Forwarded from 0•Bytes•1
Enjoy your tea, Hatters🎩
Today I want to share an interesting project with you: Ermine OS 🗻🦦. It’s a private live system based on Debian, created specifically for secure crypto operations 💲 and anonymous web browsing (for example, visiting forums)🌐.
Here is the repository: https://github.com/ermiusio/ermine_os
In addition to the system itself, the author has written a fairly long article that provides a detailed analysis of popular privacy-focused live distributions.
I particularly liked the breakdown of Tails OS🧅.
It explains the inner workings of the system "related to privacy"⚙️
For example, at the level of systemd services, scripts, and iptables, it shows how the killswitch works. It also covers issues with video memory (yes, this was a known problem, but I hadn't seen a breakdown of it in other reviews before). It even explains why Persistent Storage partially undermines the Tails concept itself and analyzes how application protection is implemented via AppArmor. It's a shame the author didn't go even deeper (for example, looking for backdoors in the source code), but overall, I hadn't seen such a high-quality review in Russian available publicly before.
The article also covers other "private live" systems like Whonix Live, Heads, Kicksecure Live, and so on.
And now about Ermine OS 🦦 itself:
The system runs entirely from a USB drive and writes almost nothing to the disk. All traffic goes exclusively through Tor with a kill-switch (if Tor were to suddenly fail, the network simply shuts down). There is an automatic MAC address and hostname changer. Among the applications, it includes Tor Browser with the author's own Fingerprint Spoofer plugin, a separate browser for I2P🚦, a separate i2pd with a GUI using zenity, and Cake Wallet.
Regarding security: it has custom AppArmor policies for all programs🔒, kernel hardening via sysctl, protection against cold-boot attacks using sdmem, and a completely disabled swap.
Additionally, the author has created an experimental option - RAM-mode which can be selected at boot. In this mode, the system continues to work even after the USB stick is removed, staying entirely within RAM.
The author has also prepared a detailed step-by-step guide on how to build your own live system in the second part of the article, plus they tested the killswitch and other important features.
The project looks quite interesting. Yes, it is still a bit rough around the edges, but as an article with a working example of a private live system, it is already excellent material.
It will be especially useful for beginners who want to build their own distribution for privacy purposes 🧩. There aren't many projects like this with decent articles and guides.
Of course, Heads also has documentation, but it's from 2017 and lacks such an in-depth comparison with other systems.
In general, big thanks to the author☝️ I don't understand why the repository is still so niche; in my opinion, it deserves much more attention. Alas, the article is written in Russian, and the author did not provide a translation. But I have translated it into English for them; enjoy it🌟
P.S. I only translated the md, the images are not included, but you can view the original tests and images in the github.
I hope you find it useful too ❤️
#anonymous_networks #crypto_protection #browsers #OPSEC #linux #i2p #privacy #tools #tor
Today I want to share an interesting project with you: Ermine OS 🗻🦦. It’s a private live system based on Debian, created specifically for secure crypto operations 💲 and anonymous web browsing (for example, visiting forums)🌐.
Here is the repository: https://github.com/ermiusio/ermine_os
In addition to the system itself, the author has written a fairly long article that provides a detailed analysis of popular privacy-focused live distributions.
I particularly liked the breakdown of Tails OS🧅.
It explains the inner workings of the system "related to privacy"⚙️
For example, at the level of systemd services, scripts, and iptables, it shows how the killswitch works. It also covers issues with video memory (yes, this was a known problem, but I hadn't seen a breakdown of it in other reviews before). It even explains why Persistent Storage partially undermines the Tails concept itself and analyzes how application protection is implemented via AppArmor. It's a shame the author didn't go even deeper (for example, looking for backdoors in the source code), but overall, I hadn't seen such a high-quality review in Russian available publicly before.
The article also covers other "private live" systems like Whonix Live, Heads, Kicksecure Live, and so on.
And now about Ermine OS 🦦 itself:
The system runs entirely from a USB drive and writes almost nothing to the disk. All traffic goes exclusively through Tor with a kill-switch (if Tor were to suddenly fail, the network simply shuts down). There is an automatic MAC address and hostname changer. Among the applications, it includes Tor Browser with the author's own Fingerprint Spoofer plugin, a separate browser for I2P🚦, a separate i2pd with a GUI using zenity, and Cake Wallet.
Regarding security: it has custom AppArmor policies for all programs🔒, kernel hardening via sysctl, protection against cold-boot attacks using sdmem, and a completely disabled swap.
Additionally, the author has created an experimental option - RAM-mode which can be selected at boot. In this mode, the system continues to work even after the USB stick is removed, staying entirely within RAM.
The author has also prepared a detailed step-by-step guide on how to build your own live system in the second part of the article, plus they tested the killswitch and other important features.
The project looks quite interesting. Yes, it is still a bit rough around the edges, but as an article with a working example of a private live system, it is already excellent material.
It will be especially useful for beginners who want to build their own distribution for privacy purposes 🧩. There aren't many projects like this with decent articles and guides.
Of course, Heads also has documentation, but it's from 2017 and lacks such an in-depth comparison with other systems.
In general, big thanks to the author☝️ I don't understand why the repository is still so niche; in my opinion, it deserves much more attention. Alas, the article is written in Russian, and the author did not provide a translation. But I have translated it into English for them; enjoy it🌟
P.S. I only translated the md, the images are not included, but you can view the original tests and images in the github.
I hope you find it useful too ❤️
#anonymous_networks #crypto_protection #browsers #OPSEC #linux #i2p #privacy #tools #tor
GitHub
GitHub - ermiusio/ermine_os: Репозиторий объясняет работу приватных дистрибутивов и содержит обзор защищённых ОС. В качестве примера…
Репозиторий объясняет работу приватных дистрибутивов и содержит обзор защищённых ОС. В качестве примера выложена Ermine минималистичная Live-система на Debian с kill-switch, AppArmor и усиленным яд...
Forwarded from 0•Bytes•1
README_en.pdf
1.3 MB
Аrticle about private live Linux from the repository ermine_os translated into English
#anonymous_networks #OPSEC #linux #i2p #privacy #tools
#anonymous_networks #OPSEC #linux #i2p #privacy #tools