[This page is work-in-progress, possible typos and errors]

Install Mempo: deb.mempo.org [i2p] || EVENTS: 2015-01-06 21:00 UTC meeting || RSS mempo.rss

Mempo Project - Hardened Privacy

Mempo project aims to provide most secure and yet comfortable out-of-the-box computer for Desktop and Server,
to professionals, business, journalists, and every-day users avoiding PRISM-like spying.

Mempo is now ready to be apt-get installed on top of your Debian - from our repository, follow install instructions there: deb.mempo.org [i2p]

Mempo Project is the answer to increasing surveillance of people, and endangered freedom of speech - as well to other IT attacks, cracking by hackers, viruses.

Even professional tools are not secure if there exist way around them for an attacker.


Therefore - in Mempo, the best Privacy & Security tools are used together on all levels from kernel to Apps; preconfigured for VM+Tor+VPN, for virtualization and compartment - all available in one-click fashion as Full Installable OS, Live-CD, or separate programs (sources and .deb files + deb-repo).

Do I need Mempo? [read more...]
Basically no one is really using the potential of existing security and privacy apps because of time and effort, and professional solutions are fixing given issue - but leaving other small holes.

Most people do not even know about hardware level attacks, root-kits, cold-boot, hacking NIC PCI cards, bugs in e.g. Xen, fire-wire attack, etc.

But is your computer immune (to the extent of currently available software) to known attacks?


Well. If you do use... theoretically unexploitable micro-kernel system like GNU Hurd on OpenRISC or at least GrSecurity max-settings kernel; on custom open-hardware mobo/BIOS/firmware, using PGP/post-QC where needed, with per-app files access-lists, everything is on separate VM on separate user with firewalled tunnels in between, all compiled from source after you meet all the developers on PGP signing-party - then yeah OK, in this case this Project can not offer you much :-)
In any other case - continue below for details.

Comparison of existing systems with Mempo (as planned in Stage-1 and 2 - roadmap).
System Mempo*

Tails
Whonix
QubesOS
Gentoo-H
Chrome*
Live-CD/Primary-OS/Packets Yes Yes Yes Yes No No Yes No No * No Yes No No Yes No No Yes No *
GrSecurity hardened Kernel Yesα No No No Yes Yes
GrSecurity max protection Yesα No No No Yes Yes?
GrSecurity PAX, RBAC profiles Yes No No No Yes Yes *
Hardened compilations (fortify) Yes No No No Yes No
Removed unsafe JIT code; PAX Yes No No No No No
Patching ALL privacy problems Yes wip Yes Yes No? No? No/Yes?
Running any App in VM isolation Yes No No/Yes Yes No No
Running any App in H-chroot jail Yes No No No No No?
Hardened VNC&Xnest isolation Yes No No No/Yes No No
VM: easily toggle Tor, VPN Yes Yes Yes Yes No No
VM: toggle Darknet, FW, Tunnel Yes No No No No No
Tor, I2P, Freenet, VPN preconfigured Yes Yes Yes Yes α Yes No No No Yes No No No Yes No No No No No No No No No No No
Stacking networks e.g. VPN+I2P Yes α No No/Yes No No No
All Apps and System uses privacy Yes No No/Yes No No N/A
Verify-build, multisign apt-get Yes wip No? No No No/Yes N/A
White-list AV and known-files DB Yes No No No No/Yes N/A
Bitcoin/Altcoin/e-Currency Yes No No No No No
Provides custom open hardware Yes No No No No No?
Crowdfunding fixes, fast devel Yes No No No No No
Real time threats warnings Yes No No No No No
Buy prebuilt on most open hardware Yes No No No No No
Paranoia-free lead developers No Yes? Yes? Yes? Yes Yes

FAQ-1: To clear any initial miss-conceptions or questions: Mempo is:

Mempo description

All layers of security - the weakest link is the problem

How good is your super-secure encryption or network, if kernel rootkit can go around it?

Mempo System Layers
Entire System - from hardware, kernel, throught system, VM creation, up to applications is secured.

