securely backup your Tails persistent volume using Tahoe-LAFS over Tor

This HOWTO requires you to have access to a Tahoe-LAFS storage grid. You have 2 choices:

• build your own Tahoe-LAFS storage grid

• purchase Tahoe-LAFS storage grid access from LeastAuthority or other companies

why Tahoe-LAFS?

Do you backup your personal data?

Using Dropbox, AWS storage or Google Drive to backup data doesn't give users control over the confidentiality of their data. But we have a choice! We can choose to use verified end to end crypto (read the cypherpunks manifesto). When you use Tahoe-LAFS you are choosing to be in control of the verifiability, confidentiality and erasure encoding of your data.

Tahoe-LAFS storage servers only see ciphertext blobs... additionally the Tahoe-LAFS cryptographic "capabilities model" is essentially a distributed access control system. The storage servers do not authorize access to data; instead the possessor of the cryptographic capabilities can choose to share that capability... or "diminish" the cap before sharing; for instance ReadWrite caps can be dimished into ReadOnly caps etc.

why Tails?

Tails being a security hardened and easy to use Linux distribution is an excellent platform from which to run Tahoe-LAFS. Using Tails ensures that novice computer users can leverage Tahoe-LAFS's security features while reducing their risk of exposing another weak link in their system's security. The Tails dev team pays careful attention to entropy generation, clock sychronization, user space and kernel security hardening, firewall rules, frequent software security updates, expert peer review etc.

requirements:

• Tails 1.1 or higher
• connecting information to a Tahoe-LAFS grid:

A Tahoe-LAFS introducer FURL takes this form:

pb://TubID@MyOnion:OnionPort/swissnum

...and looks like this:

pb://dsagndsgmndsg6dgnqtug983nfmsdh8g@dfd2jdhfgfh8shdf.onion:33000/agkhdags7gdslgshhsg98gsndsag8fdn

procedure :

step 0: Install Tahoe-LAFS and create your configuration

sudo apt-get install tahoe-lafs
tahoe client-create ~/Persistent/.tahoe
ln -s ~/Persistent/.tahoe ~/.tahoe

replace ~/Persistent/.tahoe/tahoe.cfg with a config file like this:

[node]
nickname = client
web.reveal_storage_furls = true
web.port = tcp:7657:interface=127.0.0.1
web.static = public_html
tub.location = client.fakelocation:1
[client]
introducer.furl = pb://MyTubID@myHiddenService.onion:HiddenPort/introducer
shares.needed = 3
shares.happy = 5
shares.total = 5
[storage]
enabled = false
[helper]
enabled = false
[drop_upload]
enabled = false
[client-server-selection]

NOTE: you'll want to adjust the shares.needed/happy/total appropriately for your grid!

NOTE: You absolutely must use the "tub.location" option otherwise Tahoe-LAFS will attempt to deanonymize your IP to the Introducer node.

NOTE: We are reusing the I2P console port configuration in Tails for our own Tahoe-LAFS purposes... rather than show you how to modify the Tails ferm and foxyproxy configurations. That is, in the tahoe.cfg file the web.port is set to "tcp:7657:interface=127.0.0.1" This allows you to view the url in the Tails browser: http://127.0.0.1:7657/

step 1: start your Tahoe-LAFS client

usewithtor tahoe start

the tahoe node directory defaults to ~/.tahoe... so you must either setup a symlink or you can specify the tahoe node directory in the tahoe command:

usewithtor tahoe start elsewhere/.tahoe

You'll want to check the gateway status using this URL before moving on to the next step:

http://127.0.0.1:7657/

Once the gateway status page indicates your Tahoe-LAFS client has connected to most of the grid then you can use Tahoe-LAFS to backup/restore files.

step 2: use Tahoe-LAFS to backup your Tails disk

create a backup alias

tahoe create-alias tails_backup

perform backups!

