[Whonix-devel] [qubes-devel] Re: Exposing AnonVM Users with Dom0 Hardware Fingerprint Leaks
axon at openmailbox.org
Tue Feb 17 17:08:36 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
> On 2015-02-17 11:28 am, Joanna Rutkowska wrote:
>> Other platforms simply do not offer any meaningful separation
>> between the apps that primary targeted apps (e.g. a Web browser
>> used for anon browsing) and the hw specific personal identifying
>> info (NIC MACs, IP, avilable WiFi networks in the neighborhood,
>> etc). In these case if the attacker (e.g. NSA) exploits your
>> anon Web browser they already get you. In case of Qubes they can
>> start gather info such as CPUID output and mining through a
>> database of Qubes users. Quite a different level of threat IMHO.
> The former is a huge reason why I use Whonix in VMs, because of
> this fundamental architectural problem with systems like Tails,
> etc, which have access to bare metal and don't isolate the Tor
> proxy from apps.
Speaking of this, the Tor Porject has had a ticket open for over 2 years
now about wanting to "Wrap Tails inside a VM, where the out VM runs
Tor and handles the network."
Interestingly, the latest post from Erinn Clark (7 months ago) was:
"What should we do with this ticket? Leave it here? Assign to Tor VM
(what is that?)?"
But I'm pretty sure she's not referring to Qubes TorVM. (Apparently
there's something else associated with the Tor Project called "Tor VM.")
It would be cool if Qubes ended up being the solution for this.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Whonix-devel