Search Mailing List Archives
[liberationtech] Privacy in Ubuntu 12.10
parker at eff.org
Thu Nov 8 11:55:32 PST 2012
Thanks Douglas! I'm not exactly a neutral party, as I work with Micah at
EFF, but I want to second your opinion and thank Micah in particular for
his work on this issue. Back 18 months ago he was already explaining the
alternate installer and pushing for default inclusion:
So thanks Micah :-]
On 11/8/12 11:48 AM, Douglas Lucas wrote:
> I want to chime in here to thank EFF for encouraging Ubuntu to do this
> and encourage everyone who appreciates it to donate to EFF:
> https://supporters.eff.org/donate I'm sure many of us have had and
> continue to have the experience of wanting to nudge someone over from OS
> X or Windows to GNU/Linux and LUKS full disk encryption, but the process
> got roadblocked at some point because using the alternate installer to
> config the partitions and all for FDE was just too much of a hassle for
> parties involved. Now FDE is just a tickbox in the default installer.
> How cool is that? So again, donate!
> On 11/08/2012 01:34 PM, Micah Lee wrote:
>> On 11/08/2012 05:18 AM, Niels ten Oever wrote:
>>> Dear Micah,
>>> Small correction to your piece: Selecting full disk encryption in the
>>> installer GUI was already possible in Ubuntu 12.04.
>>> The explanation wasn't as clear as it is now though.
>> Before 12.10 the Ubuntu GUI installer only let you set up home directory
>> encryption using encryptfs, which is different than full disk
>> encryption. This option is still there in 12.10, and you can choose to
>> use it as well as full disk encryption if you want (I can't see how it
>> could help though).
>> With encryptfs home directory encryption, all of the individual files in
>> your home folder get stored encrypted on the disk, but a lot of data
>> about your files still gets leaked. The directory structure, file size,
>> timestamps, etc. don't get encrypted, only the contents of the files.
>> And it's also only your home directory that gets encrypted, not your
>> whole disk. So for example, if you have any mysql databases on your
>> computer, that data gets stored in /var/lib/mysql and therefore won't
>> get encrypted. When you're not encrypting your whole hard drive, "evil
>> maid" style attacks become much easier. If someone gets physical access
>> to your computer for just a couple minutes, they can boot to a live cd
>> and replace your /usr/bin/ssh or /usr/bin/gpg with malicious versions.
>> The full disk encryption that's offered in 12.10 uses luks and differs
>> in many ways from encryptfs home directory encryption. It creates full
>> encrypted file systems, which means that no meta data about the files on
>> your computer get leaked. The key that's used to unlock the luks
>> partitions are encrypted with a separate passphrase that isn't your user
>> password, and you have to enter this each time you boot your computer,
>> which is more secure since user passwords tend to not be long passphrases.
>> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Electronic Frontier Foundation
More information about the liberationtech