Each of the layers is created by researching and selecting best available software in given category. Programs are configured to use and reinforce each-other to fit nicelly (e.g. email uses Tor, Tor can use VPN, grsecurity contains any exploits, apt-get uses all of above to be sure). User applications are also preconfigured and ready to use in most secure way.
Show technical details: ⇨⇦ click checkbox to open
  • Hardware - Selected parts. Coreboot BIOS. Protected RO boot+mbr. Own OpenHW: HWRNG, pin/pgp-keyboard, anti-breakin case. RFID (auto-lock, auto-erase on theft).
    Open CPU (OpenRISC?) for selected tasks in future (keygen, most secret messages, bitcoin wallet).
  • kernel - Currently Linux kernel. Hardened with Grsecurity+PAX (instead just SE Linux). Slim, just few drivers (secure/FOSS). Custom paranoid patches (memory scrub, AES key in CPU registers etc).
  • System - LUKS and other full-root encryption. Hidden filesystem. One-time, PIN, USB-key passwords. New SysRq instant lockdown. RBAC file-access profiles and PAX flags.
    Graphics - X with light WM/DE (XFCE?) patched to block driver exploits (ioport).
  • Mempo manager - create VMs, isolated users. Manage all protections in one place (optional GUI).
    Backup and sign allerts. Log all events (encrypted). Show information in not-distracting way (GUI).
    Multi-sign apt-get; verificable binary builds. White-list database antivirus.
    Signing binaries. Adding custom binary (TPE, for developers). Run program in One-time VM or user.
  • VM, Isolation - all programs can be completly isolated, both as VM and user chroot.
    Full compartment of every program×user is now feasible, or isolating² - again inside VM.
    Heavy isolation - by running in VM (Xen, KVM), similar to Qubes-OS.
    Light and strong - by running as separate unix user chroot/isolated, with Xnest/VNC, iptables/grsecurity-RBAC.
    Copy/paste across VMs/users, also share file/text (local encrypted tunnels/SFTP/xmpp).
  • Networking - Tor, Freenet, I2P, VPN or normal. With stacking (Freenet+VPN; I2P+VPN).
    Selectable per each VM and user. Toggable server-mode, cover traffic. Auto profiles (work/home/travel/gsm).
  • Encryption - PGP, good default settings (keyserver over Tor). Preinstalled keys of Mempo. QC resistant crypto. Multi-crypt (stack e.g. AES+QC1+QC2). Secure random generator (HWRNG, entropy to VMs, bigger pools).
  • Applications all preconfigured to use above tools.
    • Chat and VoIP: Pidgin, Jitsi, Mumble, Linphone - using Tor/VPN/I2P OTR/PGP.
    • E-Money: Bitcoin, Namecoin, Alt-coins. Tor/VPN/I2P, backup (to RAID, to remote). Log of all operations. Isolated wallet: in VM (encrypted), fast-bootstrap.
    • Email: Thunderbird, Kmail - using Tor/I2P/VPN PGP, also Freemail.
    • Web: Firefox with privacy plugins (https everywhere, Adblock, privoxy, more). No-Javascript/plugins in selected profiles. Easy usage of services: OpenStreetMap, DuckDuckGo, StartPage, YACY.

Steps to get secure Mempo

Take following steps to best configure your system up to the Mempo standard.
  • Install Debian 7 x86_64 on your computer
  • Add Mempo APT repository as in deb.mempo.org (or .i2p)
  • Install Mempo kernel as described there. Including grsec sysfs settings and pax fattr flags.
  • Install Tor, configure with proper options:
    As root, configure this and restart tor.
    In file /etc/tor/torrc find line with "SockPort" (or add it) and add there following options so it will read as:
    SocksPort 9050 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol  IsolateDestPort IsolateDestAddr
    This is very important, otherwise same Tor circuit is re-used even for different programs and servers making it much easier to correlate your various activities!
    TEST: To test if that works, open few "what is my IP" pages and verify if they show different IP each usually
    Som pages to test IP (open this is Tor-enabled browser that uses the main system Tor): http://mempo.org/ip/ or http://myipinfo.net/
    		
  • Install Privoxy, configure with proper options to use Tor:
    As root, configure this and restart privoxy:
    In file /etc/privoxy/config uncomment (or add) following line: 
    forward-socks5   / 127.0.0.1:9050 .
    TEST: get a browser that does NOT integrate with Tor directly, and merly configure in it a http proxy 127.0.0.1:8118 and check your IP on web pages (best disable javascript first).
    		
