The goal of Ubuntu Privacy Remix is to provide an isolated working environment where sensitive data can be dealt with safely. The system installed on the computer running UPR remains untouched, UPR is not intended for permanent installation on hard disk. Instead of that Ubuntu Privacy Remix runs from a modified Live-CD based on Ubuntu Linux. All user data reside exclusively on encrypted removable media.
Ubuntu Privacy Remix is a tool to protect your data against unsolicited access. The
risk of theft of such private data arises not only from "conventional"
criminals, trojans. rootkits, keyloggers etc. At least since Edward Snowden it's a matter of common knowledge, that also
measures are taken by governments and intelligence agencies aiming at spying and monitoring
But I am already encrypting my data...
encryption is of course one of the most important measures to protect
your data. Ubuntu Privacy Remix contains the well-known cryptographis
software TrueCrypt and GnuPG. But the security of encryption relies not
only on the security of the used software.
Trojans, Rootkits, Keyloggers can lower or even circumvent the security of cryptographic software.
base idea is to relocate working with private data into a secure
working environment, strictly apart from everything else you do with
your computer (surf the web, chat, games, ...)."
For example software like Microsoft Office or Google Desktop, which can create an unencrypted copy of the data on hard disk when opening files from an encrypted TrueCrypt-Volume.
a trojan horse waits for you to open a TrueCrypt-Container, mailing your
sensitive files to someone else at the next opportuinity.
malicious software logs your keystrokes, including the passphrase
for your secret GPG-Key, and mails it along with the key to some
unknown attacker. He could then read all your past and future
Mails he gets his hands on.
Security is a system
examples show that security means the security of the whole working
environment, and that security can never be provided by one program
alone. Editing, de- and encryption of sensitive data should therefore
be done with a system that
- never has or had contact to untrustworthy networks like the internet
- cannot leave data unencrypted on the hard drive, not even unnoticed or by accident
- offers no opportunity to spyware to permanently install onto the system
Ubuntu Privacy Remix creates such a working environment on any PC with the following measures:
- the system resides on a non-writable CD, i.e. it is in the original state after every reboot and cannot be modified afterwards. Spyware and other mailicious software cannot be installed permanently. All alterable user data reside on encrypted removable media like USB flash drives.
- The system kernel is modified so that it ignores any network hardware. UPR therefore is an isolated system which can not be attacked via LAN/WLAN/Bleutooth/Infrared etc.
- UPR mounts removable media and TrueCrypt volumes
with the 'noexec' option. This prevents executing malicious programs that were imported accidentally into the UPR-System via removable media. Therewith it is secured, that the running UPR-System can not be infected this way.
- The system is based on free software which can be verified in source code.
- The system completely ignores any local hard disks. Neither can
they be used by malicious software to save sensitive data outside the encrypted removable media - unencrypted and unnoticed for later attacks - , nor could this happen
accidentally by the users inattention. Malicious software can also not
be loaded from already compromised hard disks into UPR.
- To ease working with a non-modifiable system, UPR introduces "extended TrueCrypt-Volumes", which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume. These settings are automatically made available after opening such an "extended TrueCrypt-Volume". This method is only an optional alternative to using standard TrueCrypt volumes. (more information)
Ubuntu Privacy Remix therefore has two levels of security:
1By being non-modifiable, it is impossible to permanently install malicious software, neither by network nor by local hard disks.
2Even if it were possible for malicious software to load into memory, there is no possibility to save or send captured data anywhere outside.