A Privacy Package

Provide us your suggetions and New Ideas to improve Hama GNU/Linux
vik
Posts: 32
Joined: Thu Aug 14, 2014 3:55 pm
Contact:

A Privacy Package

Postby vik » Mon Oct 20, 2014 8:46 am

I received a suggestion for this feature to be incorporated into hamara linux - so I thought I would start a discussion on the topic.

In light of recent disclosures highlighting that pretty much everyone and their grandmother wants to know everything about you and what you do with you computer, perhaps a package of privacy
related applications that are either enabled by default or really easy to enable might be a good idea?

Here are my suggestions:

- A desktop IDS
Suricata with a nice gnome3 frontend app and maps integration
Incorporate a graphical network monitor like http://etherape.sourceforge.net/

- Antivirus
Is it needed / not needed?
Play safe and say it's needed?

- Rootkit Hunter

- Replace empathy with pidgin and include pidgin otr

- Email encryption

- TextSecure
Currently a secure sms protocol for android by https://whispersystems.org/
but looks like a broswer extension is available
https://github.com/WhisperSystems/TextSecure-Browser

- Application Firewall
AppArmour

Suggestions for more features welcome :)
Vikas Tara
Founder - Hamara Linux

gurvinder
Posts: 2
Joined: Fri Aug 15, 2014 10:45 am
Location: New Delhi
Contact:

Re: A Privacy Package

Postby gurvinder » Mon Oct 20, 2014 11:26 am

Following is opinion regarding list of things you have mentioned

- Rootkit Hunter = Good one to have
- Replace empathy with pidgin and include pidgin otr = I would rather have both installed on system and then let the user choose what is right for them.
- Email encryption = Best thing to have.
- Application Firewall = Firewall with good interface to manage with be one of the features to have.
- Antivirus - I do not think so it is need. Linux has ability to read and open any file any. Sometimes I have used Linux Live CD to delete virus infected files in Windows. I have been using Linux based platform for more than a 5 years. I have never got a reason to install Antivirus on Linux. Still if there is some good antivirus available, it is good to have one on system.
Suricata - It is good application for IT enthusiast. I do not think so an average user would really need it.

Another good to have application is TOR web browser and hard drive encryption.

vik
Posts: 32
Joined: Thu Aug 14, 2014 3:55 pm
Contact:

Re: A Privacy Package

Postby vik » Mon Oct 20, 2014 11:50 am

Following is opinion regarding list of things you have mentioned

- Replace empathy with pidgin and include pidgin otr = I would rather have both installed on system and then let the user choose what is right for them.
If someone installed the privacy package, then surely is should only give them apps which have privacy features?
Suricata - It is good application for IT enthusiast. I do not think so an average user would really need it.
The point here it to use it just for the users desktop - with an easy to understand gnome 3 frontend. It would show the user suspicious traffic directed to/from his system.
Another good to have application is TOR web browser and hard drive encryption.
Ooops, I missed that one.
How about tor desktop integration in gnome 3 - and changing the look of the desktop when in 'TOR' mode?
Vikas Tara
Founder - Hamara Linux

shantanu
Posts: 2
Joined: Tue Oct 21, 2014 7:15 am
Contact:

Re: A Privacy Package

Postby shantanu » Tue Oct 21, 2014 7:57 am

Valid points by both of you guys. However I understand privacy and security as two different things. We can simply include security packages and force it to run, however privacy is something we need to make users aware of and provide them tools to manage it.

Now looking at the suggestions,
Let's talk about security packages.
- A desktop IDS
Suricata with a nice gnome3 frontend app and maps integration
Incorporate a graphical network monitor like http://etherape.sourceforge.net/
I don't think it's needed on desktops.
- Application Firewall
AppArmour
Again, not needed on desktops. I would propose a system firewall though, something like http://gufw.org/
- Rootkit Hunter
Good to have.

Let's talk about privacy packages.
- Email encryption +1
- Replace empathy with pidgin and include pidgin otr +1
- TextSecure -- Not sure about it's usecase.

Regards,
Shantanu

vik
Posts: 32
Joined: Thu Aug 14, 2014 3:55 pm
Contact:

Re: A Privacy Package

Postby vik » Tue Oct 21, 2014 9:52 am

- A desktop IDS
Suricata with a nice gnome3 frontend app and maps integration
Incorporate a graphical network monitor like http://etherape.sourceforge.net/



I don't think it's needed on desktops.
I disagree - personally I would really like to be able to see if any suspicious traffic is directed at my machine. WHy do you think that's not needed?
Vikas Tara
Founder - Hamara Linux

shantanu
Posts: 2
Joined: Tue Oct 21, 2014 7:15 am
Contact:

Re: A Privacy Package

Postby shantanu » Tue Oct 21, 2014 10:23 am

I disagree - personally I would really like to be able to see if any suspicious traffic is directed at my machine. WHy do you think that's not needed?
Ideally IDS should be running on the entrypoint of your network(switch/firewall). If you don't want to see any suspicious traffic on your desktop you should be writing good incoming rules on your fiewall rather :D .
Moreover,
1.) In most of the cases desktops run behind NAT, which means if you don't specifically allow someone on your external firewall to reach your desktop(by port forwarding etc) they won't be able to.
2.) In most of the cases desktops don't need to open any incoming port, so I will rather block any incoming port and won't worry any supicious traffic.

vik
Posts: 32
Joined: Thu Aug 14, 2014 3:55 pm
Contact:

Re: A Privacy Package

Postby vik » Tue Oct 21, 2014 2:17 pm

Ideally IDS should be running on the entrypoint of your network(switch/firewall). If you don't want to see any suspicious traffic on your desktop you should be writing good incoming rules on your fiewall rather :D .
Moreover,
1.) In most of the cases desktops run behind NAT, which means if you don't specifically allow someone on your external firewall to reach your desktop(by port forwarding etc) they won't be able to.
2.) In most of the cases desktops don't need to open any incoming port, so I will rather block any incoming port and won't worry any supicious traffic.
None of the above apply for outgoing traffic.

Consider the (common) scenario of:

- I send you a mail asking you to click a link
- You click said link
- I force some nasty javascript on you

Your desktop starts sending suspicious traffic.

Firewalling is so pre-snowden :)
Vikas Tara
Founder - Hamara Linux

anant
Posts: 1
Joined: Tue Oct 21, 2014 3:54 pm
Contact:

Re: A Privacy Package

Postby anant » Tue Oct 21, 2014 8:37 pm

Suggestion from my side, we should produce 2 diffrent version of Hamara Linux.

a) For normal users ( Layman users / Light version )
b) For Geeks ( Expert users / with all latest tool and security stuff **Just like Backtrack or KALI Linux** )

As if you check out the Layman daily stuff they will even dont try to set proxy in web browser. So its better that we will give diffrent Distro for advance user with pre-installed advance and great tools.

good_at_nothing
Posts: 2
Joined: Fri Oct 17, 2014 3:37 pm
Contact:

Re: A Privacy Package

Postby good_at_nothing » Wed Oct 22, 2014 1:45 pm

Adding my few cents to the discussion:

Well, a lot has been said above by my seniors so there is nothing more left to say.

First of all, for every successful product we have to analyze that to what audience we are targeting. But security and privacy is that logic which every user wants either knowingly or unknowingly.

But if the user is aware from latest snooping tactics then he may look out for solutions. And, “Whenever there is new technology that offers new solutions people are bound to use it."

We can write a suggestion page on which we provide alternate solutions to all major services which a layman uses for his day-to-day tasks and those solutions provides end-to-end encryption.

I am writing down few tools which I encountered in my recent researches. I am using some of these tools. Will surely share my experiences soon.

Skype replacement: Tox

Offline messaging app: Briar

Email client: MailPile

Another tool (not yet ready and completed to rock on the floor)
Crypto mail field is Scramble, encrypted webmail software coded by recent Stanford University computer science graduate Daniel Posch.

A German company called Open-Xchange (uses PGP algo)
Tool name : OX Guard
Using OX Guard, you can send an encrypted email to anyone—even if they don’t use Open-Xchange

Another tool: Hushmail

Why can't we have a system which comes preloaded with all such encryption tools and all these automatically executes during bootup process.
From a layman perspective, he doesn't want to know what is happening behind the curtain. All he is concerned about the performance of the artists and show. We have to just aware the user and provide a best possible solution and spread the word so that everyone can benefit from it.
This is all what I understood so far. In case if I am wrong at some point then please correct me.
Share your experiences on this.
Thanks.

For further info, please check out these links:

http://www.wired.com/2014/09/oxguard/

http://www.wired.com/2013/09/the-scramb ... ncryption/

http://www.wired.com/2014/07/minilock-s ... ncryption/

vik
Posts: 32
Joined: Thu Aug 14, 2014 3:55 pm
Contact:

Re: A Privacy Package

Postby vik » Wed Oct 22, 2014 2:05 pm

Some really good suggestions here and quite a few tools being discussed are not actually packaged by upstream distros.

I propose we open up a bug for this 'privacy package'

and start to bring things in to the repo.

What do you wall think?
Vikas Tara
Founder - Hamara Linux


Return to “Suggestions & New Ideas”

Who is online

Users browsing this forum: No registered users and 0 guests

cron