[liberationtech] Chromebooks for Risky Situations?

Nadim Kobeissi nadim at nadim.cc
Thu Feb 7 13:46:24 PST 2013 

On Thu, Feb 7, 2013 at 3:06 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:

>
> This is a new (to me) feature; thanks for pointing it out. I'm glad to
> see it finally landed and is in production. Would someone with a
> ChromeOS device test the VPN to see if it leaks the way that we
> described in our vpwned[0] paper?
>

Ah, no problem. It's actually been a feature since August 2011.
I do have a Chromebook and will test out the VPN and monitor traffic if I
have time this weekend.


>
> It should be rather straight forward to see if it leaks with trivial
> tests. Killing the VPN to see if it fails open should also be straight
> forward. I would be pleasantly surprised if they were not vulnerable to
> either of those issues. I asked a ChromeOS security person their
> thoughts on the matter and passed them our paper; we'll see what they say.
>
> All the best,
> Jake
>
> [0]
> https://www.usenix.org/system/files/conference/foci12/foci12-final8.pdf
>
> >>
> >>
> >
> >>>
> >>>
> >>>
> >>> On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi <nadim at nadim.cc>
> wrote:
> >>>
> >>>> The biggest (and very important) difference between Linux and
> >> Chromebooks
> >>>> is the hugely smaller attack surface.
> >>>>
> >>>>
> >>>> NK
> >>>>
> >>>>
> >>>> On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley <
> brianc at smallworldnews.tv
> >>> wrote:
> >>>>
> >>>>> Andreas,
> >>>>>
> >>>>> Plenty of Syrians do have internet access, and use it on a regular
> >> basis.
> >>>>>
> >>>>> Also, lack of appropriateness for one use-case doesn't necessitate
> lack
> >>>>> of appropriateness across the board.
> >>>>>
> >>>>> Linux is a great solution for many use cases, but as has been
> >> elaborated,
> >>>>> quite a terrible one for many others.
> >>>>>
> >>>>> Brian
> >>>>>
> >>>>>
> >>>>> On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader <
> noergelpizza at hotmail.de
> >>> wrote:
> >>>>>
> >>>>>> On 02/06/2013 04:24 PM, Tom Ritter wrote:
> >>>>>>> Nadim, I'm with you.  I'm not sure it's the perfect solution for
> >>>>>>> everyone, but like Nathan said, if you already trust Google, I
> think
> >>>>>>> it's a good option.
> >>>>>>>
> >>>>>>> On 6 February 2013 07:12, Andreas Bader <noergelpizza at hotmail.de>
> >>>>>> wrote:
> >>>>>>>> Why don't you use an old thinkpad or something with Linux, you
> have
> >>>>>> the
> >>>>>>>> same price like a Chromebook but more control over the system. And
> >> you
> >>>>>>>> don't depend on the 3G and Wifi net.
> >>>>>>> We started with the notion of Linux, and we were attracted to
> >>>>>>> Chromebooks for a bunch of reasons.  Going back to Linux loses all
> >> the
> >>>>>>> things we were attracted to.
> >>>>>>>
> >>>>>>> - ChromeOS's attack surface is infinitely smaller than with Linux
> >>>>>>> - The architecture of ChromeOS is different from Linux - process
> >>>>>>> separation through SOP, as opposed to no process separation at all
> >>>>>>> - ChromeOS was *designed* to have you logout, and hand the device
> >> over
> >>>>>>> to someone else to login, and get no access to your stuff.  Extreme
> >>>>>>> Hardware attacks aside, it works pretty well.
> >>>>>>> - ChromeOS's update mechanism is automatic, transparent, and
> >> basically
> >>>>>>> foolproof.  Having bricked Ubuntu and Gentoo systems, the same is
> not
> >>>>>>> true of Linux.
> >>>>>>> - Verified Boot, automatic FDE, tamper-resistant hardware
> >>>>>>>
> >>>>>>> Something I'm curious about is, if any less-popular device became
> >>>>>>> popular amoung the activist community - would the government view
> is
> >>>>>>> as an indicator of interest?  Just like they block Tor, would they
> >>>>>>> block Chromebooks?  It'd have to get pretty darn popular first
> >> though.
> >>>>>>>
> >>>>>>> -tom
> >>>>>>> --
> >>>>>>>
> >>>>>> But you can't use it for political activists e.g. in Syria because
> of
> >>>>>> its dependence on the internet connection. This fact is
> authoritative.
> >>>>>> For Europe and USA and so on it might be a good solution.
> >>>>>> --
> >>>>>> Unsubscribe, change to digest, or change password at:
> >>>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>>
> >>>>>
> >>>>>
> >>>>> Brian Conley
> >>>>>
> >>>>> Director, Small World News
> >>>>>
> >>>>> http://smallworldnews.tv
> >>>>>
> >>>>> m: 646.285.2046
> >>>>>
> >>>>> Skype: brianjoelconley
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Unsubscribe, change to digest, or change password at:
> >>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >>>>>
> >>>>
> >>>>
> >>>> --
> >>>> Unsubscribe, change to digest, or change password at:
> >>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Unsubscribe, change to digest, or change password at:
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >>>
> >>
> >> --
> >> Unsubscribe, change to digest, or change password at:
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >>
> >
> >
> >
> > --
> > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130207/aafecf03/attachment.html>

More information about the liberationtech mailing list