Ubuntu Privacy Remix

Introduction

Ubuntu Privacy Remix is a modified Live-CD based on Ubuntu Linux. UPR is not intended for permanent installation on hard disk. The goal of Ubuntu Privacy Remix is to provide an isolated, working environment where private data can be dealt with safely. The system installed on the computer running UPR remains untouched. The risk of theft of such private data arises not only from "conventional" criminals, trojans. rootkits, keyloggers etc. In many countries, measures are taken or being prepared aiming at spying and monitoring its citizens. Ubuntu Privacy Remix is a tool to protect your data against unsolicited access.

Contact Information

http://www.privacy-cd.org/

https://launchpad.net/upr

info@privacy-cd.org

Audience

People who want to protect their sensitive data. The base idea is to relocate work on private data into a secure environment, strictly apart from everything else you do with your computer (surf the web, chat, games, ...).

Mission

Good encryption is one of the most important measures to protect your data. Ubuntu Privacy Remix contains the well-known cryptographis software TrueCrypt and GnuPG. But the security of encryption relies not only on the security of the used software. Trojans, Rootkits, Keyloggers can lower or even circumvent the security of cryptographic software.

For example software like Microsoft Office or Google Desktop, which create an unencrypted copy on hard disk when opening files from an encrypted TrueCrypt-Volume. Or a trojan that waits for you to open a TrueCrypt-Container, mailing your sensitive files to someone else at the next opportuinity. Or malicious software that logs your keystrokes, including the passphrase for your secret GPG-Key, and mailing it along with the key to some unknown attacker. He or she could then read all your past and future Mails he/she gets his hands on.

Security is a system These few examples show that security means the security of the whole working environment, and that security can never be provided by one program alone. Editing, de- and encryption of sensitive data should therefore be done with a system that

  • never has or had contact to untrustworthy networks like the internet
  • cannot leave data unencrypted on the hard drive, not even unnoticed or by accident
  • offers no opportunity to spyware to permanently install onto the system

Ubuntu Privacy Remix - based on Ubuntu 8.04 - tries to create such a working environment on any PC with the following measures:

  • the system resides on a read-only CD, i.e. it is in the original state after every reboot and cannot be modified afterwards. Spyware and other mailicious software cannot be installed permanently.
  • The system completely ignores any potentially compromised local (S-)ATA hard disks. Neither can they be used by malicious software to save 'stolen' data from UPR, nor could malicious software be loaded from hard disk into UPR
  • The system kernel is modified so that it cannot activate any network hardware. UPR therefore is an isolated system where it is impossible to exchange data via LAN/WLAN/Bleutooth/Infrared etc.
  • The system is based on free software which can be verified in source code.
  • To ease working with a non-modifiable system, UPR introduces "extended TrueCrypt-Volumes", which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume. These settings are automatically made available after opening such an "extended TrueCrypt-Volume". This method is only an optional alternative to using standard TrueCrypt volumes.

Ubuntu Privacy Remix therefore has two levels of security:

1. By being non-modifiable, it is impossible to permanently install malicious software, neither by network nor by local hard disks.

2. Even if it were possible for malicious software to load into memory (e.g. carried in and executed from removable media), there is no possibility to save or send captured data anywhere outside.

Goals

https://blueprints.launchpad.net/upr

Collaboration Focuses

* boot-time-optimization

* Find a way to prevent loading of "foreign" kernel modules

* Hosting our ISO-files


CategoryDerivativeTeam

DerivativeTeam/Derivatives/Ubuntu Privacy Remix (last edited 2009-09-03 21:00:18 by dominoconsultant)