Perform the backup using the "tails_backup" alias like this:

tahoe backup --verbose ~/.ssh tails_backup:dotssh
tahoe backup --verbose ~/.gnupg tails_backup:dotgnupg
tahoe backup --verbose ~/Persistent tails_backup:Persistent

I ammend the last command to exclude some files like this:

tahoe backup --verbose --exclude='ansible-tahoe-base*' --exclude='incidents*' --exclude='twistd.log' --exclude='projects*' --exclude='tahoe-lafs*' --exclude='Music*' --exclude='virtenv-*' --exclude='virtualenv-*' --exclude='go*' --exclude='*.iso' ~/Persistent tails_backup:Persistent

step 3: restore data

Generally you can restore your data like this from the latest snapshots:

tahoe cp --verbose -r tails_backup:dotssh/Latest ~/.ssh
tahoe cp --verbose -r tails_backup:dotgnupg/Latest ~/.gnupg
tahoe cp --verbose -r tails_backup:Persistent/Latest ~/Persistent

Or you might want to restore from an old snapshot in the archives:

tahoe cp --verbose -r tails_backup:Persistent/Archives/2014-07-27_12:11:41Z ~/Persistent

Of course to restore data from a total system data loss you will have to have an accessible backup of either your Tahoe-LAFS nodeDir (e.g. ~/.tahoe) or the Introducer FURL and any Tahoe capability aliases you used to store data on.

I've got an opsec procedure for data-less travel and restore from onion grid; it's designed around encapsulating all the needed information in a small symmetrically encrypted blob that is hidden before wiping the drive(s) in preparation for international travel; thus temporarily locking the user out of all infrastructure and private key materials in case of search and seizure. Here's my attempt to automate much of this procedure:

https://github.com/david415/hidden-tahoe-backup

Appendix A: Renew leases and Repair Tahoe-LAFS data

In the future after performing backups... if you want to be extra safe before a restore situation arises then it would be advisable to perform a repair on the data:

tahoe deep-check --repair --add-lease --verbose tails_backup:dotssh
tahoe deep-check --repair --add-lease --verbose tails_backup:dotgnupg
tahoe deep-check --repair --add-lease --verbose tails_backup:Persistent

or perhaps you only care about repairing the latest snapshot:

tahoe deep-check --repair --add-lease --verbose tails_backup:dotssh/Latest
tahoe deep-check --repair --add-lease --verbose tails_backup:dotgnupg/Latest
tahoe deep-check --repair --add-lease --verbose tails_backup:Persistent/Latest

Appendix B: additional considerations for Tails users

You'll probably want to setup a dotfiles symlink for your .tahoe directory:

amnesia@amnesia:/live/persistence/TailsData_unlocked/dotfiles$ ln -s ~/Persistent/.tahoe
amnesia@amnesia:/live/persistence/TailsData_unlocked/dotfiles$ ls -la .tahoe
lrwxrwxrwx 1 amnesia amnesia 31 Aug 12 01:32 .tahoe -> /home/amnesia/Persistent/.tahoe
amnesia@amnesia:/live/persistence/TailsData_unlocked/dotfiles$ 

As root add "tahoe-lafs" to /live/persistence/TailsData_unlocked/live-additional-software.conf so that your persistent volume will store a copy of the Tahoe-LAFS package which gets installed upon bootup.

Appendix C: why use torsocks (usewithtor)? got native Tor integration?

Yes... we are working on it... and we'll have native Tor integration for Tahoe-LAFS soon:

• https://tahoe-lafs.org/trac/tahoe-lafs/ticket/517#comment:20
• http://foolscap.lothar.com/trac/ticket/203

Appendix D: basic info

what the hell is an onion grid?

An onion grid refers to a Tahoe-LAFS storage grid, a collection of Tahoe-LAFS storage servers that are only accessible via Tor hidden services. That means the identity/location of the storage servers are protected by the Tor network.

At this time the Tor Project is redesigning Tor hidden services to have more powerful security and anonymity guarantees; Tor hidden services need some love. Endeavors using Tahoe-LAFS onion grids will benefit from these future design changes to Tor Hidden Services.

more info

• Tails project website

• Tor project website

• Tor Hidden Servies explained

• Tahoe-LAFS project website

• my favorite white paper about Tahoe-LAFS