Liberte and Tails are both Linux distributions focused on anonymity, with Liberte being Gentoo-based and emphasizing security features like anti-forensic capabilities and custom HTTP headers, while Tails, based on Debian, offers regular updates and broader user support. Cables aims to provide a decentralized messaging platform but lacks popularity and effective user adoption compared to Bitmessage, which is favored among deep web users for its p2p approach. Overall, while Liberte is innovative, Tails is more user-friendly and widely supported, and Bitmessage is the most utilized despite the complexity of its security features.

2. Liberte vs Tails

4. Liberté Linux
• Hardened, Gentoo-based, LiveUSB/CD, Linux
distro
• Fully(ish) anonymized
• Similar in goal to TAILS
• Designed for Anon specifically
• Run by Maxim Kammerer (he is Crazy)
• Uses Tor AND I2P

8. Features that make it different than TAILS
• Anti-forensic memory erase on boot media
extraction
– Aimed to cold boot attacks
• OTFE container using LUKS
• Collect clock setting via Tor consensus
– Makes sure that clock settings are not in the clear
– He’s very proud of this
• I2p communication over Tor so that it can
traverse firewalls better

9. Features that make it different than TAILS
• Mac address randomization
• Custom consistent HTTP headers
– Defends against browser fingerprinting
• Harsher iptables rules
• Grsecurity for inter-process security

10. The Big Features
• The first Linux distro that uses UEFI
– Secure boot
– Hardware based verification of the operating system
– If something new is on the system (malware) it won’t boot
• Does not allow you to install ANY software
• Forces a specific resolution
• Cables Communication
– Custom written P2P message exchange

11. TAILS

12. TAILS Linux
• Debian based, LiveUSB/CD, Linux distro
• Fully(ish) anonymized
• Similar in goal to Liberte
• Designed for the everyman
• Run by Baum with the support of the Tor
Project
• Uses just Tor for anonymity (but has i2p
installed)

14. Features that Make It Different Than Liberte
• Regular updates
– New versions are put out due to security issues or active
development at least once a month
– You can apt-get upgrade whenever you want
• Uses standard LUKS for persistence and
supports TrueCrypt
• Contains a meta-data stripping tool – MAT
• Uses Iceweasel (eventually TorBrowser)
instead of janky Epiphany

15. The Big Features
• Documentation and Support
– Unlike liberte that hasn’t been updated since 2012
– New releases every month
– Monetarily supported by Tor Project
– Has a roadmap!
– Has complete, up to date documentation, in many languages
• Can temporarily install any software
– Or manually build from source and install your own software

16. Tails “Quirks”
• No lock screen, no screen saver
– Even if you install a screensaver, there are other tty terminals
that let you just log in
• Persistent Media is only USB
– That means virtualization products won’t be able to make a
consistent partion

17. Cables: TL;DR
• A secure, peer-to-peer based message
exchange
• Aims to be a decentralized eMail replacement
• Not really good as instant messaging (See
bitmessage)

18. Antitree presents:
A Mouthful of Crypto
An animated explanation of the Cables Address generation
process
OR

19. Generate a 8192 bit x.509 key
Generate a SHA1 hash of that key
This is your cables username
gb24hw2hpihnj2eftkuz42fvp3l3nsoc
Create a Tor hidden service
5rfvhdhbw7z4dcw6.onion
This is your domain name
@

20. Transport Mechanism
• This is P2P so how does it exchange
messages?
• Via HTTP requests
• The .onion service hosts a web interface
• http://localhost:9080/{userid}

21. Crypto Bits
• X.509 8192 bit certificate (ca.cer)
• Signing key generated from ca.cer
• Diffie-Hellman session key exchange for
transport security
• Cryptographic Message Syntax (CMS) for the
format of message
• Custom wrapper that lets you use Claws-Mail

22. INTERWEBz

23. Tor provides secure end to end encryption beween .onion hidden services

24. Wait
• Diffie-Helman is a secure temporal key
exchange
• Used in this case to provide transport security
• It provides a key exchange ON TOP of the
hidden service transport mechanism

25. Diffie Hellman

26. BUT WHY??
• Why is Maxim adding a transport security
mechanism on top of Tor?
• Answer: Because he didn’t think Tor hidden
services had enough crypto
– SHA1 – deprecated
– AES128 – deprecated
– RSA-1024 – deprecated
• Tor’s hidden services are not secure enough

27. Review
• RSA 8192 x509 based secure message
exchange
• Uses HTTP requests over onion services to
connect
• Security on top of your security
• Janky web service

28. Popularity
• No one uses this
• I think one of the reasons is the awkwardness
of the name “Cables”
• Although it’s inherently more anonymous than
BitMessage, who cares because no one uses it

29. Bitmessage (actual logo)

30. Bitmessage
• Secure, P2P based messaging
• Similar to mixmaster style anonymity
model(plausible deniability)
• If bitcoin had a baby with email it would be
Bitmessage
• You can only decrypt messages sent to your
public key

34. Message Encryption
• Elliptic Curve Integrated Encryption Scheme
• Elliptic Curve Diffie Hellman (ECDH) to
generate a shared secret
• AES256-CBC (PKCS#7)
• Key-derivation-function using SHA512
• HMACSHA256

35. “Proof Of Work”
• POW
• In order to send a
message, you have to
compute something
• Supposed to help mitigate
spam because each
message requires

36. Crypto
• payload = time + streamnumber + encrypted
• target = 2^64 / ((length of the payload in bytes +
payloadLengthExtraBytes + 8) *
averageProofOfWorkNonceTrialsPerByte)
• initialHash = sha512(payload)
• while trialValue > target:
nonce = nonce + 1
resultHash = sha512(sha512( nonce + initialHash))
trialValue = int(resulthash[:8])
• Output: trialValue

37. Verification
• The client receives the message and verifies that
it has done enough work to send it to you
• The goal is that for each person you send to, you
have to send a POW
• When you send to 100 people, it may take 3
hours
• You can adjust the required POW to send to you

38. Protocol Encryption
• It’s like some crazy bitcoin
P2P network
• Seems really complicated
• I just don’t fucking know
• https://bitmessage.org/wiki/
Protocol_specification

39. Bit Message Popularity
• BitMessage is the most popular messaging
exchange by far
• Deepweb users like this as their favorite
• Remember they are all using the same exact
client and software and network to do this
exchange
• www.reddit.com/r/bitmessage

40. Summary
• Liberte: Cutting edge but full of the jank
• TAILS: Annoying but the best
• Cables: Why are we even talking about it?
• BitMessage: The most popular one, so it
doesn’t matter how secure it is