The Anonym.OS LiveCD

Wired's coverage of the DC area Schmoo Con security/hacker convention includes an article on a project that attempts to use a LiveCD to provide convenient and secure anonymous Internet access for everyday users. The Anonym.OS v1.0 release, put together by kaos.theory security research, is a bootable CD-ROM (a LiveCD) that runs OpenBSD 3.8 and contains a number of tools and configuration options that are aimed at preventing anyone on the other end of a network connection from identifying the anonymized user and/or tracking his or her activities.

The idea behind Anonym.OS is that the stereotypical "grandma" can pop in the Anonym.OS LiveCD, find an open access point, and do whatever she likes with her Internet connection—visit online shrines to St. Juarez, download pirated knitting patterns and free recipes, meet single grandpas, etc.—in the comfort of complete and untraceable anonymity. In addition to the grandmothers of the world, who for whatever reason have become emblematic of all that is naive and techno-clueless, the target audience for Anonym.OS also includes the stereotypical Chinese political dissident who wants to bypass the Great Firewall and post things that the government doesn't like.

Anonym.OS does a number of tricks, like spoofing and altering TCP/IP traffic, so that it appears to an outsider like a Windows XP SP1 machine. The OpenBSD build on the LiveCD is also totally locked down and patched, making it secure from active intrusion. The available software is individually tweaked for maximum anonymity, so that Mozilla, for instance, doesn't give you away with some automatic feature like auto update. (For more on how the build is locked down, see this PDF presentation.

Ars Video

I'm personally interested in LiveCD projects like this because of my own experience with using them for disaster relief work, which is why I was motivated to write up this project. This being the case, some of the constructive criticisms of the project reported in the Wired article resonated with me quite a bit. Specifically, there was some skepticism about the project's "one size fits all" approach, where there's a single build that's supposed to be used by the entire target audience.

I myself am a big advocate of giving people multiple types of tools and letting them decide what best fits their particular needs. So I'd encourage the project to consider offering a variety of builds for different types of users. There should be a spectrum of options that represent different tradeoffs between functionality and usability/idiot-proofness. Ultimately, I think it's best to start with full functionality and then lock down the build in response to actual user feedback, rather than work in the other direction.

The other thing I'd note is that performance matters. Given the choice between something insecure/unstable/complex and something that's rock-solid and simple but runs like a dog, almost everyone—especially the stereotypical grandmother—is going to pick the product that they can actually use without pulling their hair out.

Finally, on a more general note, custom technological solutions to social problems rarely, if ever, have the intended impact. This is true of Freenet, and I think it's going to be true of things like the MIT US$100 laptop and Anonym.OS. After all, the old saying about giving someone a fish vs. teaching them to fish is really a saying about technology transfer. The best thing that hackers and security researchers can do for Chinese dissidents is to empower them to produce their own secure and anonymous software and OS builds. In this respect, the part of a project like Anonym.OS with the most potential for good is the documentation. Thorough, multilingual documentation of the hows and whys of putting together a secure, anonymizing LiveCD build are likely to have a much bigger impact than any one ISO could ever hope to have.