-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Thank you for the prompt reply, thoughts and links to read up on. My reasoning behind wanting isolation is due to the many cases of the past in which certain adversaries were successful in identifying a Tor user after compromising the system either through a browser exploit, some 0day etc... because only that specific application was configured for Tor and not the whole system. This is why Whonix (and Qubes OS which uses Whonix) separates the Tor gateway from workstation via virtualization. Even with software isolation though I am beginning to think that hardware isolation when implemented properly is more secure than software isolation, with all the Xen bugs recently. I know that it can be an issue with background applications sending identifying info, and while this can be mitigated by not using some noisy sketchy OS like Mac OSX or Windows that spies on users, the risk will still be there. In the past I have used stream isolation to address this. I have played around with stream isolation for each destination address and also with setting stream isolation based on destination port. Thoughts on stream isolation for this?
Of course other precautions would need to be taken, such as removing the internal wifi and bluetooth card to prevent any compromise from identifying location. Along with not using the same computer or OS for personal use and other uses they dont want correlated with them (but shouldn't this already be a habit?). That was my first intended usecase was more protection from being de-anonymized with the physical isolation. The second usecase is for applications that are hard to configure for Tor or not made to work with Tor, to have it just use Tor with no application level configuration needed. The third usecase, people sometimes use Tor not necessarily to be anonymous in but to conceal their location. If one was concerned about an exit node sniffing their data, my philosphy is that they should not be using plaintext anyways. You do bring up a good idea of simply having the physical device just act as a firewall to block non Tor traffic instead of having it act as the Tor process. I will explore this idea to see if it would work for my usecase. Is there any comments on the way Whonix gateway and TBB work together? - -- Cannon PGP Fingerprint: 2BB5 15CD 66E7 4E28 45DC 6494 A5A2 2879 3F06 E832 Email: can...@cannon-ciota.info NOTICE: ALL EMAIL CORRESPONDENCE NOT SIGNED/ENCRYPTED WITH PGP SHOULD BE CONSIDERED POTENTIALLY FORGED, AND NOT PRIVATE. If this matters to you, use PGP. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZIhqOAAoJEAYDai9lH2mwdZUP/R+vcGIu6GDA/LValrZ4Ujex GEP/mhF2lt2hpz03tiCYikzttCUKxsOTmgZM49PwPrjGs2pfmOEAuKlXPtLqZx7i mgSjUTROZ7YHJUO8G5IkdQSnk+oUQ7NSZgerWRbMDABEaYUyQd1NU86NLFi6OxMA 6dqy626X6ERY/2JSUD+STQ7s9XnMEs/zso1uNZbEaMUuMq3/ZmAkl/3ptwSjZ+vy r+X3YdtT5drCKOxPp9GzdZZTTPyEik/pqNieB+DdF/o9uayyamW3wlcq0mFUBRIN zBu7kqVog7INRmSSxv5NSYp1ZImP0uG0+k+dD5lN1VAnLp9pR0qp2hDRV4DSzSO6 4zyH5gCwjV5T4rGmk5cAmCtMoh27cJzEXNuMiJCsYln3zjG0Q1gBUhBwaHWp15JQ qbBwdi8G/wbmR177sU2oOf9IO3z5WJoulSTyGrNofXwm6qoKGqOOqdQ4L0ci1rV6 9/4w9Tu0X5KxlBojZBxdtgwCd3OpPt9CpmO9P5KzmQOr1Timn97fHbs2BC/3AfBP JyPt9bLpNjwWHmlbUnQuXwK8yASwZs0PLoANG3q+p4E9onQO9Eqy2iJpk9hvO0Kg /nc9D5rZEhAtAANKBS3VAxUcl0+NPHsdDwcU7fSsMGYCO3TvmB0ui06g5bqAA/Vj QyFMPf13D3zKIRzfu/4y =mRBH -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
