[tor-talk] [tor-dev] Porting Tor Browser to the BSDs

[Dave Warren]

On 2015-04-14 06:05, Apple Apple wrote:
> I'm not too familiar with Whonix. May I ask what it does exactly to protect
> the system from a malicious actor with root level access to the "gateway"
> machine?


As I understand it, this isn't a threat that they are addressing. 
Instead, they're trying to ensure that such access doesn't happen in the 
first place. The attack surface is inherently small since you don't run 
browsers or applications on the gateway itself, so you need to find a 
specific vulnerability in the gateway itself AND you need to find a way 
to exploit it.

By splitting the gateway and workstation, you can run less-safe code on 
the workstation, a browser level exploit wouldn't automatically be able 
to violate your privacy without a second vulnerability on the gateway 
itself since the code on the workstation doesn't have the information 
needed in the first place. On Tails, you have to assume that the 
software you're running isn't actively trying to thwart you, which may 
not be the case since browsers often have vulnerabilities.

It's not perfect, but it would seem to dramatically raise the bar since 
a browser based exploit alone is no longer sufficient to unmask a user 
like with TBB, and potentially with Tails.

At least to me, Whonix seems to be a natural "next step" beyond Tails if 
you want to ensure that an entire workstation is protected even if the 
workstation itself has compromises. It's overkill for many Tails users, 
and has tradeoffs since the gateway and workstation are split 
(introducing potential attack surfaces between the two) just as Tails 
itself is probably overkill for many TBB users.

But I might be way off.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren