Linux Rooted in Fiction: ParanoidLinux

by Kristin Shoemaker - Oct. 02, 2008Comments (16)

If the fact that the ParanoidLinux distribution (now in an "alpha-alpha stage") is based on a work of science fiction isn't unsettling, consider two key peripheral issues.

The first unsettling issue is that in some censorship-centric areas of the world, an operating system granting a user anonymity could be literally life-saving.

The second unsettling issue is that an effort is being made to package security tools -- ones that exist in current Linux and BSD systems, or are readily available through repositories -- into yet another distribution.

It's not the "there are already too many distributions" argument that is unsettling. It is more that the project feels a like a waste of human resources -- why is it necessary to put the applications and services designed to protect anonymity, to encrypt files, to make the user nameless and faceless, all together, in one distribution? Let's think in a truly paranoid manner. Wouldn't it be far easier for a nefarious government organization to target that distribution's repositories, mirror that singular distribution's disk images with files of its own design, and leave every last one of that distribution's users in the great wide open? It would take more effort, it would seem, for a despotic goverment to hit every last repository of every last distribution with a bogus security application.

Wouldn't it be far more productive to concentrate on privacy applications and services in the developer's area of interest? Improving the applications at the source, or even packaging the preferred applications for use in existing distributions would grant more security to more users. Yes, users who might actually need these tools, now.

There is no harm in starting a distribution to fill a need. This project is, sadly, highly questionable. It's not a question of need as much as a question of playing with the people who need it. It is attempting, far too enthusiastically, to follow the book it was pulled from, Cory Doctorow's Little Brother. The one book-inspired idea the developers have (wisely) tossed aside was Chaff, an application delivering messages pulled from keystrokes typed using applications that perform a completely unrelated task. The developers state that TOR is a far more secure method for anonymity.

These applications all pre-configured and packaged in a distribution seem a fine idea -- in a novel. In a real life situation requiring a "ParanoidLinux" type operating system, there are more points of failure than any one author's imagination can conjure. That's why the community -- not of any one application, or any one distribution -- the entire community -- is needed to watch, maintain, and develop these projects.


Browse Blog

Khürt Williams uses OStatic to support Open Source, ask and answer questions and stay informed. What about you?



16 Comments
 

Thanks for bringing up this inefficiency to us. We will reprogram the necessary units.

Ministry of Production

0 Votes

Inefficiency, or not, this ability to roll another distro for whatever reason is just one of the (many) beautiful features of Linux! Wherever enough of a group has a common interest in forming a new distro, they are free to do so. I probably won't use ParanoidLinux; after trying slackware, Ubuntu, Debian, and the BSD's, I'm just too comfortable with Fedora. But knowing that I can try out whatever really is a comfort.

1 Votes

Anonymous above,

Without a doubt, the beauty of Linux is the ability to do such a thing. It's not a question of if it is possible to roll a distro like this. It is beyond the shadow of doubt, and certainly possible that the developers can.

Here's the issue, for me:

Let's put it this way: If I were living in a totalitarian state, a repressive place, like North Korea, for example... I wouldn't want to use a distribution that is designed to protect my privacy, and perhaps my life, and the lives of my family, that was created simply because the developers *could*. I would want something that was a bit more diversified... Debian... with a security package from a repo here, or an encryption tool from another repo here.... something that was not as easily identified, or infiltrated.

I have no issues with the fact they are creating a distro based on one in a book. The exercise of creation isn't the problem...but it feels a lot like the situation it is being created for isn't being considered fully for as serious as it is.

1 Votes

In any case an effort like this is, for the truly paranoid, feeble. The mechanisms available, proven mechanisms, are well known.

First of all you cannot trust any binary which was compiled with a toolchain which is not itself trusted at least as much as the code you are compiling. It is a well known fact that Ken Ritchie (IIRC it was he) added a block of code to pcc (the portable C compiler) which detected the compilation of the 'login' program and added a back door to it. Then he also added a piece of code which caused pcc when compiling ITSELF added both of these behaviors to the new pcc binary. This resulted in a period of a number of years in which the backdoor existed in virtually all Unix based systems. The pernicious part is, pcc's SOURCE code contained no trace of any of this because the source for the hack only existed ONCE, in the orginal 'ancestor' copy of pcc from which all others descended. It would be at best VERY difficult to know that some similar technique was not used on any given distribution. In theory one could do analysis of every binary, but then how do you know your debugger and disassembler aren't lying to you? Etc.

Even assuming you have by some process guaranteed you have a clean set of binaries, why would you think that the hardware you're running them on is trustworthy? It would be foolish to assume that of the billions of transistors of which your CPU is composed that some small fraction are not dedicated to nefarious purposes...

No, the people working on this may think they're paranoid, but frankly if they thought about it a bit more, they would realize they are not 1/10th paranoid enough...

0 Votes

shoe, your points are valid... just not for North Korea. If you were there, you'd worry more about what you'll eat. Then if you serve the leader, you may even have a university computer that you could use... when there's power. And you certainly wouldn't be able to connect to the internet and download from repositories. I think it's cool to have a distro like this. If you're connecting through Tor, than the overhyped tracking problem is reduced... unless they track Tor :-) That is, if they really think of a way to track, the same technique would apply. Debian may be a more reasonable choice, if you could download some programs automatically (like a script that downloads security tools) But then... they could track that as well.

0 Votes

You may always try already working and not in alpha-alpha stage "Incognito" - gentoo based live CD - http://www.browseanonymouslyanywhere.com/

If the "progress" continue, anonymity providing distros will be a must in a couple more years no matter where on the planet. Of course, if we still be willing to protect our privacy and freedom of speech and not trade it for so called "security".

0 Votes

To Anonymous above who made the comment about "Ken Ritchie":

It was actually Dennis Ritchie and Ken Thompson. I suppose "Ken Ritchie" covers both though! =D

0 Votes

here it is: http://everything2.com/title/Reflections%2520On%2520Trusting%2520Trust

0 Votes

Wouldn't it be far easier for a nefarious government organization to target that distribution's repositories, mirror that singular distribution's disk images with files of its own design, and leave every last one of that distribution's users in the great wide open?

That's [also] what md5 hashing is for.

0 Votes

It's a good concept, but simply doesn't function in a typical static distribution format. I see no reason that, say, a tiny live image isn't released which builds you a new intallation ISO of current tools from whatever original sources or rotating secret mirriors they choose. Tor and BitTorrent? I suppose you could do that with just about anything, however. What I don't get is how you hide something that's very identifiable due to it's odd lack of identity.

0 Votes

one word. openbsd.

0 Votes

Oh just shut the hell up!

0 Votes

It's not "inefficiency" because volunteer time isn't fungible. Volunteers will work ten times as hard as any employee, but only on what they want to.

So KDE and GNOME will continue to exist as separate projects. Distros will continue to exist as separate projects and only remerge very rarely.

But, because it's all free software, this apparent duplication of effort is not wasted - because anyone can take Paranoid Linux's work and put it into their distro as well. Note how all the big distros tend to get the same stuff around the same time - they freely take ideas and code from each other, because that's what free software is for. Note how KDE and GNOME, though they'll probably never merge, happily take ideas and code from each other, and are working to merge their common elements at Freedesktop.org. Which benefits other desktop environments, like XFCE.

It's all good!

0 Votes

I know this is sort of late, but the trouble you seem to overlook here is that very few people can handle a regular pre-packaged linux distro on their own, let alone building their own custom setup from repositories and making sure they have all the angles covered. Even if PL flops or is not sufficient on its own it is a much stronger base than starting with Debian and building up. I couldn't do that and I've been using linux as a primary desktop and a server admin for a couple years now. If you require that all political dissidents become experts in computer science, cryptography, security and the esoteric world of linux I'm afraid we're doomed to totalitarianism.


0 Votes
If you lived in an opressive place, and people were coming after you.... Why the hell would you use the internet in the first place??
0 Votes

"If you require that all political dissidents become experts in computer science, cryptography, security and the esoteric world of linux I'm afraid we're doomed to totalitarianism."


This quote is made of win.


0 Votes
Share Your Comments

If you are a member, to have your comment attributed to you. If you are not yet a member, Join OStatic and help the Open Source community by sharing your thoughts, answering user questions and providing reviews and alternatives for projects.