Mempo Project - Hardened Privacy

⌘ Mempo project aims to provide most secure and yet comfortable out-of-the-box computer for Desktop and Server,
to professionals, business, journalists, and every-day users avoiding PRISM-like spying. ⌘

Mempo Project is the answer to increasing surveillance of people, and endangered freedom of speech - as well to other IT attacks, cracking by hackers, viruses.

Even professional tools are not secure if there exist way around them for an attacker.

Therefore - in Mempo, the best Privacy & Security tools are used together on all levels from kernel to Apps; preconfigured for VM+Tor+VPN, for virtualization and compartment - all available in one-click fashion as Full Installable OS, Live-CD, or separate programs (sources and .deb files + deb-repo).

Do I need Mempo? [read more...]

Basically no one is really using the potential of existing security and privacy apps because of time and effort, and professional solutions are fixing given issue - but leaving other small holes.

Most people do not even know about hardware level attacks, root-kits, cold-boot, hacking NIC PCI cards, bugs in e.g. Xen, fire-wire attack, etc.

But is your computer immune (to the extent of currently available software) to known attacks?

Well. If you do use... theoretically unexploitable micro-kernel system like GNU Hurd on OpenRISC or at least GrSecurity max-settings kernel; on custom open-hardware mobo/BIOS/firmware, using PGP/post-QC where needed, with per-app files access-lists, everything is on separate VM on separate user with firewalled tunnels in between, all compiled from source after you meet all the developers on PGP signing-party - then yeah OK, in this case this Project can not offer you much :-)
In any other case - continue below for details.

Comparison of existing systems with Mempo (as planned in Stage-1 and 2 - roadmap).

System	Mempo^*	Tails	Whonix	QubesOS	Gentoo-H	Chrome^*
Live-CD/Primary-OS/Packets			^*			^*
GrSecurity hardened Kernel	^α
GrSecurity max protection	^α					?
GrSecurity PAX, RBAC profiles						^*
Hardened compilations (fortify)
Removed unsafe JIT code; PAX
Patching ALL privacy problems	^wip			?	?	/?
Running any App in VM isolation			/
Running any App in H-chroot jail						?
Hardened VNC&Xnest isolation				/
VM: easily toggle Tor, VPN
VM: toggle Darknet, FW, Tunnel
Tor, I2P, Freenet, VPN preconfigured	^α
Stacking networks e.g. VPN+I2P	^α		/
All Apps and System uses privacy			/			N/A
Verify-build, multisign apt-get	^wip	?			/	N/A
White-list AV and known-files DB					/	N/A
Bitcoin/Altcoin/e-Currency
Provides custom open hardware						?
Crowdfunding fixes, fast devel
Real time threats warnings
Buy prebuilt on most open hardware
Paranoia-free lead developers		?	?	?		?

FAQ-1: To clear any initial miss-conceptions or questions: Mempo is:

Light and fast
Easy for non-technicals
Modular addons
Learning from Tails, Qubes-OS, Hardened-Gentoo
...but providing more
Prefering GrSec+PAX over SE Linux
Usable like regular Debian
Developed inside Debian.org
Usable on all Linux
Usable on home-made PC
As Primary OS
As packets
As Live-CD
Flash/Wine/etc compatible (VM)
At stage of prototyping
To deliver custom hardware
Always BSD/GPL/0-CC licensed
Giving back to FOSS
Cooperative!
To be crowdfunded
Apolitical
User education focused

Mempo description

All layers of security - the weakest link is the problem

How good is your super-secure encryption or network, if kernel rootkit can go around it?

Entire System - from hardware, kernel, throught system, VM creation, up to applications is secured.

Each of the layers is created by researching and selecting best available software in given category. Programs are configured to use and reinforce each-other to fit nicelly (e.g. email uses Tor, Tor can use VPN, grsecurity contains any exploits, apt-get uses all of above to be sure). User applications are also preconfigured and ready to use in most secure way.

