Mempo Project - Hardened Privacy
⌘
Mempo project aims to provide most secure and yet comfortable out-of-the-box computer for Desktop and Server,
to professionals, business, journalists, and every-day users avoiding PRISM-like spying. ⌘
to professionals, business, journalists, and every-day users avoiding PRISM-like spying. ⌘
⌘
Mempo is now ready to be apt-get installed on top of your Debian - from our repository, follow install instructions there:
deb.mempo.org
[i2p]
⌘
Mempo Project is the answer to increasing surveillance of people, and endangered freedom of speech - as well to other IT attacks, cracking by hackers, viruses.
Even professional tools are not secure if there exist way around them for an attacker.
Therefore - in Mempo, the best Privacy & Security tools are used together on all levels from kernel to Apps; preconfigured for VM+Tor+VPN, for virtualization and compartment - all available in one-click fashion as Full Installable OS, Live-CD, or separate programs (sources and .deb files + deb-repo).
Do I need Mempo? [read more...]
Basically no one is really using the potential of existing security and privacy apps because of time and effort,
and professional solutions are fixing given issue - but leaving other small holes.
Most people do not even know about hardware level attacks, root-kits, cold-boot, hacking NIC PCI cards, bugs in e.g. Xen, fire-wire attack, etc.
Well. If you do use... theoretically unexploitable micro-kernel system like GNU Hurd on OpenRISC or at least GrSecurity max-settings kernel; on custom open-hardware mobo/BIOS/firmware, using PGP/post-QC where needed, with per-app files access-lists, everything is on separate VM on separate user with firewalled tunnels in between, all compiled from source after you meet all the developers on PGP signing-party - then yeah OK, in this case this Project can not offer you much :-)
In any other case - continue below for details.
Most people do not even know about hardware level attacks, root-kits, cold-boot, hacking NIC PCI cards, bugs in e.g. Xen, fire-wire attack, etc.
But is your computer immune (to the extent of currently available software) to known attacks?
Well. If you do use... theoretically unexploitable micro-kernel system like GNU Hurd on OpenRISC or at least GrSecurity max-settings kernel; on custom open-hardware mobo/BIOS/firmware, using PGP/post-QC where needed, with per-app files access-lists, everything is on separate VM on separate user with firewalled tunnels in between, all compiled from source after you meet all the developers on PGP signing-party - then yeah OK, in this case this Project can not offer you much :-)
In any other case - continue below for details.
Comparison of existing systems with Mempo (as planned in Stage-1 and 2 - roadmap).
| System | Mempo* |
Debian |
Deb 8 Exp |
Tails |
Whonix |
QubesOS |
Gentoo-H |
Chrome* |
| Live-CD/Primary-OS/Packets |
|
|
|
|
*
|
|
|
*
|
| Install & apt-get via I2P/Freenet |  / |
 / |
/ |
/ |
/ |
/ |
/ |
/ |
| GrSecurity hardened Kernel | |
|
|
|
|
|
|
|
| GrSecurity max protection |
|
|
|
|
|
|
|
?
|
| GrSecurity PAX, RBAC profiles |
|
|
|
|
|
|
|
*
|
| Hardened compilations (fortify) |
|
|
|
|
|
|
|
|
| Removed unsafe JIT code; PAX |
|
|
|
|
|
|
|
|
| Patching ALL privacy problems |
wip
|
|
|
|
|
?
|
?
|
/?
|
| Running any App in VM isolation |
|
|
|
|
/
|
|
|
|
| Running any App in H-chroot jail |
|
|
|
|
|
|
|
?
|
| Hardened VNC&Xnest isolation |
|
|
|
|
|
/
|
|
|
| VM: easily toggle Tor, VPN |
|
|
|
|
|
|
|
|
| VM: toggle Darknet, FW, Tunnel |
|
|
|
|
|
|
|
|
| Tor, I2P, Freenet, VPN preconfigured |
α
|
|
|
|
|
|
|
|
| Stacking networks e.g. VPN+I2P |
α
|
|
/
|
|
|
|
||
| All Apps and System uses privacy |
|
|
/
|
|
|
N/A | ||
| Verify-build, multisign apt-get |
wip
|
?
|
|
|
/
|
N/A | ||
| White-list AV and known-files DB |
|
|
|
|
/
|
N/A | ||
| Bitcoin/Altcoin/e-Currency |
|
|
|
|
|
|
||
| Provides custom open hardware |
|
|
|
|
|
?
