[Whonix-devel] [qubes-devel] Re: Exposing AnonVM Users with Dom0 Hardware Fingerprint Leaks
Axon
axon at openmailbox.org
Tue Feb 17 17:08:36 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
WhonixQubes wrote:
> On 2015-02-17 11:28 am, Joanna Rutkowska wrote:
>> Other platforms simply do not offer any meaningful separation
>> between the apps that primary targeted apps (e.g. a Web browser
>> used for anon browsing) and the hw specific personal identifying
>> info (NIC MACs, IP, avilable WiFi networks in the neighborhood,
>> etc). In these case if the attacker (e.g. NSA) exploits your
>> anon Web browser they already get you. In case of Qubes they can
>> start gather info such as CPUID output and mining through a
>> database of Qubes users. Quite a different level of threat IMHO.
>
> The former is a huge reason why I use Whonix in VMs, because of
> this fundamental architectural problem with systems like Tails,
> etc, which have access to bare metal and don't isolate the Tor
> proxy from apps.
Speaking of this, the Tor Porject has had a ticket open for over 2 years
now about wanting to "Wrap Tails inside a VM, where the out VM runs
Tor and handles the network."[1]
Interestingly, the latest post from Erinn Clark (7 months ago) was:
"What should we do with this ticket? Leave it here? Assign to Tor VM
(what is that?)?"
But I'm pretty sure she's not referring to Qubes TorVM. (Apparently
there's something else associated with the Tor Project called "Tor VM.")
It would be cool if Qubes ended up being the solution for this.
[1]https://trac.torproject.org/projects/tor/ticket/7681
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJU42d+AAoJEJh4Btx1RPV8Nh8P/1tfkHPRNF8vLZvvfkw4g1KU
/RljHONhdcOqVjf+JJLz8jDvSDAOXXNU/XoVDF5q09cDzJjjVbK0ZQup451ZcGD+
DPsbXBZIpP9upQStgFKazzz3gh0z2aLoB/3wztuvgm+fZ3ab4xidhROgguiwSv1Z
BvrjjRpe+UUYS3ycV1rSZXyz80gVnRAiWDH/l0CjzbRxHpaxPsRFEY43++pVfWq1
FSXRaeGQGQOU6kiWaxcc5YpCfJ/zFFQsxEpEasIyNpuGY0bvNMtJmlRS38v9xjxc
ccouq4jKyqhHgWrK+qN9RTcoiY1qyWADDRkmycc4yMNWWpJ4hBcDfjWs92Z7uLiP
AUNvIk1Fa7NPlLppwDIlKQ+9NS3csMcjKUNn5Yn2X8TbWOqFSEh1l9KPxTunz3Z0
EZB+/aLM453EIr6yRVPm1kXOnY4QZdghxBzYL9ueiBgwc9EqUgnCWmahVwa2aQYq
C9SEj+o7bwjjZyXEmXJ5m/Zcdr5DSs7iDJRi8AdwX/8I7EZTZDMhOps+unPWOEo8
+ZxpjheisyY7aM+QvLeedzN5fChKpTq5GYNMZ4SXmvzg61BhLx6TqBo+xkZ+8o30
Pu0o16Yq/QF+6QKU56sg8RGvEYpZvDQo5OqBi2Eha/ausG252jQiEq1CQVVDcKTA
yLQZQnluNjqhc46f+YTc
=AR2c
-----END PGP SIGNATURE-----
More information about the Whonix-devel
mailing list