In a reply to a request for AppArmor.d support in Tails, a dev wrote:
This does not match the current priorities of our team, and I’m not convinced it would be the best way forward if/when we decide to spend serious time on security hardening
In light of this, I think a secureblue based Tails alternative could prove to be more necessary than previously assumed
Wow, I wonder what their reasoning is for not wanting to spend time on security hardening. Kinda makes me wonder about the tor browser now also.
Current priorities favor privacy preserving data collection over security hardening
All this makes Debian one of the Free Software projects under the most scrutiny by security researchers. Tails - How can I trust Tails?
If they meant “under the most criticism”, then that would be correct
Your secure computer anywhere
Tails is safer than any regular operating system Tails - Warnings: Tails is safe but not magic!
We are actively working on improving AppArmor support in Tails Tails - Frequently asked questions
Top security for free
Tails - How Tails works
Going back to the Tails.net website, I’m realizing they plaster the word “secure” everywhere, as if using Tails is by default more secure than Windows or MacOS. Yes, in certain scenarios it can be more secure, but I doubt it is true overall.
It’s true as far as its threat model goes, ie anti-forensics.
This.
The anti-forensics threat model is vastly different from a security-focused distro like Secureblue.
Tails won’t make a great daily driver, hence why it is amnesiac. Even if you get malware, you always have the option of pulling the USB stick. Whether apparmor.d should be a priority for the developers relies on whether that is needed by most Tails users.
Ironically, I think more security or hardening concerns should focused on Whonix and Qubes as people are likely to use it for daily tasks.
I guess you’re right, and I admit my last reply got a bit out of hand. However, I feel like replacing “secure” with another word like “sanitary” would be just as accurate, and not as confusing
Anti-forensics is not the only goal of Tails, it clearly advertises itself as an anonymity “everything over tor” toolkit, and I think security hardening (including sandboxing) should be a top priority to prevent exposing the users IP address.
Also, even if the only thing you expected from tails was anti-forensics, you would probably use your tails USB more than once and sandboxing would likely make it harder from persistent malware to infect you as Tails’ amnestic features have been broken before.
Theoretically there are still ways which could be used to get persistence. But even without persistence, there is the risk of exposing data which could help with deanonymization.
Fair enough! You made a great point. I’m mostly postulating on what the devs might think what is necessary to make that decision