Changes

Page history
Adjust for ikiwiki → GitLab wiki authored by intrigeri's avatar intrigeri
Show whitespace changes
Inline Side-by-side
network_connection.md
View page @ a5d53a93
[[!meta title="Network connection (configuration and startup)"]]
---
title: Network connection (configuration and startup)
---
This is about [[!tails_ticket 10491]].
[[!toc levels=2]]
This is about tails/tails#10491.
[[_TOC_]]
Current issues in Tails
=======================
......@@ -14,7 +19,7 @@ Current issues in Tails
you realize once in the session that you actually need bridges to connect.
* C. It's hard to know whether you need to log in through a captive portal.
([[!tails_ticket 5785]])
(tails/tails#5785)
* D. There's no way of triggering Tor to reconnect after logging in through a
captive portal, except by closing the Unsafe Browser (which is not obvious).
......@@ -23,14 +28,14 @@ Current issues in Tails
portal or to get bridges), if they close
the Unsafe Browser (that restarts Tor which breaks Tor Launcher).
Too bad, for non-bridge use cases one has to close the Unsafe Browser
to make Tor connect. ([[!tails_ticket 11535]])
to make Tor connect. (tails/tails#11535)
* F. It can be scary for people who cannot afford
connecting without obfuscated PTs (to hide they're using Tor) to postpone
this choice after the session is started.
* G. Bridges, firewall and proxy have to be configured again each time.
([[!tails_ticket 5461]])
(tails/tails#5461)
* H. It's not clear how one is supposed to get bridges if they need some.
......@@ -42,15 +47,15 @@ Current issues in Tails
* K. If MAC spoofing fails but I decide that it's OK not to spoof MAC in my
situation, then I have to reboot Tails all the way.
* L. The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interaction. ([[!tails_ticket 15635]])
* L. The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interaction. (tails/tails#15635)
* M. No audio in Unsafe Browser breaks accessible CAPTCHAs. ([[!tails_ticket 16795]])
* M. No audio in Unsafe Browser breaks accessible CAPTCHAs. (tails/tails#16795)
* N. People use the Unsafe Browser to browse the Internet.
* O. A persistent network connection is associated to a specific network interface
(via its MAC address) so it cannot be reused easily when hoping between computers
with the same Tails. ([[!tails_ticket 10803]])
with the same Tails. (tails/tails#10803)
* P. People who cannot afford connecting without obfuscated PTs (to hide
they're using Tor) have very little margin for error: if they forget
......@@ -58,7 +63,7 @@ Current issues in Tails
their mistake before connecting to a network (which might be automatic).
* Q. Hard to connect using PTs when the computer's hardware clock is
not set to the current, correct UTC time ([[!tails_ticket 15548]],
not set to the current, correct UTC time (tails/tails#15548,
[upstream issue](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs4/-/issues/32439))
This is one of the top
......@@ -89,7 +94,7 @@ Out of scope
their Wi-Fi AP.
- People who have to disable MAC spoofing all the time as this is pretty
uncommon, cf. [[!tails_ticket 16385#note-5]]. As long as they can do this manually
uncommon, cf. tails/tails#16385#note-5. As long as they can do this manually
every time they start Tails (as they do currently), or for each new Wi-Fi network
they connect to, that will be good enough. That is, we don't improve UX for
this use case, but we don't make it worse either.
......@@ -106,7 +111,7 @@ Iterations
First batch
-----------
1. Enable "bridge mode" by default and remove it from the Welcome Screen — [[!tails_ticket 17330]]
1. Enable "bridge mode" by default and remove it from the Welcome Screen — tails/tails#17330
That is, start Tor Launcher on every connection to a network,
if we never successfully connected to tor during this session,
......@@ -118,7 +123,7 @@ First batch
otherwise this breaks Tor Launcher.
- If time allows, we can consider removing the "Tor is ready"
notification, now that we have feedback wrt. the status of
connecting to Tor ([[!tails_ticket 8061]]).
connecting to Tor (tails/tails#8061).
- Solves issues: B, J.
- Improves issues:
......@@ -146,7 +151,7 @@ First batch
(whether or not we start Tor Launcher again on 2nd and further connections).
- Doc probably needs updates.
