adrelanos: > Abel Luck: >> adrelanos: >>> Hi, >>> >>> Is it Amnesic or can it be made Amnesic? >>> >>> Or in other words.... Can you be sure, that after deleting (or wiping) >>> the torified AppVM no activity can not be reconstructed with local disk >>> forensics? Could the torified AppVM be securely wiped without any >>> leftovers? (Leftovers such as swap, or what else?) >> >> Regarding deletion of the VM: I was under the impression secure deletion >> was not possible on modern SSDs. >> >> On the other hand, it should be possible to create an AppVM whose >> writeable diskspace lies in enitrely in RAM. I'll investigate this. >> >>> >>> Is Tor's data directory persistent, i.e. does it use Entry Guards? >>> >> I've not configured this explicitly, do you have any suggestions? > > Tor Browser Bundle users are using persistent Entry Guards. > > Final goal should be to share the same fingerprint with them (web > fingerprint, traffic fingerprint for local observer). If you manage to > use Tor Browser in the AppVM and Entry Guards in the TorVM, the > fingerprint should be the same. Except, that you added strong security > by isolation for the case of a browser exploit. > > Whonix uses persistent Entry Guards and Tor Browser. > > Persistent Entry Guards are planed for Tails. > https://tails.boum.org/todo/persistence_preset_-_tor/ > https://tails.boum.org/todo/persistence_preset_-_bridges/ > > Tor Browser is planed for Tails. > https://tails.boum.org/todo/replace_iceweasel_with_Torbrowser/ > > Persistent Entry Guards are considered for Liberte Linux: > Please see recent thread "[tor-talk] Location-aware persistent guards". > > So the answer is yes, I in most cases I recommend persistence for Entry > Guards and Tor's data dir. The same goes for Vidalia, since it can be > used to configure Tor and bridges. > > Some further thoughts on persistent Entry Guards: > On the other hand, non-persistent Entry Guards are more amnesic. So if > you decide to add a amnesic feature, that should be also possible to do > with the TorVM. > > There is also in the thread "[tor-talk] Location-aware persistent > guards" or in the linked ticket > https://trac.torproject.org/projects/tor/ticket/2653 are though, that > non-persistent Entry Guards are better suited for people who travel a > lot / Live CDs. >
Hm, interesting. I definitely need to implement persistent entry guards then, but providing an amnesiac option will be difficult. When would the user choose such an option, and where? >> Here's the tor config: >> >> https://github.com/abeluck/qubes-addons/blob/master/qubes-tor/start_tor_proxy.sh >> >>> Are hardware serials, such as BIOS DMI information, hdd serials etc. >>> hidden? (For a more comprehensive list of hardware serials and how to >>> test if them are visible, you could check Whonix less important >>> protected identifies as reference. [1]) >>> >> I'm fairly certain this is the case, seeing as how these are all VMs >> (xen is the hypervisor), but I've not verifier the hunch so I can't make >> this claim >> >> Hm, if you use the Qubes feature that lets you assign PCI (or USB) >> devices to a VM, then obviously, no. >> >> Thanks for the link, I'll investigate some more. >> >>> Cheers, >>> adrelanos >>> >>> [1] >>> https://sourceforge.net/p/whonix/wiki/Security/#less-important-identifies >>> _______________________________________________ >>> tor-talk mailing list >>> tor-talk@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >>> >> >> _______________________________________________ >> tor-talk mailing list >> tor-talk@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> > > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
