I can't belive Slashdot published this story without ANY fact checking.

the funny thing is there isn't even a malicious/wrong news report anywhere. they just say it out of blue with linking to an article that happens to be about pl dev. it's like saying an early version of ubuntu 9.04 is released linking to a story about the Jaunty Jackalope naming decision

For the complacent, (1)

toby (759) | more than 5 years ago | (#25259015)

It's worth pointing out that the USA and Canada are among jurisdictions where having anonymity might mean the difference between life and death, thanks to the existence of Extraordinary Rendition (for example the cases of Maher Arar, [www.cbc.ca] and other Canadian citizens who have been kidnapped and tortured at the US/Canada border) and Guantanamo Bay (where due process is suspended, and several inmates have died).

uh, (1)

toby (759) | more than 5 years ago | (#25259037)

I did not mean "tortured AT the border" - obviously what occurred is he was kidnapped on arrival in the US, and deported by US authorities to Syria (in Arar's case) where he was tortured. Unfortunately his case is far from unique.

This is a non-issue! (1)

Jane Q. Public (1010737) | more than 5 years ago | (#25259175)

Any tampering such as that mentioned by the OP would be ridiculously easy to detect and correct. This is simply not an issue.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...