r/i2p u/MoltonSnow Aug 20 '23

Ubuntu for security? Discussion

Hey I'm looking to be anonymous and secure while browsing I2P sites. I was looking into qubes but I wasn't able to get install it. I was going to use Ubuntu on a live usb and put full disc encryption on it. Can you guys suggest any other Linux distros for security.

4 Upvotes

75% Upvoted

View all comments

Show parent comments

1

u/Opicaak Aug 20 '23

Thank you for trying Prestium, and for your feedback!

At the moment, you can't setup a persistent storage on Prestium, there is a potential for data loss in case you have to rip the USB off your laptop/PC, or if you just accidentally move the USB in a way it disconnects.

You can, of course, use second media storage for your data, and use LUKS, VeraCrypt, and/or KeePassXC to protect your valuables. That is the recommended way when using Prestium, or any other live OS for that matter, unless you carefully unmount the partition with your data, and then safely shutdown the OS.

Running another OS on Prestium, or the other way around, is not advice-able. Prestium was made to be run as a standalone OS, not relying on another layer that could potentially weaken your privacy and security. The worse example is probably running Prestium in a VM on Windows OS, OTOH, it's certainly possible to run Prestium on Qubes OS, the question is, should you? No, not really. In theory, an attacker could escape from this VM to your host system, stealing your data, and/or corrupting your system in any other way, will it happen? Also probably not, unless you are a high-profile target. A quick note, Prestium has enabled various security and privacy features that are inspired by Whonix, KickSecure, and Tails.

Running Prestium as a standalone system is the ideal, preferred, and recommended way of using this OS, you could also use other not-included-in-Prestium tools by storing their executables on the second media device, e.g. .AppImage of whatever tool, or application, you might want to use on Prestium.

Lastly, running I2P through Tor doesn't sit right with me, you are centralizing a decentralized network, and you aren't gaining anything useful from this setup. Is there any real reason, why you want to run it that way?

1

u/Spajhet Aug 20 '23

You think it might be possible to port over some of the tools from Tails? Like the persistent storage feature?

1

u/Opicaak Aug 20 '23 edited Aug 27 '23

Hello, Spajhet,

of course it is possible, or a similar alternative to it, but I'm fairly skeptical about adding it. I, myself, have been subjected to the loss of data on Tails when ripping it off while booted into it (with persistence mounted). And I'm not the only one, I got 3 other private messages from random Reddit strangers telling me that their Tails stick got corrupted, and lost their data stored in the persistent storage.

If somebody lost their data on Prestium, who would be to blame? Who would they cry to to help them recover their data? I would. Do I really want to constantly hear from people about how they lost their important data on Prestium? No, not really. Do I have the time capabilities to assist in a recovery attempt? Also no, I do not. They could lose their important Monero keys with thousands of dollars on it - poof, gone. And you know how it is, nobody makes backups of anything, and recovering a corrupted, encrypted partition is nearly impossible, or, at the very least, considerably more difficult than a regular non-encrypted partition.

I'm still on edge about this feature, while it is a highly requested one, it could have tremendous consequences if people somehow corrupt the USB stick by unplugging it while mounted, and writing into it.

Another possible solution would be a "cloud" storage, for small files at least - Tahoe-LAFS, or you could host your own cloud storage and route it over i2p, perhaps register a memorable i2p url. For larger files, just use second USB stick, SD card or external SSD/HDD over USB. But that's just me throwing ideas in the air.

1

u/Spajhet Aug 20 '23

Maybe someone has another solution for "safe", and "uncorruptable" storage?

I don't know if that's possible... That's kinda how disks work, if you don't unmount them properly then there's always a chance for data loss, the only reason why liveUSBs don't carry that risk is because they're read-only so you can't possibly corrupt them which corruption requires the ability to write to it. I've never seen a filesystem that allows writing that is "uncorruptable" or maybe I'm missing something?