Tuesday, May 12, 2009

May 12, 2009 - Sparticus and ParanoidLinux

I recently happened onto a book called Little Brother, by Cory Doctorow, which inspired me to theorize a wee bit on Linux and its place in our future. The book is somewhat of a remake of George Orwell's 1984, but remixed for the modern day, and heavily focused on technology. Specifics about the book aside, there is a mention in the book of a new-age operating system (the main character's favorite): ParanoidLinux.

There's one pertinent quote in the book that describes the idea behind this distro:

"ParanoidLinux is an operating system that assumes that its operator is under assault from the government... and it does everything it can to keep your communications and documents a secret. It even throws up a bunch of "chaff" communications that are supposed to disguise the fact that you're doing anything covert. So while you're receiving a political message one character at a time, ParanoidLinux is pretending to surf the Web and fill in questionnaires and flirt in chat-rooms. Meanwhile, one in every five hundred characters you receive is your real message, a needle buried in a huge haystack."

Now, the idea may be a little outlandish, but I am thoroughly supportive of it. In fact, after reading the book, it occurred to me that I may not be the only person in that situation, and hence found the real ParanoidLinux project. (What's more: it's an Ubuntu derivative!!!)

I kept digging after I found out about this distro-in-the-making. Unfortunately, the project seems to be stagnating due to a lack of interest and a lack of developers. A search for ParanoidLinux returns copious amounts of forum posts discussing the idea, which is apparently taking a lot of heat.

The main issue universally had is possibly best characterized in an article I found on OStatic:

"[T]he project feels a like a waste of human resources -- why is it necessary to put the applications and services designed to protect anonymity, to encrypt files, to make the user nameless and faceless, all together, in one distribution? Let's think in a truly paranoid manner. Wouldn't it be far easier for a nefarious government organization to target that distribution's repositories, mirror that singular distribution's disk images with files of its own design, and leave every last one of that distribution's users in the great wide open? It would take more effort, it would seem, for a despotic goverment to hit every last repository of every last distribution with a bogus security application."

I support most anything that defends the privacy and civil liberties of the people, which is why I am so enamored with the project and so reverent towards the few developers working on it. But it occurs to me that ParanoidLinux would be, in and of itself, a veritable bullseye painted on the back of any paranoid, security-conscious user, such as myself.

The problem hearkens back to the tales of old: Sparticus. Any distribution of a distro that was inherently paranoid would have to be done on a massive scale. Among uniformed civilians, people wearing red stand out. But among people wearing red, nobody stands out.

It is this kind of solidarity that has been the vanguard of Linux development: Ubuntu has long been called the best distribution not for its technical prowess, but for its (massive) community of developers and the wealth of helpful information available to users.

With enough users, ParanoidLinux would make "paranoia" the norm; complacency might even become an outlyer.

The proud and the paranoid face a unique logistical problem then. ParanoidLinux would be almost impossible to ship in the necessary quantity to overwhelm mainstream computing. Though this distro may be doomed to fail, paranoid packages might work out instead. In place of the outwardly provocative idea of a devotedly paranoid distribution, an inwardly secure, but popular, distribution would bring the best of all worlds.

The quote from OStatic above really lays it all out. Paranoidbuntu packages would be able to fortify already Jaunty-riffic desktops. SneakyDebian repositories would bring such advantages to Debian users. "BlackHat" rpms for Fedora would help, too. The more the merrier!

The peak of security comes from invisibility. ParanoidLinux is too bold, and serves only the idea of a massive underground community. Normal users need to protect themselves as well, and cannot be bothered to wait for en masse distribution. "Plain-clothes" distros are the easiest to fortify, and the most difficult to subvert.

Fortunately, most of the technologies that would ship with ParanoidLinux are already in existence (and, more importantly, in the Synaptic repositories). Everything short of chaff net traffic is already at the disposal of the casual user.

Now we just have to teach people to use these great tools, and privacy starts to protect itself.

No comments:

Post a Comment