Threat model: Parents

Markus Ottela oottela at cs.helsinki.fi
Sun May 31 12:51:25 PDT 2015


Has the kid been told about his/her legal right to privacy from his/her 
parents?

The most useful suggestion up until now has been use of Tails LiveUSB w/ 
persistence.
I'm not sure if Truecrypt is still bundled with Tails. If not, keeping 
the installer inside persistent volume isn't that inconvenient and use 
of steganographic volumes helps with the 5-dollar wrench problem.

The kid has the right to be curious about computing, programming and 
whatnot, so it should be straightforward to explain why the distro needs 
to be installed. Avoiding the privacy side of discussion might also be 
beneficial.

On 31.05.2015 22:35, Gadit Bielman wrote:
> Heh. Yeah, parents don't even need to try to find a 5$ wrench.
>
> There are smartphone-spying stuff, also, though. (*cough-mSpy-cough* 
> http://krebsonsecurity.com/2015/05/mobile-spy-software-maker-mspy-hacked-customer-data-leaked/ 
> )
> Are there any strategies to detecting that?
>
> Also, money/resources is a major issue in this threat model -- I don't 
> see it likely that a child/teenager will feel like 35$/year for a 
> little more security is worth it. I'm not even sure if I wanna assume 
> they'll be able to put down 50$ for a Raspberry Pi and USB mouse and 
> Keyboard.
>
> Using some sort of VM sounds like the best solution, because it allows 
> for just minimizing when parents come to look. Unless, again, there is 
> screenshotting going on -- in which case, how would you detect that, 
> maybe running Tails as a VM and doing something that would definitely 
> draw the parents but not compromise much in terms of online 
> friendgroup, gender/sexual orientation they might be hiding, etc. 
> Maybe looking at porn? That would have to take into account the 
> consequences of that vs. the value of knowing that parents aren't looking.
>
> But "VMs require specific drivers", I didn't know that. Shoot.
>
> I wonder how well you could avoid problems by just using something 
> like a Tails LiveUSB at night...
>
> On Sun, May 31, 2015 at 1:19 PM, Barton Gellman <otr at riseup.net 
> <mailto:otr at riseup.net>> wrote:
>
>     Honestly, people, some of these suggestions are like a parody of
>     geek advice to civilians ;-)
>
>     The kid will soon hit upon the same practical solution that his or
>     her peers all use: the smartphone (preferably with a VPN like
>     Freedome), plus browsing at a friend's house. Wiping, Linuxing and
>     LUKSing a family PC will escalate the real-life threat, and the
>     kid's defenses will fall quickly to the parental equivalent of
>     that XKCD password cartoon.
>
>     If the kid has a need for full size keyboard and screen, and has a
>     few more technical chops than most, there are some alternatives:
>
>      * Boot up Tails in Windows camouflage mode. Choose More Options
>     at boot. Shoulder surfing will probably bust him/her anyway,
>     sooner or later.
>      * Make one of those WinPE Windows USB drives, if real Windows is
>     required. Last time I looked this wasn't that easy.
>      * Get a small, fast external drive and install the OS of choice.
>     If the host is a Mac, use Carbon Copy Cloner (or dd) to copy an
>     existing machine to the external drive, or do a fresh installation
>     there. For Linux, choose your flavor.
>       * Get a Raspberry Pi and hook it to the keyboard and screen, at
>     times when you don't expect interruption.
>       * A virtual machine may be possible on the monitored host, if
>     the required drivers are already present. Probably not. See
>     http://www.vbox.me/. If anyone knows a VM that works without admin
>     rights, speak up.
>
>     Bart
>
>     Barton Gellman
>     @bartongellman
>     bartongellman.con
>
>     On May 31, 2015, at 12:00 PM, cypherpunks-request at cpunks.org
>     <mailto:cypherpunks-request at cpunks.org> wrote:
>
>>>>     On 31 May 2015 03:24:45 GMT+01:00, Gadit Bielman
>>>>     <thetransintransgenic at gmail.com
>>>>     <mailto:thetransintransgenic at gmail.com>> wrote:
>>>>     Hi.
>>>>
>>>>     I'm trying to help (probably badly, but..) a friend deal with
>>>>     parents
>>>>     that
>>>>     they expect are spying on them.
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8312 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150531/f942dab3/attachment-0002.txt>


More information about the cypherpunks mailing list