BalenaEtcher, Tails and privacy 
BalenaEtcher is an open-source software developed to simplify the writing of image files like .iso and .img onto storage devices such as USB drives and SD cards. It is commonly used to install or boot operating systems on these media. BalenaEtcher is known for its user-friendly interface and supports Windows, macOS, and Linux. It allows for easy flashing of images as well as validating the writing process to ensure data integrity.
Balena Ltd. (formerly Resin.io), the company behind BalenaEtcher, is headquartered in London, UK, specifically at 7 Winkley Street. In addition to this main location, Balena has offices in the United States (Seattle) and in Greece (Athens).
Resin.io itself was founded in 2013 and has evolved over the years, changing its name to Balena. The original focus of Resin.io was on providing a modern DevOps management platform for connected devices, using Linux containers and other open technologies to simplify how developers build, deploy, and manage software for IoT devices.
The company received $9 million in funding from DFJ, GE Ventures, Ericsson, and Aspect Ventures to accelerate the growth and development of its IoT DevOps platform. This funding was used to expand the company's product range, grow the open-source community, and increase global reach through new strategic partnerships and channels.
Balena Ltd. has received $17 million in funding.
In the BalenaEtcher review dated 27.12.2023 by GameIndustry.eu, the program's behavior was investigated, and it was found that Balena's software includes several trackers and incorporates sensitive user data.
Although the program has an option that is supposed to stop data transmission (at least users are led to believe so), the function is a placebo and ineffective. To even find this option, users must open it in the Balena options menu. Pointless, as the data is gone either way.
The review includes more pictures, raw data examples, and information about the involved parties.
This software's behavior has been in place since 2020 and longer and has been blocked in the hosts files for just as long.
Some may be familiar with the Tails operating system, which gained fame through Edward Snowden.
Tails, short for "The Amnesic Incognito Live System", is an operating system focused on privacy and anonymity. It boots from a USB stick or DVD and leaves no trace on the computer it's used on. Tails routes all internet traffic through the Tor network to maximize privacy and ensure anonymity.
It is commonly recommended for sensitive tasks where privacy and security are crucial, such as in journalism, among human rights activists, and in environments where internet censorship is prevalent.
The connection between Tails and Balena is established as the Tails Foundation recommends Balena as flash software for creating Tails installations .
After the Tails Foundation was made aware via email on 27.12.2023 with key details and reference to the review, they responded quickly. In the Tails issues, a post with the topic Re-evaluate balenaEtcher and consider alternatives was opened, pointing out the problem and asking for further action.
In the main topic Investigate the outgoing network connections of Etcher , it is shown that at least a basic knowledge of strange behavior of the BalenaEtcher software has been known since 21.01.2019, but it petered out.
In the discussion about BalenaEtcher on January 8, 2024, further concerns regarding data transmission and privacy issues of BalenaEtcher in connection with Tails were raised, citing the review on GameIndustry.eu.
An analysis by a project employee confirmed once again that BalenaEtcher contacted several hosts via HTTPS and transferred certain amounts of data. It was found that despite deactivation of the telemetry function, sensitive information such as the name of the flashed image (along with various hardware identifiers) and much more, are still exfiltrated and the settings in Etcher are placebos.
The user-friendliness of BalenaEtcher is being questioned in light of these privacy concerns.
What happens next remains to be seen. As the behavior has been demonstrably present in the software by Balena for some time, the question remains how the Tails Foundation will now deal with the issue in the future.
What is BalenaEtcher?
BalenaEtcher is an open-source software developed to simplify the writing of image files like .iso and .img onto storage devices such as USB drives and SD cards. It is commonly used to install or boot operating systems on these media. BalenaEtcher is known for its user-friendly interface and supports Windows, macOS, and Linux. It allows for easy flashing of images as well as validating the writing process to ensure data integrity.
Who Owns Balena?
Balena Ltd. (formerly Resin.io), the company behind BalenaEtcher, is headquartered in London, UK, specifically at 7 Winkley Street. In addition to this main location, Balena has offices in the United States (Seattle) and in Greece (Athens).
Resin.io itself was founded in 2013 and has evolved over the years, changing its name to Balena. The original focus of Resin.io was on providing a modern DevOps management platform for connected devices, using Linux containers and other open technologies to simplify how developers build, deploy, and manage software for IoT devices.
The company received $9 million in funding from DFJ, GE Ventures, Ericsson, and Aspect Ventures to accelerate the growth and development of its IoT DevOps platform. This funding was used to expand the company's product range, grow the open-source community, and increase global reach through new strategic partnerships and channels.
Balena Ltd. has received $17 million in funding.
What Does BalenaEtcher Do?
In the BalenaEtcher review dated 27.12.2023 by GameIndustry.eu, the program's behavior was investigated, and it was found that Balena's software includes several trackers and incorporates sensitive user data.
Although the program has an option that is supposed to stop data transmission (at least users are led to believe so), the function is a placebo and ineffective. To even find this option, users must open it in the Balena options menu. Pointless, as the data is gone either way.
The review includes more pictures, raw data examples, and information about the involved parties.
This software's behavior has been in place since 2020 and longer and has been blocked in the hosts files for just as long.
Tails
Some may be familiar with the Tails operating system, which gained fame through Edward Snowden.
Tails, short for "The Amnesic Incognito Live System", is an operating system focused on privacy and anonymity. It boots from a USB stick or DVD and leaves no trace on the computer it's used on. Tails routes all internet traffic through the Tor network to maximize privacy and ensure anonymity.
It is commonly recommended for sensitive tasks where privacy and security are crucial, such as in journalism, among human rights activists, and in environments where internet censorship is prevalent.
Tails Foundation, Statement on BalenaEtcher, Discussion
The connection between Tails and Balena is established as the Tails Foundation recommends Balena as flash software for creating Tails installations .
After the Tails Foundation was made aware via email on 27.12.2023 with key details and reference to the review, they responded quickly. In the Tails issues, a post with the topic Re-evaluate balenaEtcher and consider alternatives was opened, pointing out the problem and asking for further action.
In the main topic Investigate the outgoing network connections of Etcher , it is shown that at least a basic knowledge of strange behavior of the BalenaEtcher software has been known since 21.01.2019, but it petered out.
In the discussion about BalenaEtcher on January 8, 2024, further concerns regarding data transmission and privacy issues of BalenaEtcher in connection with Tails were raised, citing the review on GameIndustry.eu.
An analysis by a project employee confirmed once again that BalenaEtcher contacted several hosts via HTTPS and transferred certain amounts of data. It was found that despite deactivation of the telemetry function, sensitive information such as the name of the flashed image (along with various hardware identifiers) and much more, are still exfiltrated and the settings in Etcher are placebos.
The user-friendliness of BalenaEtcher is being questioned in light of these privacy concerns.
What happens next remains to be seen. As the behavior has been demonstrably present in the software by Balena for some time, the question remains how the Tails Foundation will now deal with the issue in the future.
Your opinion is important – please leave a comment!
1 Comment
lightwo
2024-01-29 10:44:11
Rufus/dd all the way. I don't understand how such a project can recommend this software while overlooking advertising and tracking for good UX.
Just present a short visual guide or something.
I used Rufus a couple of times, and despite its basic UX that's potentially confusing to newbies, all results were successful.
I used dd even more times, and while it's scary having to pick the correct device by ID, all results were successful.
Valuing UX over privacy is why Windows is still dominating. Tails sounds like a project that is supposed to oppose that.