readme de .tb

Hacktivismo's .tb .tb is a portable, Live(-CD) Linux Operating System. The goal consists of creating a secure-by-default, trusted Internet communication-and connectivity platform with anonymized connections, and secured storage, out of the box, on top of a portable OS, supporting a maximum of diverse hardware and media. It can be compiled entirely from sources (and hence, entirely customized, if you want) for reasons of peer-review and trust, hence the name Trusted Build -- .tb. Trusted Builds Trusted organizations like Hacktivismo, but also other independents, like EFF, human rights groups, and organizations who wish to prepare a build for their own target group can offer binary Trusted Builds, LiveCD ISOs, by running the INSTALL script and using the TBuild folder and gentoo sources downloaded from the net. If you build from sources, you basically copy and paste the contents from the "INSTALL" file to a Linux shell. The copy and paste is ONLY necessary because the script contains 'chroot' parts, which are not easy to automate, and because supervision of the build process is recommended (not necessary). Besides that, it is as easy as running a normal script. If you need a MAC version, you must build on a MAC Linux, if you want a PC version, on a x86 Linux. One may hand-edit the INSTALL file and TBase files to change things, e.g. the default CD-Encryption passphrase ("freedom") or the default login/password ("user"/"hacktivismo"). The building from source is the difficulty level of Admin, i.e. any Linux system administrator can handle this, and the trust of something you built from sources is maximum. Using a Trusted Build (binary LiveCD .ISO), created by an organization, requires no skill or prior notice, and the trust for end-users is how much they trust the party who made the binary build. To make this easy and secure, Hacktivismo .tb was based on the popular Gentoo Linux distribution, since it can entirely be created from source with simple instructions, and because Gentoo supports many different CPU architectures in builds from scratch. As an extra bonus, a Gentoo-based build takes away maintenance and update costs away from Hacktivismo .tb itself, since any new Hacktivismo .tb build uses the very latest stable Gentoo and other Open-Source packages, and Gentoo is maintained by hundreds of contributors and always up-to-date, including dedicated handling for security alerts and updates. Easily built from scratch So, .tb comes also as a readymade bootable CD/System-Image for end-users with practically no prior technical knowledge. But the complete way of creating Hacktivismo .tb is based on a 5-stage copy-paste INSTALL script, and this will be done exclusively from common sources available from Gentoo servers, and a small Configuration Package (TBuilder/TBase) from Hacktivismo that customizes them to become .tb. To create it from scratch according to the INSTALL script, you just need a Linux account of your choice (on the same CPU architecture you want to create it for), about 36 hours of compilation, 2GByte free space and about 500 MBytes of installation traffic, and perparation time, 98% of which requires no interaction, just CPU, HD, and network resources. Current Packages And Features The size goal of Hacktivismo .tb is to stay under 600Mbytes, yet always be fully customizable and compilable from source (today, no other Live-CD Linux distribution can be hand-compiled or customized from scratch!). It right away boots into X11 with the simplistic Fluxbox window manager, and comes with: Browser - Firefox and Lynx Mail - Sylpheed-Claws Filesharing - MLDonkey (supports all popular filesharing protocols, w/ GUI) Crypto - GPG for PGP crypto (and the full Linux crypto API) Terminal/Modem - Minicom (and PPPD, PPPOED) Secure Chat - SILC and Naim Editors - vim, xpdf and ted (office-like rich-text-format editor) Also, Hacktivismo .tb contains a kudzu-based hardware auto-configuration system, and supports, detects and activates most common devices automatically. This includes automatically activating the network, if DHCP is available. For further required network-, system-, and media-mounting configuration, a streamlined, extremely easy to use, configuration GUI is planned for Hacktivismo .tb. A related essential TODO is, for whenever a storage medium such as a USB stick is available, to save the modified user information from the home directory such as browser settings, mail settings and emails, private keys, and personal files, securely encrypted on that external (e.g. USB) medium in a user-friendly dialogue. Common media and encryption are already supported. Crypto by default Our goal of maximum privacy includes, that every communication made through the system, is by default encrypted and/or anonymized. To achieve this, we currently build on the Onion Routing project (tor). A tor-proxy is run by default and interacts with privoxy for anonymized HTTP sessions and dante for anonymized SOCKS5 sessions through which all generic TCP applications are tunneled, while all HTTP/SOCKS5 traffic passes through the TOR node. In the GUI menu of the X environment, all applications by default will tunnel through TOR via HTTP or SOCKS5 (socksify) for anonymization. Nobody can figure out who you're talking to, or what you're actually saying when doing this. We chose TOR as an encrypted anonymizing and traffic remixing service over e.g. Freenet or Six/Four because it 1) has already deployed a reliable (test-) infrastructure, similar to the MixMaster remailers, and 2) works very reliably as a transparent tunnel without configuration overhead, 3) and even with NAT. NOTE: TOR may be functional, but is still under development. There is no real guarantee of its full anonymity/privacy features yet. The important key concept is that we tunnel traffic by default over an Anonymizing Infrastructure, and that this stands. We may wait for TOR to mature, or find a generic solution based on Freenet, Java AnonProxy, Ciphire, or a Six/Four successor. Tailormade for extreme scenarios When created fully according to the instructions, Hacktivismo .tb comes as an encrypted CD ISO image with only a small boot loader section in plain text. Everyone who creates a Hacktivismo .tb from scratch can chose his own passphrase. Thereforce, in countries where the sole posession of Hacktivismo .tb may be dangerous, far less can be proven: if one does not know the start-up passphrase, the Live CD will remain 99% unreadable. Hacktivismo .tb recognizes the need to be very stealthy. Since it is a Live-CD, the filesystem is mirrored in RAM, and changes and new data are only written to memory, never to disk. And, for example, the default REBOOT menu button will restart the system within at least the next 5 seconds when pressed, removing all compromising information from memory. A future goal is to start off that Live System not just by booting it as a CD, but by launching directly into the downloaded image from Windows. This could already be done simply by VMware, but we want it working in really all situations. We may download the CD image and a launcher application in a format that the 'debug.com' from Windows translates back into binary, in case that executable download is not permitted. The launcher, probably similar to the old-fashioned 'LoadLin' might read the image in memory and soft-restart the machine into the Hacktivismo .tb operating system. Our work regarding user protection in extreme scenarios is and will always be an ongoing effort, and we are always up to feedback and individual requirements and experiences in this area. Team Hacktivismo