Project

General

Profile

Feature #5655

Share username and hostname amongst all anonymity distributions

Added by Tails over 6 years ago. Updated about 1 year ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03/17/2016
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

As suggested by adrelanos on Tails-dev - Let's share username, /etc/hostname and /etc/host among all anonymity distributions

  • username: user
  • /etc/hostname: host
  • /etc/hosts: 127.0.0.1 host.localdomain host

No convincing reason not to do this was provided, so we decided to do it.


Subtasks

Feature #11255: Adjust our documentation to the change of user nameConfirmedspriver


Related issues

Related to Tails - Feature #7061: Random hostname option needed on startup Rejected 04/11/2014
Related to Tails - Bug #7688: DHCP client leaks hostname "amnesia" Resolved 08/10/2014
Related to Tails - Feature #11256: Replace "Debian Live user" with a more descriptive full user name Resolved 03/17/2016
Related to Tails - Bug #15830: Use a username that makes more sense to our users Confirmed 08/21/2018

History

#1 Updated by intrigeri about 6 years ago

  • Starter set to No

#2 Updated by sajolida over 5 years ago

  • Related to Feature #7061: Random hostname option needed on startup added

#3 Updated by sajolida over 5 years ago

  • Subject changed from change username and hostname to Share username and hostname amongst all anonymity distributions

#4 Updated by boyska over 5 years ago

I agree with the general idea, but I have doubts about the specific {user,hostname,fqdn} choice: are they picked trying to imitate a widespread system? I think it should.

I'm assuming that those informations will be leaked (otherwise there would be no point in changing them), so it's better if it's not immediately associated to an "anonymity improving distribution".

If we assume that our network fingerprint is different from windows'one, we can't use windows default user and hostname.

IIRC, the default hostname on debian is "debian", so that could be a good hostname? Another one could be just "localhost" ([[https://superuser.com/questions/123698/networking-conflict-what-is-the-most-common-default-computer-name-for-windows#comment125753_123700|[default on redhat]])

#5 Updated by BitingBird over 5 years ago

  • Related to Bug #7688: DHCP client leaks hostname "amnesia" added

#6 Updated by intrigeri over 5 years ago

boyska wrote:

I'm assuming that those informations will be leaked (otherwise there would be no point in changing them), so it's better if it's not immediately associated to an "anonymity improving distribution".

Agreed.

IIRC, the default hostname on debian is "debian", so that could be a good hostname? Another one could be just "localhost" ([[https://superuser.com/questions/123698/networking-conflict-what-is-the-most-common-default-computer-name-for-windows#comment125753_123700|[default on redhat]])

I'm fine with either debian or localhost.

However, there's another possible strategy: using a random hostname (#7061), that was chosen for subgraph OS. It comes with its own problems, like offensive hostnames.

As often, we have to choose between:

  1. shared username+hostname: build a large anonymity set with all users of anonymity-oriented distros; better for anonymity, worse for hiding that you're using such a distro (but e.g. at Tails we're not really trying to hide that at the moment);
  2. random username+hostname: good for hiding that you're using an anonymity-oriented distro, but creates a per-user identifier, that can unfortunately help an attacker link activities with each other. In Tails, the identifier's lifetime would be one session only; in non-amnesic systems (e.g. Whonix), it should probably be the same, and then changed at every boot.

On the short term, moving to a shared username+hostname would clearly be an improvement over the current situation. On the long term, I'm personally not sure what's best.

#7 Updated by intrigeri over 5 years ago

Forwarded the discussion to tails-dev@, Cc'ing members of all anonymity-oriented distros we're working with. I'll sum it up here, better discuss over email to start with.

#8 Updated by u almost 5 years ago

As often, we have to choose between:

  1. shared username+hostname: build a large anonymity set with all users of anonymity-oriented distros; better for anonymity, worse for hiding that you're using such a distro (but e.g. at Tails we're not really trying to hide that at the moment);
  2. random username+hostname: good for hiding that you're using an anonymity-oriented distro, but creates a per-user identifier, that can unfortunately help an attacker link activities with each other. In Tails, the identifier's lifetime would be one session only; in non-amnesic systems (e.g. Whonix), it should probably be the same, and then changed at every boot.

On the short term, moving to a shared username+hostname would clearly be an improvement over the current situation. On the long term, I'm personally not sure what's best.

During the latest contributor meeting, we have again come to the conclusion that we'd rather have a shared username+hostname, and no random names and that we still want to have a shared name between all privacy distros.

People were in favour of "debian" as a hostname as this is the default for many live distributions and also the default Debian installation hostname.

#9 Updated by sajolida about 4 years ago

  • Target version deleted (Hardening_M1)

#10 Updated by intrigeri almost 4 years ago

Same topic on the Subgraph OS front: https://github.com/subgraph/subgraph-os-issues/issues/26

During the latest contributor meeting, we have again come to the conclusion that we'd rather have a shared username+hostname, and no random names and that we still want to have a shared name between all privacy distros.

FTR, https://tails.boum.org/contribute/meetings/201412/#index2h1 explains why.

#11 Updated by intrigeri almost 4 years ago

  • Assignee set to intrigeri
  • QA Check set to Info Needed

I've summed up the process and current state on https://mailman.boum.org/pipermail/tails-dev/2016-February/010194.html.

Next step is to decide between "host" (as agreed initially) and "debian" (as preferred in this 201412 meeting) hostname. I've asked Whonix what they do currently, my goal here is to turn this ticket into something actionable.

#12 Updated by u almost 4 years ago

intrigeri wrote:

I've summed up the process and current state on https://mailman.boum.org/pipermail/tails-dev/2016-February/010194.html.

Next step is to decide between "host" (as agreed initially) and "debian" (as preferred in this 201412 meeting) hostname. I've asked Whonix what they do currently, my goal here is to turn this ticket into something actionable.

Great idea. I now think that at that point in time we did not really think about OSs which are not Debian based, so "debian" as a host name seems a bit too restrictive to me after all and I'd now vouch for "host".

#13 Updated by intrigeri over 3 years ago

  • Description updated (diff)
  • QA Check deleted (Info Needed)

Patrick replied that they use "user" / "host". Their implementation lives in https://github.com/Whonix/anon-base-files.

#14 Updated by intrigeri over 3 years ago

  • Assignee deleted (intrigeri)

#15 Updated by intrigeri over 3 years ago

  • Related to Feature #11256: Replace "Debian Live user" with a more descriptive full user name added

#16 Updated by u almost 2 years ago

  • Blocks Feature #11255: Adjust our documentation to the change of user name added

#17 Updated by u almost 2 years ago

  • Blocks deleted (Feature #11255: Adjust our documentation to the change of user name)

#18 Updated by u over 1 year ago

It seems this ticket is sort of actionable. We should confirm this again though before implementing it. The cost/benefit ratio might be kind of low though.

#19 Updated by sajolida about 1 year ago

Seeing that the other distributions who would go on this boat with us have user bases that are orders of magnitude smaller than the Tails user base, I'd like to be careful to not choose something that ends up being more confusing to our users. See #15830.

#20 Updated by sajolida about 1 year ago

  • Related to Bug #15830: Use a username that makes more sense to our users added

Also available in: Atom PDF