Freepto design

Freepto is a linux system on USB sticks; it is meant to be usable while providing a secure system.
What usable and secure means, is explained below.

Note: the key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119

Security

Goals and guidelines

We especially care about ’’disk’’ security and ’’system’’ security; this means that we MUST NOT leak data in cleartext on the device, and that we want to avoid malware as much as possible.

On-the-wire security is welcome, and the most secure way of exchanging data SHOULD be used.
When there is a tradeoff between security and usability, the developers need to reach consensus about that particular choice.

DOs

These are security policies we are interested in:

DONTs

These are things we do not really care about:

Please note that while these features are not needed for freepto, they can be implemented if they do not bring significant performance or usability problems with them

Anonimity

Goals and guidelines

Anonimity is NOT a goal for freepto. Freepto does not guarantee that the user will be anonymous in any way. Despite this, some anonimity-related tools (i.e. Tor) and configurations are provided, when they do not degrade the user experience.

DOs

Usability

We define usability in terms of usecases; a user with no advanced knowledge should easily accomplish these tasks

Workflows

Navigation

Surfing the web MUST be straightforward; this includes connecting to wifi, watching video embedded in browsers and so on.

Mail

Mail configuration with a proper mail client MUST be easy:

GPG

All GPG tools MUST be already installed and integrated in the system; these tools SHOULD be preconfigured.

We do not suppose that our users already have a gpg key, so they need to

All this MUST be possible with a graphical interface.

Jabber/OTR

A user MUST be able to run a Jabber client with OTR support, all from a graphical interface.
OTR auto-detection MUST be enabled, so that opportunistic encryption is performed.

TorBrowser Bundle

The user MUST be able to surf the web using tor in a simple way.

Automatic updates of such a critical software SHOULD be handled transparently to the user.

Persistence

The user must be able to use the usb stick just in the same way as a “normal” operative system: any change MUST be persisted across reboots.

Hardware

Freepto is targeted at x86 computers.

Boot

CPU

Devices