[tor-talk] Use of TBB behind a physically isolated Tor router?

Mon Jun 5 09:16:42 UTC 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CANNON:
> Thank you for the prompt reply, thoughts and links to read up on. 
> My reasoning behind wanting isolation is due to the many cases of
> the past in which certain adversaries were successful in
> identifying a Tor user after compromising the system either through
> a browser exploit, some 0day etc... because only that specific
> application was configured for Tor and not the whole system. This
> is why Whonix (and Qubes OS which uses Whonix) separates the Tor
> gateway from workstation via virtualization. Even with software
> isolation though I am beginning to think that hardware isolation
> when implemented properly is more secure than software isolation,
> with all the Xen bugs recently. I know that it can be an issue with
> background applications sending identifying info, and while this
> can be mitigated by not using some noisy sketchy OS like Mac OSX
> or Windows that spies on users, the risk will still be there. In
> the past I have used stream isolation to address this. I have
> played around with stream isolation for each destination address
> and also with setting stream isolation based on destination port. 
> Thoughts on stream isolation for this?
> 
> Of course other precautions would need to be taken, such as
> removing the internal wifi and bluetooth card to prevent any
> compromise from identifying location. Along with not using the same
> computer or OS for personal use and other uses they dont want
> correlated with them (but shouldn't this already be a habit?).
> 
> That was my first intended usecase was more protection from being
> de-anonymized with the physical isolation.
> 
> The second usecase is for applications that are hard to configure
> for Tor or not made to work with Tor, to have it just use Tor with
> no application level configuration needed.
> 
> The third usecase, people sometimes use Tor not necessarily to be
> anonymous in but to conceal their location. If one was concerned
> about an exit node sniffing their data, my philosphy is that they
> should not be using plaintext anyways.
> 
> You do bring up a good idea of simply having the physical device
> just act as a firewall to block non Tor traffic instead of having
> it act as the Tor process. I will explore this idea to see if it
> would work for my usecase.
> 
> Is there any comments on the way Whonix gateway and TBB work
> together?

You might find this documentation on Whonix with physical isolation
interesting:

https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation

Cheers,
- -- 
- -Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
moment.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZNSGJAAoJELPy0WV4bWVwg20QAKUSEpKVXvP2RmdxVVRBIHWK
AEjwUBBx/WktStYW832UvM/DJZ6nexobPjT9P4tVQU42xwjcYc0HzJePLYMIgMcs
fTW+wiy+uG+GWlSaGAzPmP5icYBmP6zNlSU5+6wKBo0XJGqNYz6Ra65dtvy8DvI7
kijHUX5kTJzANxOaDBafioDiiqct7yoVJTDKn5qufhN4Xx1IDtdDNfn2waWr1W/n
QWiC0LybZeCBHRdDy3jC+HFdJ/TElopCjElQDHq5C+jANVdvTvKFCodhdvdExOBn
in/alTLj0kI9Ym4kq44XpF4NYPIB7HHAPBBfUkUpnE6LkUQUY1t5sohTPdK2FZ88
t7aaqtiU7KkJ/ERRW7vZJaWrIIsR0IYse3DCB1oWhhOKbOPteBOHJBAmzaFovPjJ
prddn0XGGvIXKYvFj/CRYJilxR/E8lEn8ptcEYfWRL726kfsz461YlN2go1bdaYH
rJqPwOjHn5b/JkXyx8qOqm67uEsaOydW8WEBPNXEn3d0j7tKDZJUaf3dGxtUU91C
eh/B9yMX2iaZDgOpb2bGShIKc00uotluk0IMkq0B/oVbc9BumZOIC6sTihza8g9m
PJG9a9xL6W/Ye6ZVWs2QtpNC4WJxMvG9NLonzCoi28/A6zQ3lfyQl1ixdERu2wSQ
2iXh0fovovdpPiAvuSvV
=B9eo
-----END PGP SIGNATURE-----