Show technical details: ⇨⇦ click checkbox to open

Hardware - Selected parts. Coreboot BIOS. Protected RO boot+mbr. Own OpenHW: HWRNG, pin/pgp-keyboard, anti-breakin case. RFID (auto-lock, auto-erase on theft).
Open CPU (OpenRISC?) for selected tasks in future (keygen, most secret messages, bitcoin wallet).
kernel - Currently Linux kernel. Hardened with Grsecurity+PAX (instead just SE Linux). Slim, just few drivers (secure/FOSS). Custom paranoid patches (memory scrub, AES key in CPU registers etc).
System - LUKS and other full-root encryption. Hidden filesystem. One-time, PIN, USB-key passwords. New SysRq instant lockdown. RBAC file-access profiles and PAX flags.
Graphics - X with light WM/DE (XFCE?) patched to block driver exploits (ioport).
Mempo manager - create VMs, isolated users. Manage all protections in one place (optional GUI).
Backup and sign allerts. Log all events (encrypted). Show information in not-distracting way (GUI).
Multi-sign apt-get; verificable binary builds. White-list database antivirus.
Signing binaries. Adding custom binary (TPE, for developers). Run program in One-time VM or user.
VM, Isolation - all programs can be completly isolated, both as VM and user chroot.
Full compartment of every program×user is now feasible, or isolating² - again inside VM.
Heavy isolation - by running in VM (Xen, KVM), similar to Qubes-OS.
Light and strong - by running as separate unix user chroot/isolated, with Xnest/VNC, iptables/grsecurity-RBAC.
Copy/paste across VMs/users, also share file/text (local encrypted tunnels/SFTP/xmpp).
Networking - Tor, Freenet, I2P, VPN or normal. With stacking (Freenet+VPN; I2P+VPN).
Selectable per each VM and user. Toggable server-mode, cover traffic. Auto profiles (work/home/travel/gsm).
Encryption - PGP, good default settings (keyserver over Tor). Preinstalled keys of Mempo. QC resistant crypto. Multi-crypt (stack e.g. AES+QC1+QC2). Secure random generator (HWRNG, entropy to VMs, bigger pools).
Applications all preconfigured to use above tools.
- Chat and VoIP: Pidgin, Jitsi, Mumble, Linphone - using Tor/VPN/I2P OTR/PGP.
- E-Money: Bitcoin, Namecoin, Alt-coins. Tor/VPN/I2P, backup (to RAID, to remote). Log of all operations. Isolated wallet: in VM (encrypted), fast-bootstrap.
- Email: Thunderbird, Kmail - using Tor/I2P/VPN PGP, also Freemail.
- Web: Firefox with privacy plugins (https everywhere, Adblock, privoxy, more). No-Javascript/plugins in selected profiles. Easy usage of services: OpenStreetMap, DuckDuckGo, StartPage, YACY.

Contact - developers, testers, translators, users

Everyone is invited to cooperate, users, developers, other distributions - please join our effort in creating more secure and privacy-respecting world.

IRC network: #mempo on irc.freenode.org(web) irc.oftc.net(Tor) and irc2p(I2P)
XMPP/Jabber: mempo@jit.si
http://mempo.org - soon
Website on GitHub + GitHub sources

Freenet: Freesite Mempo-Official USK@fiXFPRPKw3miEP1tXIi3Mz2BvfkKK1FsoATqAWi~NbY,DWl1hGrdJEpMT5-ofWBAH1HIYDauTNh8xilF8l2tCfE,AQACAAE/mempo/-1/
Freenet: Flog Mempo-Blog
Freenet: FMS board freenet, linux as well as board mempo.
Freenet: freemail - mempo@ym7rkpjwhfcpiqbhbovz2gtiafthwmp6rmee6wmk3quekcvo2jgq.freemail

Mempo cooperation

Created in cooperation

Everyone interested is invited to join creation of the system.
We accept and even encourage developers that protect their privacy/security (although for some positions like code reviews a well known or real-life known people are needed too).
Show credits (in progress - sign up): ⇨⇦ click checkbox to open

^[Priv] - this person (or group) prefers to develop under pseudonym (but we know it's not untracable, at all).
^[Anon] - this person (or group) develops anonymously (e.g. behind Tor).
^[DEEP] - this person (or group) develops secrutly (e.g. only Freenet) and we hope he is quite hard to find - and therefore quite resistant for any corporation or state pressure, attacks or blackmail.
(?) - only planned - cooperation is not yet confirmed.