  • Configure (for each user) GPG client configuration as in github.com/rfree/fossoffice gpg.conf

Contact - developers, testers, translators, users

Everyone is invited to cooperate, users, developers, other distributions - please join our effort in creating more secure and privacy-respecting world.
  • IRC network: #mempo on irc.freenode.org(web) irc.oftc.net(Tor) and irc2p(I2P)
  • XMPP/Jabber: mempo@jit.si
  • http://mempo.org - soon
  • Website on GitHub + GitHub sources
  • Freenet: Freesite Mempo-Official USK@fiXFPRPKw3miEP1tXIi3Mz2BvfkKK1FsoATqAWi~NbY,DWl1hGrdJEpMT5-ofWBAH1HIYDauTNh8xilF8l2tCfE,AQACAAE/mempo/-1/
  • Freenet: Flog Mempo-Blog
  • Freenet: FMS board freenet, linux as well as board mempo.
  • Freenet: freemail - mempo@ym7rkpjwhfcpiqbhbovz2gtiafthwmp6rmee6wmk3quekcvo2jgq.freemail

Mempo cooperation

Created in cooperation

Everyone interested is invited to join creation of the system.
We accept and even encourage developers that protect their privacy/security (although for some positions like code reviews a well known or real-life known people are needed too).
Show credits (in progress - sign up): ⇨⇦ click checkbox to open
[Priv] - this person (or group) prefers to develop under pseudonym (but we know it's not untracable, at all).
[Anon] - this person (or group) develops anonymously (e.g. behind Tor).
[DEEP] - this person (or group) develops secrutly (e.g. only Freenet) and we hope he is quite hard to find - and therefore quite resistant for any corporation or state pressure, attacks or blackmail.
(?) - only planned - cooperation is not yet confirmed.
  • Lead
    • mempo[Priv] - mempo @irc.freenode.org @irc.oftc.net @irc2p
    • (Position opened - this could be you)
  • Marketing
    • None (Eat own dog food + you are the PR)
  • Coordination and planning
    • (Position opened - this could be you)
  • Programming - creating custom software where needed
    • vyrly(?)[Priv] - vyrly @irc.freenode.org
    • (Position opened - this could be you)
  • Electronics - creating custom hardware where needed
    • (Position opened - this could be you)
  • Alpha Testing
    • happuri(?)[Priv] - happuri @irc.freenode.org @irc.oftc.net @irc2p
    • (Position opened - this could be you)
  • Security team
    • mempo
    • (Position opened - this could be you)
  • Security advisors
    • kees(?) - Debian, Linux Kernel - kees @irc.freenode.org
    • Eleriseth(?)[DEEP] - Freenet
    • Paul Proteus(?) - Debian, verificable-builds - paulproteus @irc.freenode.org
    • Cryptography - (?)
    • Electronics - (?)
    • (Position opened - this could be you)
  • Software advisors - please contact us on IRC if you can help with given part
    • For Tor - (?)
    • For I2P - (?)
    • For Freenet - (?)
    • For VPNs - (?)
    • For Cryptography - (?)
    • For Xorg - (?)
    • For Xen, KVM - (?)
    • For other GNU applications - (?)
    • For other "Prism-Break" applications - (?)
    • For Pidgin or Jitsi - (?)
    • For Mumble or Linphone or Ekiga - (?)
    • For Bitcoin - (?)
    • For Namecoin - (?)
    • For Litecoin - (?)
    • For alt-coins - (?)
  • Servers, Hosting and test Boxes
    • Debian Project infrastructure is planned to be used since we develop in-Debian mainly
    • (negotiations)
    • (we look for friends to mirror our repos, and run test servers)
    • Thanks to GitHub.com - we already use their public services
  • Crowdfunding for Project and sub-projects
    • General (?)
    • Customers and users relations(?)
    • Customers and users support(?)
  • Translations: (?)
  • Graphics: (on our own)
  • Website: (on our own)

Mempo roadmap

This project is ambitious in scope - it will be release in stages.

Stage 1

Addon to Debian that makes it hardened (Kernel, PAX) and allows easy, secure, private, compartment-based use for communication, publishing, e-currencies.
  • Kernel: GrSecurity, PAX, on max settings
  • Grsecurity profiles (like FW+AV rules) for main software
  • Hardened-compilation of important software
  • Executable code anti-troyan hardening of some applications (removing JIT), with allowing also the -fast version
  • Firewall on Host
  • Easy creation of VMs
  • Easy execution of important applications in isolation (chroot, secured Xnest?)
  • Easy toggle of VM settings: Tor, VPN, Darknet
  • One-click access to no-censorship storage darknet: Freenet with FMS (boards) and Sone (twitter)
  • One-click access to no-censorship darknet: including id3nt twitter, darknet-IRC (irc2p), darknet-chat (jabber?)
  • One-click access to break-prism applications, many preconfigured for Tor where possible
  • Repository
  • Verificable builds
  • Secure multi-signed build

Mempo source-code

Editing code is very easy. To edit this website over github:
For users with GitHub account:
On https://github.com/mempo/mempo-websites use fork repository.
$ git clone git@github.com:your-username/mempo-websites.git # download over Internet
$ (edit files)  # also git add new_file # if you added files
$ git commit -a -m "your comment"
$ git push # send over Internet

Git branches standard

For bigger sub-projects that need a release cycle:
master - active development; On selected users - the semi-stable version. More stable versions marked with tags.
alpha  - frozen for internal tests
beta   - frozen for everyone to use and test
stable - fully tested very stable version. Only bugfixes should go there, untill next release.

