Delivery-Date: Tue, 14 Apr 2015 16:26:54 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 699071E03D2
	for <archiver@seul.org>; Tue, 14 Apr 2015 16:26:52 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6EEDF33893;
	Tue, 14 Apr 2015 20:26:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E3A6333878
 for <tor-talk@lists.torproject.org>; Tue, 14 Apr 2015 20:26:44 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 9AxDicbOKMnD for <tor-talk@lists.torproject.org>;
 Tue, 14 Apr 2015 20:26:44 +0000 (UTC)
Received: from vincent.hireahit.com (vincent.hireahit.com [23.19.120.58])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id CE28F3385F
 for <tor-talk@lists.torproject.org>; Tue, 14 Apr 2015 20:26:44 +0000 (UTC)
Received: from VINCENT.hireahit.com by hireahit.com (vincent.hireahit.com)
 (SecurityGateway 3.0.2) with ESMTP id SG001861827.MSG 
 for <tor-talk@lists.torproject.org>; Tue, 14 Apr 2015 13:21:24 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=hireahit.com;
 s=MD-20140321; t=1429042881; x=1429647681; q=dns/txt; h=Message-ID:
 Date:From:User-Agent:MIME-Version:To:Subject:References:
 In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=1SFivp4UB
 8LbpMY3gMcAl7B9PtMJLMG8jRF6fj2LSJE=; b=NN5ZO9eXAOj7QNCGHcZTRQXzm
 KmvpyejINiEDrRiqGjFtRVUigm4Ziod5kQUqR1gNXAX5Q3TCF1d2y5/GijBgBgbO
 nu9jTt3I8VYBtTVcLp56Sv4XwPrzQOF9XudY2T6I6YllEmZqtTV6ONBaGjjOZbMD
 qiK2yKvoZwfmZT1Rt4=
Received: from [x.x.x.x] ([184.68.44.226])
 by VINCENT.hireahit.com ([23.19.120.58])
 (Cipher TLSv1:AES-SHA:256) (MDaemon PRO v15.0.1b) 
 with ESMTPSA id 51-md50000018613.msg for <tor-talk@lists.torproject.org>;
 Tue, 14 Apr 2015 13:21:21 -0700
X-MDRemoteIP: 184.68.44.226
X-MDArrival-Date: Tue, 14 Apr 2015 13:21:21 -0700
X-Authenticated-Sender: davew@hireahit.com
X-Return-Path: davew@hireahit.com
X-Envelope-From: davew@hireahit.com
X-MDaemon-Deliver-To: tor-talk@lists.torproject.org
Message-ID: <552D76BC.2080700@hireahit.com>
Date: Tue, 14 Apr 2015 13:21:16 -0700
From: Dave Warren <davew@hireahit.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64;
 rv:24.0) Gecko/20140623 FossaMail/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <54E36CA2.9040504@mykolab.com> <5529BA28.30909@rawbw.com>
 <20150412064735.GA25987@inner.h.apk.li>
 <a6e97db5c897305c7dd655119c5eba57@riseup.net>
 <CAAgxajG9P07T0Ya_OyY4FS6ZO5HHBYQTYmttu34sp1oNseHL7A@mail.gmail.com>
In-Reply-To: <CAAgxajG9P07T0Ya_OyY4FS6ZO5HHBYQTYmttu34sp1oNseHL7A@mail.gmail.com>
Subject: Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2015-04-14 06:05, Apple Apple wrote:
> I'm not too familiar with Whonix. May I ask what it does exactly to protect
> the system from a malicious actor with root level access to the "gateway"
> machine?


As I understand it, this isn't a threat that they are addressing. 
Instead, they're trying to ensure that such access doesn't happen in the 
first place. The attack surface is inherently small since you don't run 
browsers or applications on the gateway itself, so you need to find a 
specific vulnerability in the gateway itself AND you need to find a way 
to exploit it.

By splitting the gateway and workstation, you can run less-safe code on 
the workstation, a browser level exploit wouldn't automatically be able 
to violate your privacy without a second vulnerability on the gateway 
itself since the code on the workstation doesn't have the information 
needed in the first place. On Tails, you have to assume that the 
software you're running isn't actively trying to thwart you, which may 
not be the case since browsers often have vulnerabilities.

It's not perfect, but it would seem to dramatically raise the bar since 
a browser based exploit alone is no longer sufficient to unmask a user 
like with TBB, and potentially with Tails.

At least to me, Whonix seems to be a natural "next step" beyond Tails if 
you want to ensure that an entire workstation is protected even if the 
workstation itself has compromises. It's overkill for many Tails users, 
and has tradeoffs since the gateway and workstation are split 
(introducing potential attack surfaces between the two) just as Tails 
itself is probably overkill for many TBB users.

But I might be way off.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

