There’s many lengths one can go to when it comes to operation security or personal privacy. One of the safest and best options for keeping your data safe is running an intentionally secure Linux distribution. There’s two main players in this line of operating systems: Tails and LPS. Tails is known everywhere, but LPS has been generating a significant amount traffic lately – espescially within the last two weeks. Since both OS have their own advantages and downfalls, I’d like to cover a handful of them in this article.
Starting with Tails, by far the more popular OS in this category, due in part by being backed by The TOR Project. Other noteworthy companies behind the OS in either development or financial support are the Debian Project, Mozilla, and The Freedom of the Press Foundation. In the article where I wrote about Signal and Wickr, I mentioned that the NSA had leaked slides mentioning how the Signal app was a security concern for them. The same goes for Tails.
“catastrophic,” leading to a “near-total loss/lack of insight to target communications, presence…”(Source)
LPS, on the other hand, is created and maintained by the U.S. Air-force. Many countries have their own secure Linux distribution (or alternative OS), but this is the only OS the U.S. has made publicly available. On one hand, it’s a little concerning to use software that’s made by the very organization many of us are trying to avoid. But, on the bright side, the DOD and U.S. Air-force have been using LPS to protect highly sensitive information since 2011.
Storage and Persistence
Like many of the other more privacy oriented operating systems, neither of them install anything on your PC’s storage or leave any trace whatsoever. They’re installed on your USB drive and booted entirely in a live environment off RAM. Tails does have the option to create a LUKS encrypted persistent location on your flash drive, whereas LPS doesn’t have the option to write to the USB drive, at least in an easy manner. It could be considered a threat as the entire purpose of these systems is to leave no trace whatsoever but I have often found the persistence to be real help for saving keys.
Tails is a 1.1GB download and requires a 4GB or larger USB drive, but LPS is only 282MB and only requires 1GB media. Given today’s larger and larger USB drives, I don’t think the 4GB requirement is going to hold anyone back – but this might be something to think about if you are trying to run a 1GB SD Card or something similar. I believe it is possible to run on smaller media, but it hangs and lags to the point where it’s hardly useable.
Obviously both systems are created for security, but they do both have different focuses. Both systems default into a rootless mode, but Tails does allow you to enable administration at boot, if required. LPS lacks this option. It’s generally considered a bad idea to use root anyway, and an especially bad idea on an OS where security is the main concern.
LPS is more focused on the local security than Tails, hence why root is completely disabled. They both have different encryption set-ups entirely. Tails is more useful for protecting anonymity and LPS to prevent the Chinese government from spying on your classified military documents.
Tails packs this list below. (Copied from Wikipedia because individually writing about all of them would be painstaking and unnecessary.
And LPS takes a completely different approach by using an encryption wizard. Here’s what Wikipedia has listed, mostly pulled from the DOD website.
LPS comes with Encryption Wizard (EW), a simple, strong file and folder encryptor for protection of sensitive but unclassified information (FOUO, Privacy Act, CUI, etc.). Written in Java, EW encrypts all file types for data at rest and data in transit protection. Without installation or elevated privileges, EW runs on Windows, Mac, Linux, Solaris, and other computers that support the Java software platform. With a simple drag and drop interface, EW offers 128-bit AES encryption, SHA-256 hashing, RSA signatures, search-able metadata, archives, compression, secure deleting, and PKI/CAC/PIV support. Encryption can be keyed from a passphrase or a PKI certificate. EW is GOTS—U.S. Government invented, owned, and supported software—and comes in two versions, a public version that uses the standard Java cryptographic library and a government-only version that uses a FIPS-140-2 certified crypto stack licensed from RSA Security. The two versions interoperate.(Source)
LPS is not lacking in the encryption department, but is clearly deficient in terms of privacy and anonymity. This has a lot to do with the intended function of LPS. Tails encompasses everything LPS offers, as well as (almost) complete anonymity, at the price of a much bulkier package and a disgustingly slow usability.
I mentioned that Tails is a much bulkier package than LPS, and a huge part of this is due to the number of packages installed. There’s quite a handful, and unlike LPS, there is not seperate ‘light’ and ‘full’ downloads – you get what you get with Tails and there is really no way around that. If it’s too bulky for you and the packages aren’t something you’d find any use for any of them, obviously it isn’t for you. The one exception might be for Tor which has become a near necessity in the security community.
LPS, however, comes with far fewer installed packages. Like I said before, if you don’t need the packages in Tails, this is for you. There is two separate versions of the operating system: a public release and a ‘deluxe’ edition. From what I can tell, the only difference between the two is the delexe edition has an added PDF viewer and text editor.
The LPS public distribution includes a smart card-enabled Firefox browser supporting DoD’s CAC and Personal Identity Verification (PIV) cards, a PDF and text viewer, Java, a file browser, remote desktop software (Citrix, Microsoft or VMware View), an SSH client, the public edition of Encryption Wizard and the ability to use USB flash drives. A Public Deluxe version is available that adds OpenOffice.org and Adobe Reader software.
It comes with a handful of the basics, but a major lacking element is Tor. Maybe because the government strongly opposes The Tor Project.
Tails is far superior in terms of development and upgrades; just two weeks ago, Tails 2.4 came out to fix any known issues. LPS’s last patch was in January of this year. To be fair, Tails has a much more complex system and naturally would require patches for both their own security holes, as well as ones in any of the packaged apps. There’s dozens of opportunities for more security holes in Tails – LPS doesn’t have the same issue. Obviously, to both of their advantages, the added software is open source and allows for much more rapid bug discovery.
Both systems have a simple method of installing patches and can be done without root or admin privileges. Tails has a huge support community, an active blog, a fan-base on Reddit, and the ability to send support requests or bug reports from within the desktop enviroment. LPS has a DoD website and a couple 3rd party blog posts. At this moment, the DoD website that hosts the LPS download link is offline, and this isn’t the first time I have been unable to access the download link.
As I’ve stated a couple times, they both are for completely different purposes. If you are a repeat visitor of DeepDotWeb.com, chances are that Tails is the right operating system for you. They have a handful of shared features and both incorporate appropriate methods of encryption, but Tails is by far superior in protection on the Internet in general. I see no reason to use LPS over Tails unless you’re either short on space or have no need for the extra packages. Of course, if you’re worried about security, I see no reason that you wouldn’t be able to find some use for them.
There’s a couple other options for secure operating systems, and while none of them are as comprehensive as Tails, some of them may be significantly better than LPS. They are just, for some reason, lesser known. I’d check out Ubuntu Privacy Remix, JonDo Live-DVD, and of course IprediaOS. The latter I have been impressed by, and would recommend it if it had some decent documentation alongside it.