Threats to security and anonymity

Even most secure computer cannot protect user against all threats, especially, when user don't know much about them. This is why education is one of the most important modules of Mempo.
Threats
Possible results Mempo protection
Monitoring communication like email, instant messaging, VoIP by villans, governments, corporations
Example: PRISM collection details
  • User sensitive data exposure
  • User identity compromised
Using only strongly encrypted communication. PGP encrypted e-mail communication, OTR in instant messaging.
IP/location discovery
by villans, governments, corporations, e.g. to find inconvenient journalists, bloggers.
Example: ?
  • User identity compromised
Using anonymizing networks like Tor, I2P, Freenet to public posts, articles.
DNS protocol leak protection
Detailed description and test: https://www.dnsleaktest.com
  • ISP can log and monitor your activity
Using free, open DNS servers (OpenNIC project)
Password cracking
Attacker for example tries to crack the password-protected file.
Detailed description: http://en.wikipedia.org/wiki/Password_cracking
Example: http://www.cert.org/incident_notes/IN-98.03.html
  • Passwords compromised.
Using only strong passwords, replacing passwords with strong encryption keys whenever possible.
Computer stealing
Example: ?
  • Physical access to computer.
  • Access to data on hard disk
  • User sensitive data exposure
  • Cold-boot attack possibility
  • Lost of data
Hard disk encryption. Secure, encrypted backups.
Software backdoor
Part of program source code allowing to bypass authentication, securing illegal remote access to a computer, while attempting to remain undetected.
Detailed description: http://en.wikipedia.org/wiki/Backdoor_%28computing%29
Example: http://en.wikipedia.org/wiki/NSAKEY
  • Unauthorized access to the system
Runnig hi risk application in virtual machine intended only for this application. Strong isolation.
Hardware backdoor
Similar to software backdoor but built in computer hardware
Example: spy-agencies-shun-lenovo-finding-backdoors-built-into-the-hardware
  • Unauthorized access to the system
Using open hardware only.
Rootkit A rootkit is a stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
Detailed description: http://en.wikipedia.org/wiki/Rootkit
Examples: http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
  • ?
Using only open source software.
Trojan Horse Imitates a normal application, but implements hidden to users, undesirable functions. Often including a backdoor
Detailed description: https://en.wikipedia.org/wiki/Trojan_horse_%28computing%29
Example:
ZeroAccess
  • Unauthorized access to the system, data, passwords theft
Running untrusted application in strong isolation
Identity spoofing - IP address spoofing
Attacker may fake IP address so the victim thinks it is sent from a location that it is not actually from.
  • Attacker can access to the local network with a valid IP address.
?
Packet sniffing
Interception of data packets traversing a network
  • Passwords compromised.
  • User sensitive data exposure
Using only encrypted communication, using HTTPS Everywhere
Man-in-the-middle attack (hijacking)
Attacker is actively monitoring, capturing, and controlling communication between two victims. Detailed description
  • Attacker captures and modify messages in communication.
  • Attacker is eavesdropping encrypted communication.
?
Cold-boot attack
Attack requiring physical access to computer, right after cold reboot.
  • Private keys compromised.
Cleaning RAM memory when going to shutdown, SysRq, RFID
Evil maid attack
Attack requiring physical access to computer which use disk encryption.
Example
  • Passwords to encrypted volume compromised.
?
Social engineering
Attacker uses persuasion or deception to gain access to information systems.
  • Passwords compromised
  • User sensitive data exposure
Education: Never trust anyone with your passwords, private keys, or sensitive data
Phishing
Attacker attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication, e.g. bank website. Phishing is typically carried out by email spoofing or instant messaging.
  • User sensitive data exposure
  • Passwords compromised
?
Quantum computer cryptography
In the near future quantum computers will be powerful enough to break some of presently popular cryptografic algorithms
  • User sensitive data exposure
  • Passwords compromised
Multi-crypt with using QC resistant cryptography
DNS poisoning
Attack where DNS information is falsified.
  • ?
?
...
  • ...
...
Quick pastebin for developers etc. Files here are not yet verified!" Always check digital signatures, and for important things better build from sources (after checking their checksums too)