The internet offers plenty of free services, on the wave of the Web2.0
fuzz and the community boom, while all private informations are hosted
on servers owned by global corporations and monopolies.
It is important to keep in mind that no-one else better than *you* can
ensure the privacy of your personal data. Server hosted services and
web integrated technologies gather all data into huge information
pools that are made available to established economical and cultural
regimes.
*This software urges you to reflect on the importance of your
privacy*. World is full of prevarication and political imprisonments,
war rages in several places and media is mainly used for propaganda by
the powers in charge. Some of us face the dangers of being tracked by
oppressors opposing our self definition, independent thinking and
resistance to omologation.
#+BEGIN_QUOTE
"The distinction between what is public and what is private is
becoming more and more blurred with the increasing intrusiveness of
the media and advances in electronic technology. While this
distinction is always the outcome of continuous cultural
negotiation, it continues to be critical, for where nothing is
private, democracy becomes impossible."
(from [[http://www.newschool.edu/centers/socres/privacy/Home.html][Privacy Conference, Social Research, New School University]])
#+END_QUOTE
** Who needs Tomb
Our target community are GNU/Linux users with no time to click around,
sometimes using old or borrowed computers, operating in places
endangered by conflict where a leak of personal data can be a threat.
For example, if one doesn't owns a laptop or simply doesn't likes to
carry a computer around, Tomb functions as a secure on-line and
off-line storage for data and programs. On a desktop computer, Tomb
can store some files locked using a /key/ which can be carried with
you and hidden into images. Tomb can do that also on a remote shell
and setup a ready environment every time its opened by mounting
personal directories in place using /bind hooks/.
** Under the Hood
Tomb provides military-grade encryption on your fingertips, fostering
best practices and saving users the time to look into the details of
/LUKS/ volumes and /cryptsetup/. Rather than reinventing the wheel,
Tomb relies only on peer-reviewed, free and open source software
components: at its core is DM-Crypt[fn:dm-crypt] which is part of the
Linux kernel architecture.
For better clarity, Tomb is written in shell script and its code can
be reviewed any time. More specifically, Tomb is written in ZSh, but
can be used also from Bash.
Tomb is written in a way that promotes privilege separation: a system
can let its users execute the script as root, resting assured that it
will drop privileges when unneeded.
The key files in Tomb are generated using high entropy random and
protected via symmetric cryptography using GnuPG. The combination of a
key and its password allow to open a tomb: the key contents are used
to encrypt LUKS volumes mounted in loopback. The password is asked
using /Pinentry/ programs to protect from common software keyloggers
and measures are taken to avoid leaving traces on any permanent
storage.
** Yet another tool?
\indexentry{dyne:bolic}
Tomb is an evolution of the /Nesting/ tool developed in 2001 for the
[[http://www.dynebolic.org][Dyne:bolic GNU/Linux distribution]]: a /nomadic system/ to encrypt the
Home directory of users and have it ready for use on different
machines. At that time, Tomb was the first secure implementation of
what nowadays we call /persistent storage/ in live operating systems.
[[images/foster_privacy.png]]
Later on we've felt the urgency to publishing this mechanism for other
operating systems than dyne:bolic since the current situation in
personal desktop encryption is far from optimal. Let's have a look.
\indexentry{truecrypt}
[[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries so that its code is
hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free operating system
distributors because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]],
[[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]].
\indexentry{cryptkeeper}
[[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main
advantage consists in not needing root access on the machine it's
being used. But Cryptkeeper still has drawbacks: it uses [[http://www.arg0.net/encfs][EncFS]] which
implements weaker encryption than dm-crypt and it doesn't promotes the
separated storage of keys.
At last, the [[https://we.riseup.net/debian/automatically-mount-encrypted-home][Encrypted home]] mechanisms on operating systems as Debian
and Ubuntu adopt encryption algorithms as strong as Tomb does, but
they need to be configured when the machine is installed, they cannot
be easily transported and again they don't promote separated storage
of keys.
With Tomb we try to overcome all these limitations providing /strong
encryption/, encouraging users to /separate keys from data/ and
letting them transport tombs around easily. Also to facilitate
auditing and customization we intend to:
- write code that is short, readable and well documented
- use commonly available shared components whenever possible
- facilitate integration into desktop and graphical interfaces
- keep the development process open and distributed using Git
- distribute Tomb under the GNU General Public License v3
If you believe this is a worthy effort, you are welcome to [[http://dyne.org/donate][support it]].