|
||
| Crowdfunding fixes, fast devel |
|
|
|
|
|
|
||
| Real time threats warnings |
|
|
|
|
|
|
||
| Buy prebuilt on most open hardware |
|
|
|
|
|
|
||
| Paranoia-free lead developers |
|
?
|
?
|
?
|
|
|
FAQ-1: To clear any initial miss-conceptions or questions: Mempo is:
- Light and fast
- Easy for non-technicals
- Modular addons
- Learning from Tails, Qubes-OS, Hardened-Gentoo
- ...but providing more
- Prefering GrSec+PAX over SE Linux
- Usable like regular Debian
- Developed inside Debian.org
- Usable on all Linux
- Usable on home-made PC
- As Primary OS
- As packets
- As Live-CD
- Flash/Wine/etc compatible (VM)
- At stage of prototyping
- To deliver custom hardware
- Always BSD/GPL/0-CC licensed
- Giving back to FOSS
- Cooperative!
- To be crowdfunded
- Apolitical
- User education focused
Mempo description
All layers of security - the weakest link is the problem
How good is your super-secure encryption or network, if kernel rootkit can go around it?
|
Entire System - from hardware, kernel, throught system, VM creation, up to applications is secured.
Show technical details:
⇨⇦
click checkbox to open
Each of the layers is created by researching and selecting best available software in given category. Programs are configured to use and reinforce each-other to fit nicelly (e.g. email uses Tor, Tor can use VPN, grsecurity contains any exploits, apt-get uses all of above to be sure). User applications are also preconfigured and ready to use in most secure way.
|
Steps to get secure Mempo
Take following steps to best configure your system up to the Mempo standard.
- Install Debian 7 x86_64 on your computer
- Add Mempo APT repository as in deb.mempo.org (or .i2p)
- Install Mempo kernel as described there. Including grsec sysfs settings and pax fattr flags.
- Install Tor, configure with proper options:
As root, configure this and restart tor. In file /etc/tor/torrc find line with "SockPort" (or add it) and add there following options so it will read as: SocksPort 9050 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddr This is very important, otherwise same Tor circuit is re-used even for different programs and servers making it much easier to correlate your various activities! TEST: To test if that works, open few "what is my IP" pages and verify if they show different IP each usually Som pages to test IP (open this is Tor-enabled browser that uses the main system Tor): http://mempo.org/ip/ or http://myipinfo.net/
- Install Privoxy, configure with proper options to use Tor:
As root, configure this and restart privoxy: In file /etc/privoxy/config uncomment (or add) following line: forward-socks5 / 127.0.0.1:9050 . TEST: get a browser that does NOT integrate with Tor directly, and merly configure in it a http proxy 127.0.0.1:8118 and check your IP on web pages (best disable javascript first).
- Configure (for each user) GPG client configuration as in github.com/rfree/fossoffice gpg.conf
Contact - developers, testers, translators, users
Everyone is invited to cooperate, users, developers, other distributions - please join our effort in creating more secure and privacy-respecting world.
|
|
Mempo-BlogMempo cooperation
Created in cooperation
Everyone interested is invited to join creation of the system.We accept and even encourage developers that protect their privacy/security (although for some positions like code reviews a well known or real-life known people are needed too).
Show credits (in progress - sign up): ⇨⇦ click checkbox to open
[Priv] - this person (or group) prefers to develop under pseudonym (but we know it's not untracable, at all).
[Anon] - this person (or group) develops anonymously (e.g. behind Tor).
[DEEP] - this person (or group) develops secrutly (e.g. only Freenet) and we hope he is quite hard to find - and therefore quite resistant for any corporation or state pressure, attacks or blackmail.
(?) - only planned - cooperation is not yet confirmed.
[Anon] - this person (or group) develops anonymously (e.g. behind Tor).
[DEEP] - this person (or group) develops secrutly (e.g. only Freenet) and we hope he is quite hard to find - and therefore quite resistant for any corporation or state pressure, attacks or blackmail.
(?) - only planned - cooperation is not yet confirmed.
