Mempo Project - Hardened Privacy
"⌘ Mempo project aims to provide most secure and yet comfortable out-of-the-box Desktop and Server computer, for professionals, business, journalists, and every-day users avoiding PRISM-like spying. ⌘"
Mempo is a software project and open team of developers working with Debian and other communities and entities for above mentioned goal.
Current status: Mempo does work right now, as extension that secures Debian (in area of kernel and gnupg). Much more things will be released in near future. To use mempo now install Debian Wheezy and then install our kernel package. See: #done. And remember to join us on IRC.
Please write down all checksums of downloaded things that you will run (or build and then run etc) that come from us, on paper. Then you can always check history, if code was trusted.
- Mempo system structure
- Install Mempo
- Integration with Debian
- Done work
- Current work
- Get Involved
- Security topics
- Keys (gnupg, pgp)
- Ideas 2
- Recent Questions
Mempo system structure
Learn more about it on Mempo webpage.
See below for Download and Install instructions.
This is work in progress, but it's usable right now
- If you are more advanced user-developer then try all steps.
If you just want to use the results of our work then apply only "green" points (only β=beta and R=Released are ready to use by everyone)
kernel/grsecurity install SameKernel#grsecurity - but you must do setfattr in next point (even if it's not released yet)!
kernel/grsecurity/paxflags install grsecurity/setfattr - needed if you used our kernel
kernel/grsecurity/rbac - in future we will provide RBAC profiles allowing to turn RBAC on by default and protect most important applications at least.
In future installation will be made very easy for everyone.
Now Mempo exists as source code in various repositories. Later we will release ready .deb (signed and verifiable) and finally own .deb-repository, or in Debian repositories.
https://github.com/mempo/ (official, medium-security)
https://github.com/rfree/ (beta, medium-security)
https://github.com/vyrly/ (beta, low-security)
By low-security we mean that code is not so thoroughly reviewed yet, or it's developed/uploaded from not super-secured computers, but we do develop only on Linux/FOSS, encryption is always used etc - but still we know it's less than perfect.
So this is same as "normal/high" security by common standards
Integration with Debian
Mempo team will:
Upgrade existing software from upstream
Publish mempo-deb software, e.g. own version of Mempo/mempo-deb/tar and recommend Mempo users to upgrade immediately if they need given feature (build custom *.deb and install it) and ask them to help get them to Debian experimental
Upstream will be given patches and we will help to merge them
Debian experimental will be helped to package new software when upstream accepts it. In case of rejection or delay by upstream (if they not care about privacy&security to the same level as Mempo) to provide it as Debian custom patches
Debian stable - we hope most of Mempo work could, in time, reach Debian Stable to improve standard Debian security too.
Install with Debian:
If you are dedicated to security then install Debian Stable, and then add Mempo software on top (as of 2014-01 most software is experimental, contact as quickly for help and guidance)
- If you are a regular Debian user who wants to improve security a bit, then use Debian Stable and try some of our packages. Try to help get them to upstream, to Experimental, to Testing, to Backports etc.
mempo-deb fixed libpoco Debian library
mempo-deb upgraded gnupg for higher max key length
As of 2014-02:
Fixing/patching other Debian software as mempo-deb
Planning - see mempo.org website hosted in Github
As of 2014-01 it is intended for Mempo to:
- Support and work inside of Debian project
- In addition release distribution (remix/selection of packages) that includes:
- - New software that is not yet accepted into Debian
- - Versions newer then in Debian
- - Release often
Mempo aims to be always Open FOSS, and put security as primary matter (e.g. at expense of usability or performance).
Project is in planning and prototyping stage, be patient
Found a bug or problem? Why not help us by getting involved:
Please idle on our IRC channel #mempo and discuss topics that come along
Help us with current projects e.g. SameKernel by reviewing and refactoring our code
Just report on IRC and ask what to do, stating your skills. Be ready to wait up to 24 hours for a reply and free to ask again each few hours
- Please try to edit our pages on Debian Wiki: our extra guidelines: short, precise, with detailed information (create paragraphs and subpages if looks too long). Links should never change! Consult us on #mempo before editing mission, general statements etc.
Please check for bugs: ?SameKernel/#bugs and try to figure them out
Wheezy 64bit, 10 GB HDD, root
1. Build our SameKernel by following instructions there. 2. Contact us with the *.deb files created there and sha1sum of them. 3. If build instructions where not clear tell us.
1) Build our Mempo/mempo-deb by following instructions there. 2) Tell us if it worked ; Extra: 3) If on amd64, check the checksums of files are they as expected 4) With root you can install the .deb with dpkg -i foo.deb and use the created programs and test if they work fully (review sources first, or use it on test computer)
The project is a huge amount of work. If you want our work to progress faster, you can do any of the following:
get involved and fix some things
donate money to sponsor work of our developers
- spread the word so other people would join the effort for secure and private happy future
insecure-download we consider to be any download of code that will be executed in any possibly permissible or important way (sources, libraries, binary executable, scripts - but usually not images, music, etc) if that code is not strongly verified with cryptography.
