ISXubuntu is a project of ISOC-NY to create a Linux live CD, based on Ubuntu Linux, which has been optimized for security and privacy while online. The global Internet Society has provided a grant to cover development costs and so that a number of CD's may be distributed free of charge.
ISXubuntu will feature anonymous web browsing using Tor, ad blocking with Privoxy, encrypted email with Enigmail, encrypted instant messaging with OTR and the ability to store a personal home directory and other configuration settings on an encrypted USB flash drive.
Project Status - June 2008
- Permalink established: http://isoc-ny.org/ISXUbuntu
- A CVS has been initiated: http://www.isoc-ny.org/cvs/
- An early alpha version without documentation, based on Ubuntu 7.10 can now be downloaded: http://isoc-ny.org/xubuntu-7.10-desktop-i386-custom_CD.iso
- Joseph Shraibman & Alicia Gibb joined the project
Volunteers are needed to help with project.
The project involves bundling and configuring existing software and then testing everything to make sure it works. Skills required to assist with the project include solid familiarity with the Linux/Unix environment and package management tools, and shell scripting with bash. Other scripting languages such as Perl, Python or Ruby would also be helpful.
If you'd like to help with the project you can subscribe to the mailing list: http://lists.isoc-ny.org/listinfo.cgi/isxubuntu-isoc-ny.org h
- Existing documentation should be developed into a functioning script that allows further customization and a complete build of a new .iso file.
- Boot time is still too slow on older hardware. This may have to do with the X Window autoconfig.
- Permanently installing the OS to a hard drive doesn't provide the same features and configuration as booting from the CD.
- Currently OpenDNS is used to prevent DNS spoofing. When you attempt to go to a URL that doesn't exist you are redirected to a page of theirs. Disabling this requires setting up a free account with OpenDNS and having a static IP - or a domain name and registering with DynDNS. We need to discuss this further.
- AbiWord - the preferred word processor because it's smaller - does not have a redaction feature. If a user is not careful and gives a file to someone else, it's possible to retrieve all deleted material by hitting "undo".
- Develop a security auditing procedure which includes penetration testing with Nessus and checking file permissions. I've done this but a standard procedure needs to included in the build process.
- What else?
- A number of the apps and Mozilla extensions which add the security and privacy features are not signed - this is a developer issue but we should look into it. If we had a lot of resources (like time and money) we could develop our own secure ports of everything we were concerned about the way OpenBSD does.
- Tor is still blocked by some firewalls (such as the NYU campus firewall). How to get around this?
- Email (Enigmail for Thunderbird) and IM (OTR for Pidgin) encryption is installed but not tested
- On-screen keyboard to block hardware keystroke loggers. Is this enough - what else can be done'?
- Apps and OS have been updated recently but Firefox and Thunderbird extensions have not been. Command line installation of Mozilla extensions has been broken in Ubuntu for as long as I've been working on this project so this needs to be done within a running system -- a major nuisance. I'll detail the solutions I've found when I expand this
- Scripts for encrypted home directory on a flash drive need work
- Combine scripts to create filesystem, mount and unmount encrypted drive
- Menu to choose device - currently the first mounted flash drive is used.
- Switch from mcrypt to TrueCrypt and add hidden filesystem
- Review licensing and copyright issues for all software and documentation
- Need artwork including logo, splash screens and CD/DVD label
- Privoxy doesn't block all ads - beyond the actual ad blocking it's necessary to block tracking of a users web activity through DNS requests.
- Check out Free Access Plus (not currently installed) which circumvents state censorship of popular websites
- Similar projects - most don't seem active at this time - we should check them out and see what features we can appropriate
- AnonymOS and Olive OpenBSD - live CD versions of OpenBSD - not active
- ParanoidLinux - a project that's still in the discussion stage
- Rubberhose - a steganographic filesystem, not an OS but some interesting concepts we could consider
- Incognito - very similar but based on KDE - farther along but a new developer took over at the beginning of the year then seems to have dropped the ball
- Mozilla Weave - active but in a very early stage of development. Additional privacy and security for Web 2.0 apps
- Knoppix-3.2 MiB-11b Privacy Edition - if this were an active project ISXubuntu wouldn't be necessary - but it's not
Project Status - December 2007
- Name of Project: Develop security and privacy documentation bundled with software optimized for online security and privacy for end users
- Amount of funds awarded: $10000
- Amount received to date:$3000 - Additional funds for the purchase of a server have not been necessary as one has been obtained for free
- Project Manager: David Solomonoff
- Brief description of project: Develop a bootable Linux CD with privacy-enhancing software preinstalled.
- Progress to date: Produced working prototype, a bootable Linux CD with Tor and other privacy-enhancing software installed. The prototype used Ubuntu Linux version 6.06. Currently working on a new version using Ubuntu 7.10.
- Lessons learned: The original proposal was written very quickly without enough research to determine: a) The technical difficulty of completing the project. Because little or no new software was being developed it seemed much easier than it proved to be. b) Identifying which distribution of Linux to use and then identifying all components to be added. Several other Linux distributions were tried before choosing Ubuntu.
- Issues to overcome: One of the the two project leaders ceased all activity in the organization soon after the grant was received due to personal issues. Since the project manager is also President of the Chapter he has limited time to spend on the project. Additionally, documentation for customizing Ubuntu to the extent we wanted was hard to come by at the time. It has become easier more recently.
- Benefits of the project: Few nontechnical computer users grasp basic online security and privacy issues, particularly problems when used public Wi-Fi hotspots or public computers in places such as libraries. Some of the software to enhance privacy and security is difficult to find and install.
- Anticipated conclusion date: The next version will be completed at the beginning of the new year. It is hoped that additional developers will be recruited. It is seen as an ongoing project and further sources of funding will be possibly be found.
- Anticipated impact in the internet community: Many additional privacy and security issues are created with the use of Web 2.0 services. The goal is for this project to evolve into a complete Linux distribution that addresses those issues on an ongoing basis.