by Chelsea
As our lives are propelled through an increasingly threatening symbiosis of surveillance capitalism, authoritarian states, and their sponsored militias, the need for accessible security tools is becoming more apparent by the day.
Security is for everyone
SEALFAIL is a secure operating system designed from the ground up to help put activists and militant organizations on an equal footing against such threat actors by empowering them with a powerful and accessible tool to help implement communication, information, and operation security procedures. (COMSEC / INFOSEC / OPSEC)
System overview
  • Leave everything up to SEALFAIL. Select the system's language and enjoy the fully-automated installation.
  • SEALFAIL is compliant to the US Department of Defence's highest security standards.
  • The system is read-only, massively increasing the security of the system.
  • SEALFAIL is fully volatile. The system is restored to its factory state every time it is powered up.
  • SEALFAIL comes with pre-installed, LXC-containerized software of activist interest. Each LXC instance is spawned in its own TMPFS.
  • Despite its volatility, SEALFAIL allows for permanent storage through the means of an encrypted virtual machine serving the contents of an encrypted virtual disk from its own partition to each LXC instance through a host-only CIFS link.
  • Your organisation can easily customize SEALFAIL to suit its specific needs. SEALFAIL is intended to be modified.
The storage architecture designed for SEALFAIL is a way to integrate permanent storage into a volatile, read-only machine.

Applications are launched within LXC containers spawned in TMPFS (RAM storage) which are then communicating with the permanent storage thought CIFS. The CIFS shares are located on a virtual machine's virtual encrypted disk, itself running read-only with its data disk located on another partition. In case of an emergency, a kill switch can be triggered to mangle the data disk and prevent leaks.

click on the picture to see it on fullscreen
SEALFAIL compared to Qubes and Tails
Unlike Tails, SEALFAIL offers permanent storage. While Tails can be configured to use permanent storage, doing so requires technical knowledge and is not a streamlined process. With accessibility in mind, SEALFAIL provides permanent storage out of the box without hassle. And encrypted, at that !

While Qubes is a great security solution, it isn't accessible to most people and its usage is limited to people with prior Linux experience. SEALFAIL not only makes Qubes' security accessible, but also builds on top of it by integrating US DoD hardening.

To top it all off, SEALFAIL is purpose-built, unlike both Qubes and Tails which are general-purpose operating systems. SEALFAIL comes with a pre-hardened software collection, drastically reducing the attack surface.
Who is SEALFAIL for ?
SEALFAIL is built from the ground up for use by left-wing activists and human rights NGOs. From the women in Texas providing underground abortions to the NGO operators investigating human rights abuses taking place within Taliban Afghanistan, an entire spectrum of people targetted by the state is found.

Unlike the states and right-wing militias they are fighting against, they lack the privilege of strong OPSEC standards, which is where the need for SEALFAIL arises.

SEALFAIL takes pride in its accessibility. We believe security is for everyone and therefore wish to make it as accessible as possible to people with no technical knowledge, or people with disabilities.
click on the picture to see it on fullscreen
SEALFAIL is not yet available for download. Development builds are expected to release in the near future (summer 2022).
Rest however assured that SEALFAIL will forever be free and licensed under the GPLv3 license.