Project

General

Profile

Bug #15767

Inserting encrypted USB drive does not prompt for decryption

Added by huertanix about 1 year ago. Updated 9 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
08/06/2018
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

While training journalists on using Tails and transferring documents offline between Tails workstations with LUKS-encrypted USB drives, journalists assume something went wrong / didn't work when they insert a working encrypted USB drive and no notification or prompt appears.

A side note: Even once I point out the drive on the Nautilus side bar, trainees almost always assume that the eject symbol is what they need to click in order to decrypt+mount, because that is the only thing resembling something clickable next to the drive name. They end up ejecting it instead and then have to start over by re-inserting the drive. It would be great to bypass having to deal with Nautilus and the confusion it causes.

UX recommendations:

  • Show a prompt to decrypt+mount a drive immediately when it is inserted. Once the drive has been decrypted and mounted, open a Nautilus window showing the contents of the now-decrypted drive. Other Gnome-centric distros (Kali Linux) show a prompt once a drive is inserted to enter a decryption passphrase and mount the drive, not sure if this is a Gnome setting or something they custom-made, but Kali is FOSS and sharing is caring:
  • Create a shortcut for each USB drive inserted, on the desktop, as macOS does, for example.

Related issues

Related to Tails - Feature #15628: Consider re-enabling automounting to improve VeraCrypt UX Resolved 05/30/2018
Related to Tails - Feature #5314: wheezy: dont automount external storage devices Resolved
Related to Tails - Feature #14544: Spend software developer time on smallish UX improvements In Progress 08/31/2018
Related to Tails - Feature #9569: Research available protections against rogue USB devices Confirmed 06/13/2015
Blocked by Tails - Feature #15900: Consider mounting external drives automatically (enable automount) Confirmed 09/02/2018

History

#1 Updated by taowa about 1 year ago

I'd be inclined to keep this behaviour. tails.boum.org states that "[Tails] aims at preserving your privacy and anonymity, and helps you to: [...] leave no trace on the computer you are using unless you ask it explicitly."

While mounting a USB key that's plugged in isn't technically leaving a trace on the computer, it might still be detectable to someone who analyzes the USB key. Because of this, I think that waiting until a user explicitly asks that the drive be mounted (by clicking on it in Nautilus) is good.

#2 Updated by u about 1 year ago

  • Related to Feature #15628: Consider re-enabling automounting to improve VeraCrypt UX added

#3 Updated by u about 1 year ago

  • Related to Feature #5314: wheezy: dont automount external storage devices added

#4 Updated by u about 1 year ago

I agree with both reasonings: yes, this is unexpected behavior when you first use Tails. And yes, it's about privacy and was deactivated by default in #5314.

I'll leave this ticket open for some more comments.

#5 Updated by mercedes508 about 1 year ago

  • Status changed from New to Confirmed
  • Assignee set to sajolida

#6 Updated by mercedes508 about 1 year ago

  • Status changed from Confirmed to New

#7 Updated by sajolida about 1 year ago

  • Status changed from New to Confirmed
  • Assignee changed from sajolida to intrigeri
  • QA Check set to Info Needed

Thanks huertanix for bringing more input in this problem! We discussed this recently while working on VeraCrypt, see #15628.

I agree with you and the usability/security trade-off is really not that clear to me here.

I also understand from your report that if people have a hard time opening an encrypted USB stick, they would similarly have a hard time opening an unencrypted USB stick (because the feedback and workflow is the same until you get to the password prompt).

Regarding your proposed solutions:

  • A. Show a prompt to decrypt+mount a drive immediately when it is inserted. That's the default behavior in GNOME and we disabled it, see #15628#note-1.
  • B. Create a shortcut for each USB drive.

Other ideas:

  • C. Display a notification offering to mount the USB drive. Like GNOME has for when the USB drive is mounted.

To me this issue looks like #15678 where we eroded a bit the usability of the core of the OS in the name of security without investigating the real consequences or having a real plan on how to get this lost usability back.

intrigeri: If you think this fits in the FT triaging work, I'd like some insight on how hard it would be to implement B or C.

#8 Updated by intrigeri about 1 year ago

  • Assignee changed from intrigeri to segfault

I think segfault knows this sort of things better than me. segfault, can you please take a look and answer sajolida's question (not more than 30 min) as part of your FT work? TIA!

#9 Updated by sajolida about 1 year ago

  • Related to Feature #15900: Consider mounting external drives automatically (enable automount) added

#10 Updated by sajolida about 1 year ago

  • Related to Feature #14544: Spend software developer time on smallish UX improvements added

#11 Updated by segfault about 1 year ago

B. Create a shortcut for each USB drive.

Where should this shortcut be and what should it do?

C. Display a notification offering to mount the USB drive. Like GNOME has for when the USB drive is mounted.

Seems doable to me. We could use signals from UDisks or GVolumeMonitor for this. Could probably reuse some code from VeraCrypt Mounter Unlock VeraCrypt Volumes. Shouldn't take more than a few hours.

#12 Updated by segfault about 1 year ago

  • Assignee changed from segfault to sajolida

#13 Updated by intrigeri about 1 year ago

B. Create a shortcut for each USB drive.

Where should this shortcut be and what should it do?

FTR the future of desktop icons is uncertain and we already have a tentative agreement to drop some of them whenever they become too problematic to maintain, so let's not make decisions that imply relying more on these icons. Now, if we're talking about shortcuts in the Places menu, fine :)

#14 Updated by intrigeri about 1 year ago

  • Related to deleted (Feature #15900: Consider mounting external drives automatically (enable automount))

#15 Updated by intrigeri about 1 year ago

  • Blocked by Feature #15900: Consider mounting external drives automatically (enable automount) added

#16 Updated by intrigeri about 1 year ago

IMO we should make a decision on #15900 before spending too much time here based on the assumption that we won't re-enable automount.

#17 Updated by sajolida 9 months ago

  • Related to Feature #9569: Research available protections against rogue USB devices added

#18 Updated by intrigeri 9 months ago

#19 Updated by sajolida 9 months ago

  • Assignee deleted (sajolida)

#20 Updated by sajolida 9 months ago

  • QA Check deleted (Info Needed)

Also available in: Atom PDF