Delivery-Date: Fri, 17 Apr 2015 18:31:17 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A9EA21E0CF0
	for <archiver@seul.org>; Fri, 17 Apr 2015 18:31:15 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 73C2C33954;
	Fri, 17 Apr 2015 22:31:10 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 185B43065D
 for <tor-talk@lists.torproject.org>; Fri, 17 Apr 2015 22:31:07 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Q3EqACYAHJXn for <tor-talk@lists.torproject.org>;
 Fri, 17 Apr 2015 22:31:07 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D67F921B39
 for <tor-talk@lists.torproject.org>; Fri, 17 Apr 2015 22:31:06 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 398BE40D6A;
 Fri, 17 Apr 2015 22:31:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1429309864; bh=UpgSn7H6gBD6K3BUephMsCSNBG9+I+gEkmuB3PjnlbU=;
 h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
 b=To5owt5nKX3YN4hh9tZ8qsXMhWK5idsaeGriFm3MPD8ILpReY/77MZWhB5kZk1SAG
 Xw/UPS0UKZ8AF1okfZCVw09jaiXv4uhFf1Wzq8KB9J2yEX7cbyhZaeX2fsN65Q+glH
 UNgp31B/v8+UTUKOkIClEDtn4H4vC95C2+PrHQSg=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: whonixqubes) with ESMTPSA id 19650424B9
MIME-Version: 1.0
Date: Fri, 17 Apr 2015 22:30:59 +0000
From: WhonixQubes <whonixqubes@riseup.net>
To: tor-talk@lists.torproject.org
In-Reply-To: <CAAgxajFq4C0bgjQbk+owpOw3O9hCqmPWuSWT_E8sMup0CbULVA@mail.gmail.com>
References: <54E36CA2.9040504@mykolab.com> <5529BA28.30909@rawbw.com>
 <20150412064735.GA25987@inner.h.apk.li>
 <a6e97db5c897305c7dd655119c5eba57@riseup.net>
 <CAAgxajG9P07T0Ya_OyY4FS6ZO5HHBYQTYmttu34sp1oNseHL7A@mail.gmail.com>
 <552D76BC.2080700@hireahit.com>
 <CAAgxajFq4C0bgjQbk+owpOw3O9hCqmPWuSWT_E8sMup0CbULVA@mail.gmail.com>
Message-ID: <ede4ba43e27d5e2d6dc5a086f3943e37@riseup.net>
X-Sender: whonixqubes@riseup.net
User-Agent: Riseup mail
X-Virus-Scanned: clamav-milter 0.98.6 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2015-04-17 1:34 pm, Apple Apple wrote:
> On 14 Apr 2015 21:27, "Dave Warren" <davew@hireahit.com> wrote:
>> 
>> On 2015-04-14 06:05, Apple Apple wrote:
>> 
>> On Tails, you have to assume that the software you're running isn't
> actively trying to thwart you, which may not be the case since browsers
> often have vulnerabilities.
>> 
>> It's not perfect, but it would seem to dramatically raise the bar 
>> since a
> browser based exploit alone is no longer sufficient to unmask a user 
> like
> with TBB, and potentially with Tails.
> 
> I think Tails and indeed, operating systems in general are being a bit
> underrated here.


BTW, while I primarily use Whonix, I am a Tails user too. :)


> An exploited Tor browser running under Tails can only access the 
> internet
> through Tor because of the IPtables rules. It cannot interfere with
> processes running under a different Unix account because of process
> separation. It can only read and write files that the Tor browser user 
> has
> access to.


Despite that being the good faith intention, I don't think this is true.

I believe the general principle is called "privilege escalation".

When malware escalates its privilege in bare metal 
Linux/BSD/Tails...game over.


> Tails, or indeed stock Linux is not massively insecure on its own.


With the qualifier of "massively", it depends upon the sophistication of 
attack one is comparing this statement too. Or one's own personal 
needs/standards.

Personally, I'm not comfortable with bare metal Linux or BSD distros 
anymore.

Far too much TCB attack surface for my tastes.


> 
> On 17 Apr 2015 06:55, "Yuri" <yuri@rawbw.com> wrote:
>> 
>> On 04/14/2015 15:38, WhonixQubes wrote:
>>> 
>>> -- Harder:  Whonix with VirtualBox, KVM, etc isolation for Tor
>>> 
>>> --- Hardest:  Whonix with Qubes isolation for Tor
>> 
>> 
>> I only don't understand why you are you so sure that the system with 
>> the
> hypervisor involved is more secure.
> 
> I think the problem is that virtual machines are such a simple concept, 
> you
> flick a switch and magic security things happen. Few people stop and
> realize that they don't know the first thing about how hypervisors 
> actually
> work on a hardware and software level. In reality something as trivial 
> and
> obscure as an absent iommu can completely negate any "isolation" you 
> think
> you are getting.
> 
> I would strongly advise people to educate themselves before pinning all
> their privacy, anonymity and security on technologies they don't 
> understand
> or worse still, actively encouraging other people to do the same.
> 
> If you went to Google Scholar and grabbed all the papers you could find 
> on
> Tor and other anonymity solutions before using them then why don't you 
> do
> the same thing with virtualization?


Absolutely.

But, for security purposes, why not run Qubes + Whonix or Qubes + Tails, 
instead of just Whonix or Tails without Qubes' added system isolation?


> On 14 Apr 2015 22:41, "WhonixQubes" <whonixqubes@riseup.net> wrote:
>> However, with disk encryption, deleting VMs after usage, and 
>> overwriting
> disk space, this same anti-forensics effect can be accomplished with 
> Whonix.
> 
> Have you thought about what happens when the host PC runs out of memory 
> and
> begins to swap? Hell, what about closing the lid of your laptop?
> 
> The contents of virtual machines, details of Tor circuits, opened 
> webpages
> could all be permanently saved to disk in plaintext right?
> 
> This is something Tails explicitly designs against.
> 
> I understand people are passionate about Whonix and I'm not trying to 
> bash
> it, I just want a balanced discussion. I don't think it benefits anyone 
> to
> convince ourselves that a particular solution is the perfect one true
> answer and everything else is crap.


Right. And I personally use both, but more so Whonix.

Tails suffers from limitations due to its nature as a live distro.

Whonix suffers from limitations due to its nature as an install distro.


WhonixQubes
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

