Subgraph - Tails-like Debian-based OS

[Lysander666]

Has anyone here used this? I've only just heard about it. Am downloading the alpha ISO now and will take a look.

https://subgraph.com/index.en.html

https://distrowatch.com/table.php?distribution=subgraph

[Hoser Rob]

I'd try it in a VM first if I were you. A couple of thoughts though ...

I had a look and there's no support forum I can find. I don't kinow of any of these 'hardened' distros that are even remotely noob friendly. They'll need a very good forum.

Though knowledgeable users are not likely to want to install a distro that only comes in an alpha release. No one I know who knows Linux/unix would install a beta release (let alone alpha) unless they were forced to.

And from their site: "By default policy, Subgraph OS will restrict the communication of applications so that they use the Tor network exclusively, obfuscating the endpoint's physical origin.". Well, guess what. Tor is quite hacked. So big frakkin' deal there.

If you want security it's best to use tools you understand.

[Fred Barclay]

Well, guess what. Tor is quite hacked.

Do we know that for sure?
(In other words... references, please. )

[killer de bug]

No one I know who knows Linux/unix would install a beta release (let alone alpha) unless they were forced to.

Really ?
I know a lot of friends who can try alpha releases, or install Beta. Or use Debian Sid or...


Other than this, I know this distro since a few months, and it looks promising.

[aes2011]

...
(In other words... references, please. )

https://arstechnica.com/tech-policy/201 ... -fbi-hack/
https://www.lawfareblog.com/judicial-fr ... techniques
could be some?

[Fred Barclay]

https://arstechnica.com/tech-policy/201 ... -fbi-hack/
https://www.lawfareblog.com/judicial-fr ... techniques
could be some?

Ah, yes. To the best of my knowledge, the malware used in this case was a Adobe Flash exploit. That's not a Tor hack, it's a vulnerability of a closed-source, bug-infested technology.

(And may I just say, "Good riddance!" that those criminals were caught. Disgusting isn't a strong enough word for what they were doing.)

[aes2011]

Speaking of TOR: http://www.phoronix.com/scan.php?page=n ... ry-Bogatov

OP, what's your experience so far?

I wish they didn't include LibreOffice.

[Faust]

Re Tor
Yes , a small number of exit nodes have been compromised , and there is probably no real way to prevent that ,
but it doesn't mean that Tor as a whole is useless.
The main problem I see with Tor is not the implementation so much as the very bad press it has got .
Sensationalist journalism and click-bait headlines are now automatically connecting it's use with terrorists ,
Silk Road clones , pedophiles and cyber-criminals .
So I think it is a bad idea to have your ISP seeing Tor being used , and they WILL see it , unless it is through a VPN.

Re Subgraph
I've been running it in Virtual Box / Mint17.3 for a year or so , and I'm impressed with it .... so far as it goes .
Progress has been slow , which is disappointing because the model shows much promise .
I've done my best to break it , compromise it , find leaks etc , but I'm not going to trust it for something
as sensitive as banking . There is a lot more work needed .

BTW - I'm also running Whonix and Qubes for long term testing , and both of those also run Tor by default ,
and they are mighty secure systems !
But the same rules apply for me .... I just don't want them visible to my ISP .

[Faust]

Well, guess what. Tor is quite hacked.

Do we know that for sure?
(In other words... references, please. )

Reading this thread got me looking for more up-to-date info on Tor security issues , and this is the most recent thing I could find

https://www.theregister.co.uk/2016/11/3 ... _in_works/

and it's not much of an issue for your "average " Tor user .... whatever that is