Lead
- mempo^[Priv] - mempo @irc.freenode.org @irc.oftc.net @irc2p
- (Position opened - this could be you)
Marketing
- None (Eat own dog food + you are the PR)
Coordination and planning
- (Position opened - this could be you)
Programming - creating custom software where needed
- vyrly(?)^[Priv] - vyrly @irc.freenode.org
- (Position opened - this could be you)
Electronics - creating custom hardware where needed
- (Position opened - this could be you)
Alpha Testing
- happuri(?)^[Priv] - happuri @irc.freenode.org @irc.oftc.net @irc2p
- (Position opened - this could be you)
Security team
- mempo
- (Position opened - this could be you)
Security advisors
- kees(?) - Debian, Linux Kernel - kees @irc.freenode.org
- Eleriseth(?)^[DEEP] - Freenet
- Paul Proteus(?) - Debian, verificable-builds - paulproteus @irc.freenode.org
- Cryptography - (?)
- Electronics - (?)
- (Position opened - this could be you)
Software advisors - please contact us on IRC if you can help with given part
- For Tor - (?)
- For I2P - (?)
- For Freenet - (?)
- For VPNs - (?)
- For Cryptography - (?)
- For Xorg - (?)
- For Xen, KVM - (?)
- For other GNU applications - (?)
- For other "Prism-Break" applications - (?)
- For Pidgin or Jitsi - (?)
- For Mumble or Linphone or Ekiga - (?)
- For Bitcoin - (?)
- For Namecoin - (?)
- For Litecoin - (?)
- For alt-coins - (?)
Servers, Hosting and test Boxes
- Debian Project infrastructure is planned to be used since we develop in-Debian mainly
- (negotiations)
- (we look for friends to mirror our repos, and run test servers)
- Thanks to GitHub.com - we already use their public services
Crowdfunding for Project and sub-projects
- General (?)
- Customers and users relations(?)
- Customers and users support(?)
Translations: (?)
Graphics: (on our own)
Website: (on our own)

Mempo roadmap

This project is ambitious in scope - it will be release in stages.

Stage 1

Addon to Debian that makes it hardened (Kernel, PAX) and allows easy, secure, private, compartment-based use for communication, publishing, e-currencies.

Kernel: GrSecurity, PAX, on max settings
Grsecurity profiles (like FW+AV rules) for main software
Hardened-compilation of important software
Executable code anti-troyan hardening of some applications (removing JIT), with allowing also the -fast version
Firewall on Host
Easy creation of VMs
Easy execution of important applications in isolation (chroot, secured Xnest?)
Easy toggle of VM settings: Tor, VPN, Darknet
One-click access to no-censorship storage darknet: Freenet with FMS (boards) and Sone (twitter)
One-click access to no-censorship darknet: including id3nt twitter, darknet-IRC (irc2p), darknet-chat (jabber?)
One-click access to break-prism applications, many preconfigured for Tor where possible
Repository
Verificable builds
Secure multi-signed build

Mempo source-code

Editing code is very easy. To edit this website over github:

For users with GitHub account:
On https://github.com/mempo/mempo-websites use fork repository.
$ git clone git@github.com:your-username/mempo-websites.git # download over Internet
$ (edit files)  # also git add new_file # if you added files
$ git commit -a -m "your comment"
$ git push # send over Internet

Git branches standard

For bigger sub-projects that need a release cycle:
master - active development; On selected users - the semi-stable version. More stable versions marked with tags.
alpha  - frozen for internal tests
beta   - frozen for everyone to use and test
stable - fully tested very stable version. Only bugfixes should go there, untill next release.

