[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Use of TBB behind a physically isolated Tor router?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Thank you for the prompt reply, thoughts and links to read up on.
My reasoning behind wanting isolation is due to the many cases of the
past in which certain adversaries were successful in identifying a Tor
user after compromising the system either through a browser exploit, some
0day etc... because only that specific application was configured for Tor and
not the whole system. This is why Whonix (and Qubes OS which uses Whonix) separates
the Tor gateway from workstation via virtualization. Even with software isolation
though I am beginning to think that hardware isolation when implemented properly
is more secure than software isolation, with all the Xen bugs recently. I know
that it can be an issue with background applications sending identifying info,
and while this can be mitigated by not using some noisy sketchy OS like Mac OSX or 
Windows that spies on users, the risk will still be there. In the past I have used stream
isolation to address this. I have played around with stream isolation for each 
destination address and also with setting stream isolation based on destination port. 
Thoughts on stream isolation for this?

Of course other precautions would need to be taken, such as removing the internal wifi and bluetooth
card to prevent any compromise from identifying location. Along with not using the same computer
or OS for personal use and other uses they dont want correlated with them (but shouldn't this already be a
habit?).

That was my first intended usecase was more protection from being de-anonymized with the physical isolation.

The second usecase is for applications that are hard to configure for Tor or not made to work with Tor, to 
have it just use Tor with no application level configuration needed.

The third usecase, people sometimes use Tor not necessarily to be anonymous in but to conceal their location.
If one was concerned about an exit node sniffing their data, my philosphy is that they should not be using
plaintext anyways.

You do bring up a good idea of simply having the physical device just act as a firewall to block non Tor traffic
instead of having it act as the Tor process. I will explore this idea to see if it would work for my usecase.

Is there any comments on the way Whonix gateway and TBB work together?

- --
Cannon
PGP Fingerprint: 2BB5 15CD 66E7 4E28 45DC 6494 A5A2 2879 3F06 E832 
Email: cannon AT cannon-ciota.info

NOTICE: ALL EMAIL CORRESPONDENCE NOT SIGNED/ENCRYPTED WITH PGP SHOULD 
BE CONSIDERED POTENTIALLY FORGED, AND NOT PRIVATE. 
If this matters to you, use PGP.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZIhqOAAoJEAYDai9lH2mwdZUP/R+vcGIu6GDA/LValrZ4Ujex
GEP/mhF2lt2hpz03tiCYikzttCUKxsOTmgZM49PwPrjGs2pfmOEAuKlXPtLqZx7i
mgSjUTROZ7YHJUO8G5IkdQSnk+oUQ7NSZgerWRbMDABEaYUyQd1NU86NLFi6OxMA
6dqy626X6ERY/2JSUD+STQ7s9XnMEs/zso1uNZbEaMUuMq3/ZmAkl/3ptwSjZ+vy
r+X3YdtT5drCKOxPp9GzdZZTTPyEik/pqNieB+DdF/o9uayyamW3wlcq0mFUBRIN
zBu7kqVog7INRmSSxv5NSYp1ZImP0uG0+k+dD5lN1VAnLp9pR0qp2hDRV4DSzSO6
4zyH5gCwjV5T4rGmk5cAmCtMoh27cJzEXNuMiJCsYln3zjG0Q1gBUhBwaHWp15JQ
qbBwdi8G/wbmR177sU2oOf9IO3z5WJoulSTyGrNofXwm6qoKGqOOqdQ4L0ci1rV6
9/4w9Tu0X5KxlBojZBxdtgwCd3OpPt9CpmO9P5KzmQOr1Timn97fHbs2BC/3AfBP
JyPt9bLpNjwWHmlbUnQuXwK8yASwZs0PLoANG3q+p4E9onQO9Eqy2iJpk9hvO0Kg
/nc9D5rZEhAtAANKBS3VAxUcl0+NPHsdDwcU7fSsMGYCO3TvmB0ui06g5bqAA/Vj
QyFMPf13D3zKIRzfu/4y
=mRBH
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk AT lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk