Using a Dell Inspiron 6400 laptop with Broadcom BCM4311 wlan chipset and Incognito 2009.0-beta.
I'm interested in anonymizing, secure live Linux distros principally for two reasons: I want to browse the Internet anonymously, and I want to learn through hands-on experience about current issues of privacy and surveillance that may affect me. For that reason, I've been checking out Incognito, Privatix and Polippix.
I had to jump through a lot of hoops to get Incognito to work on my system, and it still doesn't work very smoothly. One serious limitation is the fact that changes to system files and configuration are not persistent, only changes in the user's home directory are.
My laptop uses the BCM4311 chipset from Broadcom to provide wlan functionality, and that's the only way I can connect to the Internet. There are two drivers that support this chip in Linux, a Windows driver that can be used with ndiswrapper and a Linux native driver (b43). Both drivers require proprietary software from Broadcom that has to be installed by the user. As of kernel >2.6.26, the native b43 driver is to be preferred, as it often works better than using ndiswrapper with the Windows driver, esp. with WPA encryption. To get the native driver working one has to extract firmware microcodes from the Broadcom Windows driver and as root put them in a folder /lib/firmware/b43.
So, first one has to download the prepackaged Windows driver from the web (how do this without a functioning Internet connection?), extract it e.g. with cabextract, then extract the firmware from it with fwcutter and put the firmware microcodes in the proper location in the Incognito file system. This requires root privileges that are not granted by default. However, I was fortunate to have done all of these things beforehand in my main distro, Arch Linux.
The way I finally got wlan to work was to boot Incognito with the parameter "debugcode" on the kernel line (use TAB to get there) so as to be able to do anything as root. Incognito will boot to the desktop but it will not recognize the wlan hardware. I then have to copy the b43 folder containing the Broadcom microcodes from my persistent home dir (I've installed Incognito to a USB flash drive and picked the "persistent" but non-encrypted home dir option) to /lib/firmware (which is not persistent). This has to be done as root, either from a root console or with su -c "<command>" from a user console. Next, I have to modprobe the b43 driver, and with that the WiFi LED will light up.
Then I have to configure wlan0, e.g. with the KNetworkManager applet, which means keying in the network passkey by hand with every boot. Or I can automate this by running the script shown below which includes setting up WPA2-encrypted wlan manually through wlan_supplicant. However, if I do the latter, KNetworkManager will not be fully functional, e.g. its Connection Status display doesn't work. Perhaps wicd would work better.
Next, I have to restart Tor (/etc/init.d/tor restart), in TorK press the Play button and in Firefox uncheck "Work Offline". After doing all of that I finally have a working Internet connection, through the Tor network.
Here's the script that I run in a root console that automates some of that:
# === icwlan ===
# wlan0 startup script for WPA2 encryption in Incognito Linux
# Boot Incognito with the parameter "debugmode" appended to the kernel parms line
# (use TAB key to get there)
# This will enable you to run commands as root: $ su -c "<command>"
# or directly use a root console
# Open a root console to run this script
cp -R /home/incognito/b43 /lib/firmware # copies Broadcom firmware microcodes
# create wpa_supplicant config file for WPA2, incl. running the passphrase command,
# and copy it to /etc
cp /home/incognito/wpa_supplicant.conf /etc/wpa_supplicant.conf
modprobe b43 # loads b43 driver; WiFi LED should light up
iwconfig wlan0 essid xxxxxxxxx
wpa_supplicant -B -Dwext -i wlan0 -c /etc/wpa_supplicant.conf
I was also having problems browsing with Firefox with Tor disabled. Toggling the Torbutton to "Tor disabled" alone will not do it; I found that I was still connecting through Tor. If I want to browse w/o Tor I have to bring down the firewall (/etc/init.d/iptables stop) AND shut down TorK AND restart Firefox AND uncheck "Work offline" in Firefox AND toggle the Torbutton to "disabled".
If I then want to go back to browsing again through the Tor network, I have to restart the firewall (/etc/init.d/iptables restart) AND restart Firefox AND uncheck "Work Offline" AND enable Tor through the Torbutton AND optionally start TorK again. That's really tedious. In Arch Linux in which I've installed Tor, Privoxy and TorK (and the arno-iptables-firewall), I merely have to toggle the Firefox Torbutton to enable/disable browsing via the Tor network.
I think anonym's idea of migrating Incognito to *ubuntu is a good one. If it were based on Kubuntu (supposing you want KDE) and included the Ubuntu program usb-creator (with its two dependencies mtools and syslinux), then one could create a fully persistent install of Incognito to a USB drive, with persistent home AND system dirs, obviating the need to run a script like the one above manually after every boot.
Perhaps a better way could then be found to get around this catch-22 situation with the Broadcom wlan chips that are out there by the millions. Of course, the best solution would be if Broadcom were to freely make available their proprietary firmware microcodes and they would be included with every distro in /lib/firmware. Why they put everyone through this neverending torture I don't know.
Currently, the only serious competitors to Incognito appear to be Privatix 9.07.19 and Polippix 2.1. Privatix seems nice but it makes a regular HDD install of Debian 5.0 (Lenny) to the USB thumbdrive rather than using a squashfs filesystem and running much of the system from RAM. Doesn't running a regular HDD install from a flash memory drive ruin the drive rather quickly (incessant writing of bookkeeping system files to flash memory storage which may quickly exhaust the EEPROM memory cells)? Or is this not an issue anymore with present-day flash memory technology? Also, Privatix seems to run rather slowly (not just the browsing via the Tor network that would be slow with any distro). Is this due to the fact that the entire filesystem is encrypted and the system software has to be decrypted on demand and is running from the flashdrive rather than from RAM?
Polippix v.2.1 may also be quite nice but their procedure of installing the distro to a thumbdrive isn't streamlined, and it looks as though this is a regular HDD install, too. On the other hand, this version is based on Ubuntu 9.04, and as such it may be possible to install it on a USB flashdrive using usb-creator.
To sum it up, to me it looks as though Incognito would currently be the best anonymizing live distro out there if the described inadequacies could be ironed out. Good luck with all of that!
BTW, all three of these distros include much interesting documentation about the issues of privacy, surveillance, security and their supporting technologies. It's a brave new world out there on the Internet, and there is a real need for this type of Linux distro!