COMP 3000 2011 Report: Privatix

From Soma-notes

Part 1

Background

The name of our chosen distribution is the Privatix Live-System. The target audience for this system are people that are concerned about privacy, anonymity and security when web-surfing, transporting/editing sensitive data, sending email etc. Therefore, the goals of this distribution are mainly security and privacy related--being able to provide security-conscious tools and applications integrated into a portable OS for anyone to use at any time. The distribution is meant to be portable, coming in the form of a live CD which can be installed on an external device or a USB flash drive with an encrypted password to ensure that all your data remains private, even if your external device is lost or compromised. The Privatix Live-System incorporates many security-conscious tools for safe editing, carrying sensitive data, encrypted communication and anonymous web surfing such as built in software to encrypt external devices, IceWeasel and TOR.


This Privatix Live-System was developed in Germany by Markus Mandalka. It may be obtained by going to Markus Mandalka's website and navigating to the download page (Mandalka), selecting the version you wish to download (we chose the English version) and downloading it. The approximate size of the Privatix Live-System is 838MB for the full English version (there are smaller versions available which have had features such as GNOME removed). The Privatix Live-System was based off of Debian (Debian).

Installation/Startup

Privatix boot screen
Privatix desktop

Currently we have Privatix installed on an 8GB USB stick in order to utilize the full power of the OS. However, Privatix can be used in a few ways other than installing it on an external device (such as a USB stick)such as on a live CD/DVD, in a virtualized environment such as VirtualBox. After downloading the .iso file it is possible to either burn the operating system to a CD/DVD, use VirtualBox, or install it to a USB stick.

CD/DVD

To install and boot Privatix with a CD/DVD, simply burn the operating system to a disk and boot from the CD/DVD created when prompted to in the BIOS. While using the Live CD, the user will have access to almost all features of the operating system. However, because no profiles were setup, if the user locks the computer, there will be no way to unlock it as no password was not setup.

VirtualBox

Using VirtualBox requires simply having VirtualBox installed, and when prompted for the installation media to select the .iso file downloaded for Privatix.

When the system starts up select the Live option. This brings up the main Desktop, while using VirtualBox the user will have access to all features available when using Privatix with the Live CD. However there is one small extra level of security, this is provided by the host operating system. this extra layer of security takes the form of the profile system of the host operating system.

USB

To install Privatix onto a USB stick, you first must be booted into Privatix Live through a CD/DVD. Then you need to click the install icon on the Desktop to begin installing to a device. It is then possible to select a device for Privatix to install itself on. The installer will ask you if you would like to fill your device with blank data, this makes accessing data/recovering what was originally on the device much harder. The installer will prompt you for a user password, as well as an admin password. The installer will then start it's time consuming process of installing Privatix to the device.

To boot into Privatix from the device, you can stop the computer booting, and then boot into the external device. During booting, Privatix will prompt you for your the password set up during the installation.

Basic Operation

On An External Device

The main way of utilizing the Privatix Live-System is done by installing the system on an external device--in our case, we used an 8 GB USB stick. Once the system is installed on the external device. When the system is installed on an external device, it is easy to use the system for its intended purpose--having portable anonymous and secure system. We tested this portable version of the system on several laptops with no trouble and no noticeable discretion in use between the different machines. We attempted to use the the system for the following use cases: anonymous web browsing, secure email, data encryption and secure data transportation.

Apart from this, Privatix also came with OpenOffice applications and much of the basic GNOME functionality, including:

  • Pidgin IM and Empathy IM Client
  • Evolution Mail
  • gedit etc.

Anonymous Web Browsing

The main thing we liked about this system was the secure and anonymous web browsing. The default browser in the system is IceWeasal (an older version of GNU IceCat--a re-branding of FireFox compatible with both Linux and Mac systems) which comes equipped with security features not available by default in FireFox. The main add on that I liked was that The Onion Router (TOR) is installed and enabled by default (it can be disabled if the user wishes). TOR is an open source project meant to provide absolute anonymity online--mainly preventing anyone from learning your location or browsing habits--by routing webpage requests through virtual tunnels made up of individual TOR nodes (no two "paths" are ever the same).

Secure Email

The Privatix Live-System also came equipped with the security-conscious email client IceDove--a re-branding of Mozilla ThunderBird (a cross-platform email client that provides government-grade security features). The email client was easily setup and used, supporting digital signing and message encryption via certificates by default.

Data Encryption

The Privatix Live-System also has the ability to encrypt external devices (besides the external device that the system is installed on). This meant that we could have an unlimited amount of encrypted data, not being limited to the size of the external device that the system itself is installed on. The ability to encrypt secondary external devices is very handy as much of the space on the external device that Privatix is installed on is taken up by the system itself.

Secure Data Transportation

There are two ways that Privatix fulfills its secure data transportation goal:

  1. When saving data on the external device with the Privatix Live-System, the data is automatically encrypted and is also password protected (since the portable version of Privatix requires a password to use it).
  2. As mentioned above, Privatix allows for the encryption of secondary external devices, hence meaning that data can be securely transported without even having the Privatix Live-System with you.

Live CD and Virtual Box

We found that running Privatix using the live CD and VirtualBox was equivalent.

When booting the live CD in VirtualBox, there are certain key features of the Privatix Live-System you are missing (mainly because these features are meant for the portable version to be installed on an external device). However, just booting from the live CD still gives a lot of the functionality I would use the system for--mainly the anonymous web browsing, secure email and data encryption. The key differences were the lack of portability and the inability to save any data on the live CD or VirtualBox environment.

When using only the live CD or VirtualBox all files are deleted when the system is shut down. In addition to, any files saved to the desktop by the user will not appear. They will be hidden from view, but can be viewed by opening the terminal and navigating to the desktop and running the ls command.

Usage Evaluation

TOR is enabled by default in Privatix

During our use of Privatix, we found it preformed on par for what it was described as, however we found some concerning parts. To start with, most of the documentation for the operating system is in German. The apparent by frequent grammar mistakes in the operating system itself also indicates that English was not the primary language for the writers of this operating system. We also noticed that there was no wireless driver so wireless networks could not be connected to. This causes a problem because an operating system on a USB stick should be portable, however this driver requires you to have a hard line to use the internet. In addition, when we tried to install Privatix onto a USB it took many attempts. It was also noticed that when using Privatix in VirtualBox that even though there was no wireless drivers in Privatix, the wireless capability was provided by the host OS (Windows).

However once connected to the internet, all the software works as it should. All the secure software seem work as they should, however since we do not know how to test the limits of its security measures we do not know for sure how secure these programs actually are.

References