https://blog.torproject.org/blog/tails-24-out
-
Remove the preconfigured #tails IRC channel. Join us on XMPP instead!
** Then configure your preferred instant messaging client, for example Pidgin, which runs on Windows, GNU/Linux, and Mac OS X, to connect to:server: conference.riseup.net
room: tails
Use TLS/SSL to connect!
(Using Pidgin is terrible advice but maybe the riseup xmpp service is a good idea?)
- Use secure HKPS OpenPGP key server in Enigmail.
(I know our keyservers point to a HS, does this apply to Enigmail too?)
-
Harden our firewall by rejecting RELATED packets and restricting Tor to only send NEW TCP syn packets. (#11391)
-
Harden our kernel by:
Setting various security-related kernel options: slab_nomerge slub_debug=FZ mce=0 vsyscall=none. (#11143)
Removing the .map files of the kernel. (#10951) -
Enable Packetization Layer Path MTU Discovery for IPv4. This should make the connections to obfs4 Tor bridges more reliable. (#9268)