- Lead
- mempo[Priv] - mempo @irc.freenode.org @irc.oftc.net @irc2p
- (Position opened - this could be you)
- Marketing
- None (Eat own dog food + you are the PR)
- Coordination and planning
- (Position opened - this could be you)
- Programming - creating custom software where needed
- vyrly(?)[Priv] - vyrly @irc.freenode.org
- (Position opened - this could be you)
- Electronics - creating custom hardware where needed
- (Position opened - this could be you)
- Alpha Testing
- happuri(?)[Priv] - happuri @irc.freenode.org @irc.oftc.net @irc2p
- (Position opened - this could be you)
- Security team
- mempo
- (Position opened - this could be you)
- Security advisors
- kees(?) - Debian, Linux Kernel - kees @irc.freenode.org
- Eleriseth(?)[DEEP] - Freenet
- Paul Proteus(?) - Debian, verificable-builds - paulproteus @irc.freenode.org
- Cryptography - (?)
- Electronics - (?)
- (Position opened - this could be you)
- Software advisors - please contact us on IRC if you can help with given part
- For Tor - (?)
- For I2P - (?)
- For Freenet - (?)
- For VPNs - (?)
- For Cryptography - (?)
- For Xorg - (?)
- For Xen, KVM - (?)
- For other GNU applications - (?)
- For other "Prism-Break" applications - (?)
- For Pidgin or Jitsi - (?)
- For Mumble or Linphone or Ekiga - (?)
- For Bitcoin - (?)
- For Namecoin - (?)
- For Litecoin - (?)
- For alt-coins - (?)
- Servers, Hosting and test Boxes
- Debian Project infrastructure is planned to be used since we develop in-Debian mainly
- (negotiations)
- (we look for friends to mirror our repos, and run test servers)
- Thanks to GitHub.com - we already use their public services
- Crowdfunding for Project and sub-projects
- General (?)
- Customers and users relations(?)
- Customers and users support(?)
- Translations: (?)
- Graphics: (on our own)
- Website: (on our own)
Mempo roadmap
This project is ambitious in scope - it will be release in stages.
Stage 1
Addon to Debian that makes it hardened (Kernel, PAX) and allows easy, secure, private, compartment-based use for communication, publishing, e-currencies.- Kernel: GrSecurity, PAX, on max settings
- Grsecurity profiles (like FW+AV rules) for main software
- Hardened-compilation of important software
- Executable code anti-troyan hardening of some applications (removing JIT), with allowing also the -fast version
- Firewall on Host
- Easy creation of VMs
- Easy execution of important applications in isolation (chroot, secured Xnest?)
- Easy toggle of VM settings: Tor, VPN, Darknet
- One-click access to no-censorship storage darknet: Freenet with FMS (boards) and Sone (twitter)
- One-click access to no-censorship darknet: including id3nt twitter, darknet-IRC (irc2p), darknet-chat (jabber?)
- One-click access to break-prism applications, many preconfigured for Tor where possible
- Repository
- Verificable builds
- Secure multi-signed build
Mempo source-code
Editing code is very easy. To edit this website over github:
For users with GitHub account: On https://github.com/mempo/mempo-websites use fork repository. $ git clone git@github.com:your-username/mempo-websites.git # download over Internet $ (edit files) # also git add new_file # if you added files $ git commit -a -m "your comment" $ git push # send over Internet
Git branches standard
For bigger sub-projects that need a release cycle: master - active development; On selected users - the semi-stable version. More stable versions marked with tags. alpha - frozen for internal tests beta - frozen for everyone to use and test stable - fully tested very stable version. Only bugfixes should go there, untill next release.
Threats to security and anonymity
Even most secure computer cannot protect user against all threats, especially, when user don't know much about them. This is why education is one of the most important modules of Mempo.
