Step one in being secure is knowing you can trust the computer. ICLOAK gives you a clean computer session every time you turn it on, regardless who owns the computer and what they have done to it. The entire operating system is on the USB, we never even turn on the hard drive, leaving all those unknown keyloggers, viruses and malware dormant.
Dont broadcast your IP address, use professional tools, easily and quickly with the ICLOAK preconfigured Tor browser bundle. Every connection you make to the internet is being tracked and recorded, but with Tor your online identity is concealed with the strength of an entire online community of people who share their networks to keep the watchers at bay.
A modern, simplified interface thats preconfigured with security first settings so you dont have to spend the time doing it yourself. All of the common shortcuts and software packages right up front so you can get in, get work done and get out quickly. No more worrying or wondering if you might have left a trace, with ICLOAK security in hand you clean up just as quickly as you get started.
ICLOAK has been created from its inception with non-technical users in mind by
hiding the complex configurations, systems, and advanced programming
techniques necessary to provide a high level of security out of the box.
As a "Live OS", ICLOAK leverages the technique of loading itself completely into RAM, it is the perfect place to run a data sensitive OS. Any modifications to the system while running or any stored information is automatically destroyed on shutdown or power loss as a function of the nature of volatile memory eliminating the need to “scrub” data actively to remove it. This means even if a user was infected with some virus or malware, it would not survive restarting the computer, making any persistent infections of the ICLOAK® Stik itself physically impossible.
ICLOAK Stik is compatible with a wide array of hardware including most Macs, PCs, and Linux machines. It is able to boot from BIOS or UEFI systems without requiring modifications to the user's computer. This is achieved by hosting two bootloaders each handling either BIOS or UEFI as needed. The separation of bootloaders allows ICLOAK to be started from old BIOS based machines and newer UEFI systems without interfering with each other and limiting the possibility of bad behaving BIOSes which often refuse to load other hybrid approaches.
The ICLOAK Stik Operating System resides in a hidden partition of the USB drive, allowing users to utilize the rest of the drive as storage while keeping implementation details and sensitive files from accidental modification by their users. However, the ICLOAK platform utilizes a read-only file system which takes significant work to replace and do what is required to recreate it along with its file size and checksums. Do to the fact that ICLOAK always loads this file to RAM before starting its operating system, changes can not persist. This also allows the user to completely remove the ICLOAK Stik after it is loaded to further protect the USB drive if so desired.
Once ICLOAK is loaded and running, the user is utilizing a locked down OS. To help users improve their security we've provided limited access to what a user may be able to execute on the system as well as any threats from a hacker. In fact, ICLOAK is programmatically unable to mount the hard drives of a host system further isolating ICLOAK Stik from possible infections.
ICLOAK also blocks all outgoing network connections for every user including the end user. All outside connections happen through a specialized system user whose only task is to run the anonymization server. All applications requiring external network access must be piped through a local anonymizing proxy which sends traffic through the anonymization networks such as Tor, I2P and others.
ICLOAK currently uses the Tor network to anonymize its user's traffic. Also, leveraging all of the research and testing that has already gone into the Tor Browser Bundle to make it the most secure and continuously developed browser for Tor, ICLOAK has adopted it and has already begun to improve upon it. The current Tor Browser Bundle as it is distributed can only route its browser's traffic through the Tor Network. With ICLOAK, we've decoupled the Tor service and browser by creating our own unified system Tor controller for the entire OS which gives the user ease of access to changing IPs and routing other applications and data through the network. Our Tor controller provides the required hooks to launch applications that require network connectivity. The controller also makes itself available to the rest of the system through the DBUS, allowing multiple, concurrently-running programs to communicate with one another. This allows us to later extend Tor connectivity to other applications as desired while transparently routing their network traffic through Tor using TorSocks. TorSocks is a network sockets wrapper which replaces the system sockets for an application to route traffic through the current Tor proxy service in the system.
The combination of a Tor Controller, Tor Service and TorSocks together with a locked network are the basis of our application’s anonymized subsystem. The importance of this is non-trivial. The sophisticated, low level programming required to accomplish this makes our platform capable of securing many kinds of network traffic from email, to instant messaging, to VOIP, and more.
Although the current implementation of the ICLOAK Filesystem is read-only for security, we can deliver system updates, security patches, applications and improvements to our users through our secure update server. The update process rebuilds the read-only file system with the new changes delivered by our trusted servers with our cryptographically signed binaries. With this system, we are also able to provide public proof that the software installed has not been tampered with in any way through the use of checksums. Downloading updates can also happen through the Tor Network to keep user anonymity intact even while updating ICLOAK.
Because ICLOAK is based on Ubuntu, we benefit from a large community of open source developers releasing security updates and patches we can directly include into the ICLOAK Stik update process.
ICLOAK is its own isolated operating system. Like TAILS, ICLOAK is a portable operating system where a user can securely and anonymously work with sensitive data. Unlike TAILS, ICLOAK Stik does not assume the end user is already knowledgeable with a Linux desktop environment. We have slimmed the Linux experience to its basic components our target audience needs without introducing them to unfamiliar Linuxisms.