Threats to security and anonymity

Even most secure computer cannot protect user against all threats, especially, when user don't know much about them. This is why education is one of the most important modules of Mempo.

Threats	Possible results	Mempo protection
Monitoring communication like email, instant messaging, VoIP by villans, governments, corporations Example: PRISM collection details	User sensitive data exposure User identity compromised	Using only strongly encrypted communication. PGP encrypted e-mail communication, OTR in instant messaging.
IP/location discovery by villans, governments, corporations, e.g. to find inconvenient journalists, bloggers. Example: ?	User identity compromised	Using anonymizing networks like Tor, I2P, Freenet to public posts, articles.
DNS protocol leak protection Detailed description and test: https://www.dnsleaktest.com	ISP can log and monitor your activity	Using free, open DNS servers (OpenNIC project)
Password cracking Attacker for example tries to crack the password-protected file. Detailed description: http://en.wikipedia.org/wiki/Password_cracking Example: http://www.cert.org/incident_notes/IN-98.03.html	Passwords compromised.	Using only strong passwords, replacing passwords with strong encryption keys whenever possible.
Computer stealing Example: ?	Physical access to computer. Access to data on hard disk User sensitive data exposure Cold-boot attack possibility Lost of data	Hard disk encryption. Secure, encrypted backups.
Software backdoor Part of program source code allowing to bypass authentication, securing illegal remote access to a computer, while attempting to remain undetected. Detailed description: http://en.wikipedia.org/wiki/Backdoor_%28computing%29 Example: http://en.wikipedia.org/wiki/NSAKEY	Unauthorized access to the system	Runnig hi risk application in virtual machine intended only for this application. Strong isolation.
Hardware backdoor Similar to software backdoor but built in computer hardware Example: spy-agencies-shun-lenovo-finding-backdoors-built-into-the-hardware	Unauthorized access to the system	Using open hardware only.
Rootkit A rootkit is a stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. Detailed description: http://en.wikipedia.org/wiki/Rootkit Examples: http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal	?	Using only open source software.
Trojan Horse Imitates a normal application, but implements hidden to users, undesirable functions. Often including a backdoor Detailed description: https://en.wikipedia.org/wiki/Trojan_horse_%28computing%29 Example:ZeroAccess	Unauthorized access to the system, data, passwords theft	Running untrusted application in strong isolation
Identity spoofing - IP address spoofing Attacker may fake IP address so the victim thinks it is sent from a location that it is not actually from.	Attacker can access to the local network with a valid IP address.	?
Packet sniffing Interception of data packets traversing a network	Passwords compromised. User sensitive data exposure	Using only encrypted communication, using HTTPS Everywhere
Man-in-the-middle attack (hijacking) Attacker is actively monitoring, capturing, and controlling communication between two victims. Detailed description	Attacker captures and modify messages in communication. Attacker is eavesdropping encrypted communication.	?
Cold-boot attack Attack requiring physical access to computer, right after cold reboot.	Private keys compromised.	Cleaning RAM memory when going to shutdown, SysRq, RFID
Evil maid attack Attack requiring physical access to computer which use disk encryption. Example	Passwords to encrypted volume compromised.	?
Social engineering Attacker uses persuasion or deception to gain access to information systems.	Passwords compromised User sensitive data exposure	Education: Never trust anyone with your passwords, private keys, or sensitive data
Phishing Attacker attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication, e.g. bank website. Phishing is typically carried out by email spoofing or instant messaging.	User sensitive data exposure Passwords compromised	?
Quantum computer cryptography In the near future quantum computers will be powerful enough to break some of presently popular cryptografic algorithms	User sensitive data exposure Passwords compromised	Multi-crypt with using QC resistant cryptography
DNS poisoning Attack where DNS information is falsified.	?	?
...	...	...

[This page is work-in-progress, possible typos and errors]