Tails removed .iso download links from their site because they thought their users were too stupid to verify a gpg signature.
They replaced it with a browser extension that downloads it and does the verification for you (It tests a SHA256 hash of the binary which it downloads from the browser extension authors site instead of doing a gpg web of trust verification).
The author of the extension itself is Giorgio Maone who "is sorry for inserting obfuscated malware into NoScript, which let ads/scripts pass through tens of thousands of its users filters" and promises he wont do it again: https://archive.is/HFYjp https://adblockplus.org/blog/attention-noscript-users
Why is tails punishing its users (just because some people didn't bother to check a gpg sig)? Why did they hire such an untrustworthy person for the job?
Why are they encouraging users to allow them code execution instead of just providing the .iso as a normal link? The alternative is to download it with bittorrent which exposes your IP to the swarm.
UPDATE: there is a massive issue with tails mirrors. see https://paste.debian.net/hidden/7270090c
What's the point of having the extension? If the checksum of the iso is to make sure the download was not backdoored, couldn't the extension also be backdoored to accept fake checksums?
>>53859985
We clearly need an extension to download and verify the extension.
>>53860004
But who will verify that extension?
>>53860004
>We clearly need an extension to download and verify the extension.
hahahahaha holy shit
give this man a medal
>>53860019
Who verifies NoScript, which comes default with Tails?
>>53860039
Just be a good goy and don't ask questions. He's sorry for inserting malware into it before and totally wont do it again!
>>53860039
The extension, of course. It verifies all of Tails!
>>53860057
Why are you trying to download Tails then, if it comes with NoScript? Why bitch about downloader extention rather than the NoScript itself?
>>53860090
They're both by the same author.
The same guy who inserted an obfuscated piece of code to allow certain scripts through NoScript is the author of the tails verification plugin.
The plugin pings his personal site (does he log this traffic?) every time you download tails with it.
It asks for a SHA256 checksum instead of verifying the gpg signature.
Directly answer your question: I do not use tails, after learning this I will certainly not use it.
>>53860141
So there is no point to bitch about the downloader extension. Either you trust him and the tails (do they log traffic?) both or none, which was always the case.
>>53860195
I don't understand your logic?
>things are terrible so be quiet and don't tell anyone
>>53859900
If you're not stupid you can use the torrent
>>53860836
There is nothing to not understand. Nothing changed about Tails, because NoScript author has been with them from day one. This thread about downloader extention making Tails controversial is pointless.
>>53860852
+ Tails is for anonymity.
- Everyone in the swarm can see your IP.
Please resolve this conflict?
You are aware that copyright trolls lurk on torrents of movies and such to send letters to ISPs? Nothing is stopping FBI/NSA doing the same on a tails torrent.
>>53860891
>- Everyone in the swarm can see your IP.
I have a piece of news for you, if you use the internet someone somewhere can see your IP
>>53860891
>Nothing is stopping FBI/NSA doing the same on a tails torrent.
And this is why you force TLS and use public locations
So much faggotry. Just download the crap you want and be done with it.
>>53860891
Setup a tor proxy and use that for torrenting?
>>53860938
>I have a piece of news for you, if you use the internet someone somewhere can see your IP
>And this is why you force TLS and use public locations
You're not knowledgeable enough about this to comment. Stop acting like a know-it-all.
>>53861027
>use tor to download tails
this is a good idea. there are some problems but yeah.
>>53859900
If you don't like it, download whonix or qubes and fuck off.
>>53861049
you seem to be the one not knowledgeable enough otherwise you wouldn't be saying using torrent+tor is a good idea
>>53861650
Yeah tor+torrenting isn't good. Really depends on the client. Do tails seeders use anomos? Might be worth it.
LEENOX AMS SEKUUR AMIRITE
>>53861741
>anomos
>Please Note: Anomos is an experimental anonymity protocol. It has not yet undergone the serious peer-review necessary to consider it safe for general use. Do not rely on it for strong anonymity.
https://www.helpnetsecurity.com/2015/07/01/researchers-point-out-the-holes-in-noscripts-default-whitelist/
oops! by complete accident he left a bugdoor in the code that allowed whitelisting scripts and flashes that shouldn't have been.
>>53862278
What do you recommend then
>>53859985
>>53860004
This is literally where this stupid ass shit is going.
>>53862706
a library
Wait. I shouldn't be using no script anymore? I've been using it with Abp+RP for like 2-4 years :|
>>53862751
kys
>>53865110
ublock origin