2. Persistent Tor settings — [[!tails_ticket 5461]]
2. Persistent Tor settings — tails/tails#5461
- Let's assume here that iteration 1 is done already.
- Solves issues: G.
......@@ -154,7 +159,7 @@ First batch
- F (increases user confidence in Tails consistently doing what they need)
- P (not fully solved as the user still can forget
to unlock their persistent volume in the Greeter; we could improve
further via [[!tails_ticket 15573]])
further via tails/tails#15573)
- Cost:
- Needs sync'ing relevant `torrc` settings to a persistent
file, and back.
......@@ -185,7 +190,7 @@ First batch
the option of using different settings today without modifying
persistent ones.
3. Automatic bridges/PTs retrieval (Moat) — [[!tails_ticket 15331]]
3. Automatic bridges/PTs retrieval (Moat) — tails/tails#15331
- Solves issues: H, I
- Bonus points: UX closer to Tor Browser's
......@@ -193,7 +198,7 @@ First batch
- Cost: at first sight, vastly higher than persistent Tor settings
- Blocked by Meek (to be verified)
While designing/implementing solutions, keep Snowflake in mind ([[!tails_ticket 5494]]):
While designing/implementing solutions, keep Snowflake in mind (tails/tails#5494):
it might require similar kludges to Moat, so better use kludges that will work for both.
Potential extra iterations
......@@ -201,7 +206,7 @@ Potential extra iterations
Not ordered yet.
* Better UX wrt. clock & timezone — [[!tails_ticket 5774]]
* Better UX wrt. clock & timezone — tails/tails#5774
Current design & iterations probably needs an update.
......@@ -210,7 +215,7 @@ Not ordered yet.
if they can't connect to tor via these PTs)
- Cost: to be evaluated in order to prioritize this vs. Moat
* Include configuration with default bridges/PTs — [[!tails_ticket 8825]]
* Include configuration with default bridges/PTs — tails/tails#8825
Why we want to do it: it will make Tails work out-of-the-box for
some censored users, while currently they need to find out how to
......@@ -263,7 +268,7 @@ Not ordered yet.
* Display a locked-down browser to log into a captive portal when needed
See blueprint on [[captive portal detection|detect_captive_portals]].
See blueprint on [captive portal detection](detect_captive_portals).
And remove the Unsafe Browser.
......@@ -272,12 +277,12 @@ Not ordered yet.
only if we can keep this window somehow open for captive portals that require
a permanent connection to them)
- Related to:
- Wayland in Tails 5.0 (Bullseye) ([[!tails_ticket 12213]])
- Wayland in Tails 5.0 (Bullseye) (tails/tails#12213)
- Problem M: audio should work in that locked-down browser
* Persistent Tor state — [[!tails_ticket 5462]]
* Persistent Tor state — tails/tails#5462
See blueprint on [[persistent Tor state|persistent_Tor_state]].
See blueprint on [persistent Tor state](persistent_Tor_state).
Related but orthogonal.
......@@ -313,7 +318,7 @@ Process
<a id="iff"></a>
- We had a session at the IFF to gather feedback on mockups. See [[!tails_ticket 11245]].
- We had a session at the IFF to gather feedback on mockups. See tails/tails#11245.
- [flowchart behind the mockups](https://labs.riseup.net/code/attachments/download/1293/network-20160306.odg)
- [mockups](https://tails.boum.org/contribute/how/promote/material/slides/IFF-20160306/)
- [feedback from post-if notes](https://labs.riseup.net/code/attachments/download/1291/iff-feedback.ods)
......@@ -326,7 +331,7 @@ At Tor
------
- Tor Launcher can now retrieve bridges automatically ("Moat") but
this is not integrated in Tails yet: [[!tails_ticket 15331]]
this is not integrated in Tails yet: tails/tails#15331
- Tor Browser might soon discover (by trial & error) whether one needs bridges/PTs.
This breaks the "hide that I'm using Tor" use case but makes things easier
for everyone else. This should happen in their nightlies between 2020-09 and 2021-09.
......@@ -347,3 +352,4 @@ At Whonix
- <https://forums.whonix.org/t/graphical-gui-whonix-setup-wizard-anon-connection-wizard-technical-discussion/650/303>
- <https://github.com/irykoon/anon-connection-wizard>
(or: <https://github.com/Whonix/anon-connection-wizard>)