On 14 Apr 2015 21:27, "Dave Warren" <[email protected]> wrote: > > On 2015-04-14 06:05, Apple Apple wrote: > >On Tails, you have to assume that the software you're running isn't actively trying to thwart you, which may not be the case since browsers often have vulnerabilities. > > It's not perfect, but it would seem to dramatically raise the bar since a browser based exploit alone is no longer sufficient to unmask a user like with TBB, and potentially with Tails.
I think Tails and indeed, operating systems in general are being a bit underrated here. An exploited Tor browser running under Tails can only access the internet through Tor because of the IPtables rules. It cannot interfere with processes running under a different Unix account because of process separation. It can only read and write files that the Tor browser user has access to. Tails, or indeed stock Linux is not massively insecure on its own. On 17 Apr 2015 06:55, "Yuri" <[email protected]> wrote: > > On 04/14/2015 15:38, WhonixQubes wrote: >> >> -- Harder: Whonix with VirtualBox, KVM, etc isolation for Tor >> >> --- Hardest: Whonix with Qubes isolation for Tor > > > I only don't understand why you are you so sure that the system with the hypervisor involved is more secure. I think the problem is that virtual machines are such a simple concept, you flick a switch and magic security things happen. Few people stop and realize that they don't know the first thing about how hypervisors actually work on a hardware and software level. In reality something as trivial and obscure as an absent iommu can completely negate any "isolation" you think you are getting. I would strongly advise people to educate themselves before pinning all their privacy, anonymity and security on technologies they don't understand or worse still, actively encouraging other people to do the same. If you went to Google Scholar and grabbed all the papers you could find on Tor and other anonymity solutions before using them then why don't you do the same thing with virtualization? On 14 Apr 2015 22:41, "WhonixQubes" <[email protected]> wrote: > However, with disk encryption, deleting VMs after usage, and overwriting disk space, this same anti-forensics effect can be accomplished with Whonix. Have you thought about what happens when the host PC runs out of memory and begins to swap? Hell, what about closing the lid of your laptop? The contents of virtual machines, details of Tor circuits, opened webpages could all be permanently saved to disk in plaintext right? This is something Tails explicitly designs against. I understand people are passionate about Whonix and I'm not trying to bash it, I just want a balanced discussion. I don't think it benefits anyone to convince ourselves that a particular solution is the perfect one true answer and everything else is crap. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
