Delivery-Date: Sun, 08 Feb 2015 05:07:20 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B9B5A1E02F8
	for <archiver@seul.org>; Sun,  8 Feb 2015 05:07:18 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id C522D32E8E;
	Sun,  8 Feb 2015 10:07:14 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id CAB4232DB8
 for <tor-talk@lists.torproject.org>; Sun,  8 Feb 2015 10:07:11 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Du65sVH2WEZy for <tor-talk@lists.torproject.org>;
 Sun,  8 Feb 2015 10:07:11 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id A9A0D263C9
 for <tor-talk@lists.torproject.org>; Sun,  8 Feb 2015 10:07:11 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id D948B41936;
 Sun,  8 Feb 2015 10:07:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1423390028; bh=mJNL0GZu2luoRd9Ivnh8ul7tfTn+9EURpyVaddwsEnI=;
 h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
 b=ou3ca2/SPVF71IMeHA/9Uvkq14ZBWuysYOBnS1ZFV3bUiMoIXvpw+Djmw4pt+meGp
 DbInC7ODPeiYUI+L82bBvB4eQpUbjPCunt5fl8fPSJocou1HjL+lfo9gOKiJ7dr539
 CDcj/ss2IxxBj3Vs0doUqdL54l7pI3UL49L/Og2I=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: whonixqubes) with ESMTPSA id B8C5542072
MIME-Version: 1.0
Date: Sun, 08 Feb 2015 10:07:08 +0000
From: WhonixQubes <whonixqubes@riseup.net>
To: tor-talk@lists.torproject.org
In-Reply-To: <9695c13f1c2e25b82379b5caed54b66d@openmailbox.org>
References: <9695c13f1c2e25b82379b5caed54b66d@openmailbox.org>
Message-ID: <8d7c0a790f5d0792babbe838ef64af12@riseup.net>
X-Sender: whonixqubes@riseup.net
User-Agent: Riseup mail
X-Virus-Scanned: clamav-milter 0.98.5 at mx1
X-Virus-Status: Clean
Cc: spencerone@openmailbox.org
Subject: Re: [tor-talk] Tor as a network filter
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2015-02-08 9:29 am, spencerone@openmailbox.org wrote:
> Is there any risk to this [Whonix on a VM] like with Tails, or is
> Whonix built to function this way?


Hi!

Whonix is optimized to run as virtual machines.

It does also run on physical machines, but is optimized for VMs.

Whonix is currently based on Debian.


There are two VMs that come with Whonix.

Whonix-Workstation and Whonix-Gateway

The Whonix-Workstation is where your user applications run. You can 
alternatively use other OS desktop environments than the 
Whonix-Workstation. But this one is optimized for ensuring proper Tor 
anonymity.

The Whonix-Gateway is where the Tor service runs and all internet 
traffic from your other desktop VMs gets forced/filtered through the Tor 
connection.

This TwoVM configuration of a separate Gateway and separate Workstation 
makes it so that the Tor connection cannot be bypassed. For example, by 
malware or misconfigured apps that might otherwise leak your IP address 
or MAC address if it could break out of the VM and Tor isolation.


Hope that helps!

WhonixQubes
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

