Make bluetooth opt-in in the Greeter
Like network cards, Bluetooth devices have MAC addresses which can potentially identify a user.
Bluetooth is enabled by default in Tails but we do not ship the corresponding userspace software stack. We now have a feature request to make it possible to disable bluetooth on boot/in the greeter.
A plan could be:
- at build time, blacklist
- at (early) boot, rfkill block bluetooth
- in the Greeter, allow opting-in for Bluetooth
- in PostLogin.default, pass Bluetooth user prefs to tails-unblock-network
- in tails-unblock-network, if Bluetooth is enabled, remove the
blacklist file and
rfkill unblock bluetooth
- for added safety, disable system-wide daemon and/or move gnome-bluetooth files out of the way?
- hardware-dependent device drivers?
- support enabling Bluetooth post-login if I forgot?