Delivery-Date: Sat, 05 Jul 2014 13:13:43 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 379491E0D27
	for <archiver@seul.org>; Sat,  5 Jul 2014 13:13:27 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2ED0C2FE4A;
	Sat,  5 Jul 2014 17:13:23 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 206B12FE6F
 for <tor-talk@lists.torproject.org>; Sat,  5 Jul 2014 17:07:58 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ISYyHzfp5V43 for <tor-talk@lists.torproject.org>;
 Sat,  5 Jul 2014 17:07:58 +0000 (UTC)
Received: from nm38.bullet.mail.ne1.yahoo.com (nm38.bullet.mail.ne1.yahoo.com
 [98.138.229.31])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id E613B287DE
 for <tor-talk@lists.torproject.org>; Sat,  5 Jul 2014 17:07:57 +0000 (UTC)
Received: from [127.0.0.1] by nm38.bullet.mail.ne1.yahoo.com with NNFMP;
 05 Jul 2014 17:07:54 -0000
Received: from [98.138.100.117] by nm38.bullet.mail.ne1.yahoo.com with NNFMP;
 05 Jul 2014 17:05:11 -0000
Received: from [98.138.87.8] by tm108.bullet.mail.ne1.yahoo.com with NNFMP;
 05 Jul 2014 17:05:11 -0000
Received: from [127.0.0.1] by omp1008.mail.ne1.yahoo.com with NNFMP;
 05 Jul 2014 17:05:11 -0000
X-Yahoo-Newman-Property: ymail-4
X-Yahoo-Newman-Id: 152365.52115.bm@omp1008.mail.ne1.yahoo.com
Received: (qmail 67387 invoked by uid 60001); 5 Jul 2014 17:05:11 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
 t=1404579911; bh=rFZcxVSbQNSckKcfv3Unw0zKd5/n07VmbZqyJGmjxDY=;
 h=References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type;
 b=G28JH19wdf/oSrsHEHNq52sHfGLSxNzyAMFAXds7hNMCzF8+axlRl2ImMZBldd+NkYEAYKErvENFnMjFtHOk8g4KcaWeW+fu0sN7ZVRmGJlN/RDQN0H4SNrt3qBVBqTAm0N3hhUEHF5p/f6r76hehEov9TqWixtEvbXKHyTl0FY=
X-YMail-OSG: bwH9FIwVM1nDDrPjw4IU_8ubxji1BsbLv1vqBk_Cp0qNRLq
 ygGeZedkkva0uyND0WXTVNKbiiZgjCIMVawofgVfGRYJB4gmPSapTyRxivnz
 2dJgT1D6rIiEN.V5XFoOlBI6imEgFeLZ.4IkDV6hH6GDns7x3hRsxU3G5dKD
 vVKgLVmB3VZHcA3BTG13oyweBxKVhpRvDN5ZjVd2ePxUXaAm.Yst2Mn0TQAS
 WMmQSB6ao_WST39lsjLMJ6.aQuLkb7eKVc50fKTQd.066qpdqaIuXvhj3PG6
 6LBvXlM4mwdccvTOVuFeLpSVUtny3o6b8kkugQI8jmMcItoBP4J83SuSOuh8
 g74qH2RcGE8U6G.uLCwQLB_6OPlZDLEExSrTsBRt6E5ptdc8av_uFjVd209A
 6uPQ8uJUHX753rf04l3sHVNFDixpAYlnRPlDA.hbSdOXhwet7kRSHdIdRiKc
 3_HUQwAz3fC8e2Ek56gELvdTGzI7JZYSIuown4aLW5v_OH7Filt9_lMJ9T.B
 K2Vy318Q5JwkjvqI-
Received: from [46.246.38.150] by web122401.mail.ne1.yahoo.com via HTTP;
 Sat, 05 Jul 2014 10:05:10 PDT
X-Rocket-MIMEInfo: 002.001,
 Pj4.aWYgeW91ciBub24tVk0gaG9zdCBzeXN0ZW0gaGFzIGJlZW4gY29tcHJvbWlzZWQsIHRoZXJlIGlzIGFic29sdXRlbHkgbm8KPj4.bm90YWJsZSBhZHZhbnRhZ2UgdG8gdXNpbmcgYSB2bS7CoCB5b3VyIHZtIHdpbGwgYmUgYWZmZWN0ZWQgYnkgdGhlCj4.Pm1hbHdhcmUgdGhhdCBzaXRzIG9uIHRoZSBob3N0IHN5c3RlbS7CoCAKCgpJIGRvbid0IHVuZGVyc3RhbmQgdGhpcy4gSWYgbXkgVWJ1bnR1IHN5c3RlbSBoYXMgYSB2aXJ1cyAvIHJvb3RraXQgLyB3aGF0ZXZlciB0aGVuIHdoYXQgSSBkbyBvbiBpdCABMAEBAQE-
X-Mailer: YahooMailWebService/0.8.191.1
References: <1404414258.29695.YahooMailBasic@web122406.mail.ne1.yahoo.com>
 <53B80989.7060706@bitmessage.ch>
Message-ID: <1404579910.39384.YahooMailNeo@web122401.mail.ne1.yahoo.com>
Date: Sat, 5 Jul 2014 10:05:10 -0700
From: Bobby Brewster <bobbybrewster203@yahoo.com>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
In-Reply-To: <53B80989.7060706@bitmessage.ch>
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Benefits of Running TBB in a VM?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

>>>if your non-VM host system has been compromised, there is absolutely no
>>>notable advantage to using a vm.=A0 your vm will be affected by the
>>>malware that sits on the host system.=A0 =



I don't understand this. If my Ubuntu system has a virus / rootkit / whatev=
er then what I do on it is compromised.

The VM is, in effect, a seperate OS. How would it be affected by the malwar=
e on the non-VM system?



On Saturday, July 5, 2014 3:19 PM, Tempest <tempest@bitmessage.ch> wrote:
 =



Bobby Brewster:
> =

> Currently, my Tor use model is as follows:
> =

> Me (TBB in Ubuntu) ---> VPN ---> Tor (entry node) ---> Tor network
> =

> I could, instead, do:
> =

> Me (TBB Ubuntu VM) ---> VPN (configured in VM) ---> Tor (entry node) --->=
 Tor network
> =

> However, from what I've read, there isn't really any advantages to using =
a VM unless the non-VM system has been compromised (e.g. trojan / rootkit /=
 whatever).

if your non-VM host system has been compromised, there is absolutely no
notable advantage to using a vm.=A0 your vm will be affected by the
malware that sits on the host system.=A0 however, if you use a vm and the
vm gets infected by malware, you have an extra layer of protection
against the malware infecting your host system. thus, with the snapshot
method i described, you can effectively wipe away malware in certain
scenarios.

from an anonymity standpoint, whether running from your host or from a
vm, malware with a phone home system has a greater chance of
successfully identifying you than if you used a system like whonix.

> Also, one thing I'm unclear about is, if one is using a VM, whether a bri=
dged or NAT'd connection is superior.
> =

> The only difference I can see is that the bridge provides a 192.168.x.x a=
ddress while the NAT provides a 10.0.2.x address. Both appear as the interf=
ace eth1.
> =

> Any opinions?

for anonymity, it doesn't make any difference. you're better off running
it as an "internal network" and using an additional vm as a gateway that
has rules to push all traffic through the tor network.

-- =

gpg key - 0x2A49578A7291BB34
fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