| Threats |
Possible results | Mempo protection |
| Monitoring communication like email, instant messaging, VoIP by villans, governments, corporations Example: PRISM collection details |
|
Using only strongly encrypted communication. PGP encrypted e-mail communication, OTR in instant messaging. |
| IP/location discovery by villans, governments, corporations, e.g. to find inconvenient journalists, bloggers. Example: ? |
|
Using anonymizing networks like Tor, I2P, Freenet to public posts, articles. |
| DNS protocol leak protection Detailed description and test: https://www.dnsleaktest.com |
|
Using free, open DNS servers (OpenNIC project) |
| Password cracking Attacker for example tries to crack the password-protected file. Detailed description: http://en.wikipedia.org/wiki/Password_cracking Example: http://www.cert.org/incident_notes/IN-98.03.html |
|
Using only strong passwords, replacing passwords with strong encryption keys whenever possible. |
| Computer stealing Example: ? |
|
Hard disk encryption. Secure, encrypted backups. |
| Software backdoor Part of program source code allowing to bypass authentication, securing illegal remote access to a computer, while attempting to remain undetected. Detailed description: http://en.wikipedia.org/wiki/Backdoor_%28computing%29 Example: http://en.wikipedia.org/wiki/NSAKEY |
|
Runnig hi risk application in virtual machine intended only for this application. Strong isolation. |
| Hardware backdoor Similar to software backdoor but built in computer hardware Example: spy-agencies-shun-lenovo-finding-backdoors-built-into-the-hardware |
|
Using open hardware only. |
| Rootkit
A rootkit is a stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. Detailed description: http://en.wikipedia.org/wiki/Rootkit Examples: http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal |
|
Using only open source software. |
| Trojan Horse
Imitates a normal application, but implements hidden to users, undesirable functions. Often including a backdoor Detailed description: https://en.wikipedia.org/wiki/Trojan_horse_%28computing%29 Example:ZeroAccess |
|
Running untrusted application in strong isolation |
| Identity spoofing - IP address spoofing Attacker may fake IP address so the victim thinks it is sent from a location that it is not actually from. |
|
? |
| Packet sniffing Interception of data packets traversing a network |
|
Using only encrypted communication, using HTTPS Everywhere |
| Man-in-the-middle attack (hijacking) Attacker is actively monitoring, capturing, and controlling communication between two victims. Detailed description |
|
? |
| Cold-boot attack Attack requiring physical access to computer, right after cold reboot. |
|
Cleaning RAM memory when going to shutdown, SysRq, RFID |
| Evil maid attack Attack requiring physical access to computer which use disk encryption. Example |
|
? |
| Social engineering Attacker uses persuasion or deception to gain access to information systems. |
|
Education: Never trust anyone with your passwords, private keys, or sensitive data |
| Phishing Attacker attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication, e.g. bank website. Phishing is typically carried out by email spoofing or instant messaging. |
|
? |
| Quantum computer cryptography In the near future quantum computers will be powerful enough to break some of presently popular cryptografic algorithms |
|
Multi-crypt with using QC resistant cryptography |
| DNS poisoning Attack where DNS information is falsified. |
|
? |
| ... |
|
... |
Security Levels
Security levels e.g. used for creation of PGP keys, or signatures, are (or will be) rated according to our IFCCS_00001_1 scale that you can find defined below.
IFCCS-00003-1
This is the standard IFCCS_00003_1Updatabable data: Deprecated: no Constant text follows. ID: IFCCS_00003_1 Name: Naming of computers security levels. Purpose: Define scoring and naming convection to judge devices as less or more secure for crypto and other operations. Date: 2015-01-16 05:50:00 UTC Status: Published Authors: Members of IFCCS (International Free Computers and Crypto Standards).b IFCCS_00003_1::ZERO-SECURITY : do not trust this, was generated on someone else computer etc (for tests etc) IFCCS_00003_1::VERY-LOW : very bad security, e.g. Android, Windows etc IFCCS_00003_1::LOW : just using a reasonable OS IFCCS_00003_1::MEDIUM-LOW : hardened OS, basic physical security; Should defend against remote non-targeted attacks IFCCS_00003_1::medium : hardened os, physical security; Could defend against remote targeted attacks IFCCS_00003_1::medium-high : extra-hardened os; Should protect against most remote targeted attacks IFCCS_00003_1::high : Offline, guarded computer; Should protect against corporation-level attacks IFCCS_00003_1::very-high : Even more secured, maybe open hardware etc; Could stand a chance against government-level attacks IFCCS_00003_1::extra-high : Open hardware, very careful. Shielding to at least reduce EM emission (including power line). IFCCS_00003_1::near-perfect : Every device involved is fully understood and created by the operator down to all components, offline, shielded, in safe environment. (E.g. no computer used, like paper one time pad). To clarify, do not think of using near-perfect unless you build own electrical device from most basic components and hand implemented there the needed algorithms. If using existing ICs, they should be audited (decap, proper microscope, xray etc). All operation happens in highly secured location (EM shielded). Probably no one will use this at all. Dedicated air gapped rpi, could be considered very-high. OpenRISC on known FPGA, or using popular and trusted tiny MCU (e.g. attiny class) maybe extra-high, provided there are no hardware blobs. OpenCores CPU would be better choice.
WIP
This project is ongoing :)
BTC
152fnfBqRjVMDvRa5LQ2upx9tJAeHnyqHC