- * PGP downloads are medium secure
- * Checksummed downloads (+PGP best) are most secure
- * (assuming trusted source of fingerprints/checksums)
Keys (gnupg, pgp)
First you have to get our signature from keyserver by using:
gpg --keyserver pgp.mit.edu --recv-key 45953F23
To get our source code, download it from git and then verify the tag using:
LANG=C git tag -v `git describe --tags`
It should be signed (for now at least) by the same key as is published on our github account on github.com/mempo/ [[https://github.com/mempo/deterministic-kernel/blob/master/README.md|in README][, that is the key:
21A5 9D31 7421 F02E C3C3 81F3 4623 E8F7 4595 3F23
how ever this wiki page here (unless you are viewing hard-copy of it from trusted source) might have been edited too... So best to verify from multiply sources (as always).
Privacy is strongly protected by software that is included in Mempo. You can also contact us to discuss development or report bugs in a secure and privacy-respecting way. For anonymous talk try tor (with OFTC) or i2p (irc2p) in the Contact section.
If you would donate, then such resources would be given to our developers mostly, also partially to hardware, other expenses (servers,domains) people who will help us, and other FOSS projects (debian, grsecurity and other places we take software from).
the addresses are written on github under user mempo whom you can trust. (will pgp-sign too in future).
Contact with us: variety of ways, for secure and privacy respecting communication.
IRC network: #mempo on irc.freenode.org (normal web)
http://www.reddit.com/r/mempo/ please build community
XMPP/Jabber chat contact email@example.com (rarely used now!)
http://mempo.org - soon!
Freenet Freesite Mempo-Official on freenet-address: USK@fiXFPRPKw3miEP1tXIi3Mz2BvfkKK1FsoATqAWi~NbY,DWl1hGrdJEpMT5-ofWBAH1HIYDauTNh8xilF8l2tCfE,AQACAAE/mempo/-1/
Freenet freemail ( currently not used ) firstname.lastname@example.org
secret-data contact: to send us message but hide it's data, use the jabber+OTR or drop PGP message to Freenet-FMS, encrypted to official keys from github/mempo (deterministic-kernel/README.md lists them!) also see github for OTC fingerprint! anyone can edit this wiki!
secret-all contact: to even hide fact that anyone contacted us at given time, you could probably use torchat, or freemail - it will be also listed on mempo's official github account as above (TODO as of 2014-02-15)
provided (packaged, distributed) fix to Debian libpoco that was stopping external open-source program (FMS) from working in Debian 7 https://github.com/mempo/mempo-deb
provided verification build script wrapper for Freenet https://github.com/mempo/freenet-extra
There will be variants, as planned in https://github.com/mempo/deterministic-kernel/blob/master/doc/mempo-variant.txt - versions of Mempo that very in security level (e.g. versions of kernel).
Good protection. For Desktop. All grsecurity is used, except kmem/IOports.
Therefore video cards should work (on open-source drivers, binary blobs might not work).
binary gfx drivers will mostly not run (and would ruin security anyway)
Good+ protection. For Server (or compatible desktop). All grsecurity is used, including kmem/IOports.
Therefore video cards only with best drivers will work (might require new/patched Xorg to not use IOports) - recommended for Intel gfx (as of 2013-11 probably requires patching Xorg). most gfx drivers might not work (in graphical mode) until patched binary gfx drivers are basically guaranteed to not run (and would ruin security anyway)
- Convince GCC upstream to enable security hardening flags by default
- - or write wrapper script and set gcc_secure and alike compilers to be used for building sensitive/all packages?
- see dpkg-buildflags, but that is useless for binaries built by users, the compiler should do hardening by default
- anyone has any such flags that could be added to the Mempo/mempo-deb package gnupg application and/or libpoco library? If yes then please form the git repo and try it and notify us here+irc.
- - Same question for kernel flags, is it secure on this front by default? Does grsecurity turn on all the needed flags, in addition to enabling some static check plugins?
- Critical problem with LUKS, it is allaged that in the past and perhaps still today the installer by default creates low quality encryption with /dev/urandom instead /dev/random
is this still the case? [https://lists.debian.org/debian-boot/2013/09/msg00440.html]
solution use: --use-random in the installer
- also use this for the cryptsetup by default when user creates more LUKS partitions
provide guide about re-encrypting with secure master key: [http://asalor.blogspot.com/2012/08/re-encryption-of-luks-device-cryptsetup.html]
With debian, though if they say NO like with grsecurity we will continue work.
With Tails, they could use our kernel?
We can include Tails in easy VM.
With Openwall Linux: they could use our kernel?
We could include Openwall Linux in VM for dedicated server.
We would like to say thank you to people who somehow helped this project to get resources. Coins, cash, hardware, domains, servers, services rented for us/our friends etc.
tigusoft.pl http://tigusoft.pl thank you for continuous full support!
- da2ce7 thank you!
- rfree continuous support.
this can be you - #donate
- people giving tips e.g. on reddit
sl1nk, blueeyemissing, tgs3, psi, Eleriseth, oo, octocpp, add yourself
Testing, bug reporting and small fixes
tefnoot (SameKernel beta-test using and build)
... (SameKernel beta-test using and build)
... (SameKernel beta-test using and build)
... (SameKernel beta-test using and build)
... (SameKernel testing)
Bigger fixes and code, other tools, etc
- Lunar^ thanks for dpkg reproducible branch!
Spender, Pipacs, #grsecurity thanks for ?GrSecurity!
Toad_, operhiem1 and others thanks for Freenet
zzz and others thanks for I2P
and every other developer for the other FOSS that we're using in this project!
If you should be in credits, then please contact us on IRC and paste that data you want to have listed (nick/name, contact, url, etc).
The same about Sponsors (e.g. sign message with your bitcoin/coin privkey).
Even more ideas and drafts
sl1nk various ideas (evil maid, IP, MitM)
#mempo @ irc.freenode.org
<sl1nk> Meanwhile download Debian, i looked your "Threats to security and anonymity" (https://rawgithub.com/mempo/*). I saw that you don't have a solution for Identity Spoofing, Man-in-the-middle attack, Evil Maid attack, phishing, DNS poisoning. <sl1nk> That makes three categories of attacks, network, web and password <sl1nk> There are two ways to stop the “evil maid” attack: keeping your boot partition on a flash drive you carry at all times, or using a checksum value of the boot sector and boot partition to detect it and change you passphrase. <sl1nk> The only totally secure defense is to copy /boot onto a flash drive, install GRUB on that drive, and debug this until you can boot from the flash drive with the encrypted disk as the root filesytem. <sl1nk> IP spoofing is a technique where a host sends out packets which claim to be from another host. Since packet filtering makes decisions based on this source address, IP spoofing is uses to fool packet filters. It is also used to hide the identity of attackers using SYN attacks, Teardrop, Ping of Death and others... <sl1nk> The best way to protect from IP spoofing is called Source Address Verification, and it is done by the routing code, and not firewalling at all. <sl1nk> turning on Source Address Verification at every boot is the right solution for you <sl1nk> To do that, insert the following lines somewhere in your init scripts, before any network interfaces are initialized http://pastecode.ru/8312/ <iRelay> Title: Pastecode Без названия (at pastecode.ru) <sl1nk> If you cannot do this, you can manually insert rules to protect every interface. <sl1nk> MitM-Attack, uses a technique called ARP spoofing, so you need to filtre/block it. <sl1nk> With HTTPS or VPN for example. <sl1nk> For Phishing and DNS poisoning is other way... ;.;
¶ Recent questions - asked on IRC or other chats are often placed here.
Users: If you asked a question, please check in 3 days, likely a reply will be here if you missed it on the chat (or just ask us again).
Testers, devels: link users to this page using link https://wiki.debian.org/Mempo/#ql (like questions latest) or #q.
How to use VPN and Tor
The VPN-Tor model:
<rfree> hi hilby <rfree> hilby, a friend did such configuration, it worked <rfree> hilby, you just get and run an VPN network as usual, to have all network going via a VPN on your computer. Then, you turn on the tor server/client on this computer :) <rfree> and that's all. <rfree> there are things to watch over for: <rfree> 1) would be cool to get the VPN anonymously. In general, using bitcoin to buy it, how ever bitcoin is usually not really anonymous... how ever, anyway you are still on tor anyway so you should be not easily discovered as the VPN user <rfree> 2) timing attack. Wait some time (hours, days, weeks?) before following this instruction or someone reading this convo could exepct that the next tor from vpn user is the same guy as hilby here (if that is a problem for you) <rfree> 3) cover traffic helps a lot. I don't remember if you can be a tor relay while on VPN, perhaps on some... if you could then it would help. If not, at least have some random tor requests in background like start bunch of tor using applications otherwise your main activity will stand out too much <rfree> there is also #tor over at irc.oftc.net where more people should have tips on this subject
Another option would be the Tor-VPN model. But removes your privacy in that way that if you access few things X0..X9 using this, then there will be full correlation, all 10 servers (and the ISP and for example rogue government or other adversaries spying on their traffic from backbone) will correlate and profile you. If on any site you would take action connecting you to real life then you are busted. Though it can be good in that way that the end sites see you just as a "VPN user" not as "Tor user" which some sites ban.
Advantage over just VPN, is that if adversary bribes, subpoenas or otherwise gets VPN operator data/logs, he does not have your IP.
How ever you would also need to make perfectly anonymous payment from bitcoin not connected to you in any way, sent from Tor to bitcoin (or other crypto currency) network, and register etc from Tor to remain protected.
Yet another option is VPN-Tor-VPN. This sounds like secure option, but research is needed.
¶ Questions latest: Leave us a question on IRC (irc.oftc.net best) and then check here in few days. Scroll up to see the questions.