thats sweet as hell, i know i wanna get a copy of that when it comes out! little brother is the best :)

so how many "front doors", "vestibules" and "antechambers" have you set up to sort and sanitize your contributors?

the link isn't working.

Yay!

sweet is right.

Extend SELinux and make it useable on an encrypted thumbdrive.

Is this going to be based on Incogneto? I've been wanting a version of that that I could install on my hdd instead of having to run it from a usb stick...

There's a typo in the tag. Here's the link:
http://paranoidlinux.org/

Geez Cory, most writers just get fanfics! You get a fan operating system!

That is incredibly cool.

(So is the book so far!)

I'm in, naturally.

Well. I don't want to rain on the parade, but there is an inherent problem with making a system "absolutely" anonymous and secure. The more security measures you take, the more unusable your system becomes. Freenet project is a good illustration of this principle, being one of the most secure anonymous networks around, but at the time being slow close to unusability due to the overhead. Yes, catch open wireless, switch between access points every few seconds, use anonymizers like TOR and high grade encryption and now you have nearly untraceable, extremely secure and completely unusable connection.

Pretty cool, but so far I'm not convinced the government is spying on me. However, I'd be down with an OS that keeps my ISP from doing stupid things like sniffing packets, traffic shaping and the like.

The idea of performing sensitive communications "low and slow" to avoid detection amongst a lot of noise has one big flaw:

Machines are very very good at spotting that kind of thing. Except for signatures, flow patterns are the easiest way to spot traffic.

One in every 500 bytes means nothing when those bytes are each in their own packets, all from sources either more random or less random sources than the noise traffic. If it's every 500 bytes, that recognizable period alone gives it away.

You can't reliably send raw bytes over the wire (no packet encapsulation) or in the middle of other packets (you'll get bad checksums, and how do you route them to the real destination?)

I guess you could somehow mix it with the noise higher up than the transport layer, but to get it to the right place, you'd need to send it all to a proxy or network that would separate it out. Those resources could be easily recognized and watched.

@tommy: to expound on that, the tag has a typo: .

ok, so it won't let me post open and close tags. Anyway it says ghref, rather than href.

Just what we need, more chatroom bots... I wonder how long it would take your oppressive government to download "Paranoid Linux," make note of its own distinctive signatures - like predictable chatroom bot behavior.

enochrewt - just use TOR and encrypted bittorrent. If your ISP can't analyze the content, they can't filter based on it. All they can do is filter based on well known ports/IPs, and TOR/BT randomizes those.

In fact, using TOR to the BT tracker and BT encryption to the peers is pretty soild.

Great, now where can I score a free XBox universal?

p.s. Thanks C.D. for the enjoyable and clearly inspiring, even visionary book. Best one I have read in quite some time.

Don't forget Tinfoil Hat Linux!

R F I D
Please examine yourself for blown riffids
where the wire is blown from cover
by fields of scanner
faint odor of circuit board potting
wafts from the bands of overheated undies
by a strength of what you cannot see
and will not be told
the secret scanner
wire that owns you, your passport to unitary identity
popped like a kernel and sopping up spice
'would you like a little butter on your ass swab?'
'bend over to pass through the gate'
blown by puffs
nudged by morning headline suggests what you say
and you say it certainly, strung on a wire
filament of fidelity, surge of success
belief of assertion assertion of belief

please examine yourself for blown riffids
no, really, pat yourself down, in place,
ask your neighbor to pat you down
it's a pleasure among the community of patsies
feel for the little snags of wire, that itchy spot
inflamed like an ingrown hair
opaque like the wire through new mint money
Do Not – put your friends in the microwave oven

This is great news! Now combine this idea with the recently mentioned EE-Linux (for micro laptops w/ the Atom CPU), and heavily encrypt every single packet, whether it's IM, VOIP, or HTTP requests. Every single packet has to be encrypted, and the path and end-points have to be randomized, on a random schedule, similar to TOR.

I would love to see this become a global, FOSS project, such that we can get the best and brightest working on it. This is no trivial or optional goal, either - we're almost to the point where every single thing we do, when "touching the Matrix", is analysed.

Switzerland just announced that they'll be inspecting every single packet that passes through their switches. We don't have an hour to waste on this idea!

+1 to #11. I strongly suggest that the ParanoidLinux maintainers get deeply, intimately familiar with how traffic analysis works. This presentation from last year's Black Hat Briefings is a good start -- the panel included Jon Callas of PGP and Nick Mathewson from Tor, and they know what the hell they're talking about. George Danezis' "Introducing Traffic Analysis", mentioned in the presentation, should be required reading for everyone on the Paranoid Linux project.

Great, I thought it was real, I spent a long time looking on the web for it and didn't find a thing.

Anonym.OS is more or less doing it already:)

http://sourceforge.net/projects/anonym-os/

Interesting initiative, but it's not going to be much good to, for example, a Chinese dissident. The Chinese government doesn't need an awful lot of "evidence" to get you arrested and possibly convicted; the sheer fact that you're using or even downloading specific software is enough.

And then, they don't even need a legal conviction to get you fired and harrassed.

@#20
Unfortunately, it looks like Anonym.OS is a dead project, and with outdated configs which prevent one from connecting to the Internets.

I'm so happy this has taken off. I too, went and Googled paranoidlinux when i was reading the book.

Allright, so now the only piece of actual "science fiction" left in the book is the dot-com-onomic Xbox Ultimate. We just need to convince Microsoft that loss-leading is all the same no mater how much or little you ask the customers to pay.

This sounds reminiscent of Tinfoi Hat Linux which is inspired by the Cryptonomicon novel from Neal Stephenson. At least for the parts about morse-blinking the scroll lock LED and the TEMPEST prevention thing.

http://tinfoilhat.shmoo.com/

@#5 -- what for?

incognito, a LiveCD/USB distro that has tor, mixminion, GPG, etc. is worth a look.

jaromil's dyne:bolic is worth a look, too:
http://en.wikipedia.org/wiki/Dyne:bolic

remember his geeky presentation at ars electronica 2007 (http://i.document.m05.de/wp-content/uploads/2007/09/ars_jaromil.jpg)

I'm waiting for MovedToMontanaGrowMyOwnRabbitsAndVegetablesLinux

"I might be movin' to Montana soon
Just to raise me up a crop of Dental Floss Raisin' it up
Waxen it down
In a little white box
I can sell uptown
By myself I wouldn't
Have no boss,
But I'd be raisin' my lonely Dental Floss"

The primary reason police pull off the road in Montana?
Loneliness.

main problem with ParanoidLinux is starting with Linux.

Looks like http://www.antiphorm.com/index.htm. Anyway, instead of creating yet another linux distro why not create a program that can be installed in *any* distro?

Well, tinfoil hat linux has been mentioned, anonym.os, and whatever dyne:bolic is. But nobody mentioned ELE:

http://www.northernsecurity.net/download/ele/

I will DEFIANTLY get this when it comes out (free please!)