[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs

On 2015-04-14 06:05, Apple Apple wrote:
I'm not too familiar with Whonix. May I ask what it does exactly to protect
the system from a malicious actor with root level access to the "gateway"

As I understand it, this isn't a threat that they are addressing. Instead, they're trying to ensure that such access doesn't happen in the first place. The attack surface is inherently small since you don't run browsers or applications on the gateway itself, so you need to find a specific vulnerability in the gateway itself AND you need to find a way to exploit it.

By splitting the gateway and workstation, you can run less-safe code on the workstation, a browser level exploit wouldn't automatically be able to violate your privacy without a second vulnerability on the gateway itself since the code on the workstation doesn't have the information needed in the first place. On Tails, you have to assume that the software you're running isn't actively trying to thwart you, which may not be the case since browsers often have vulnerabilities.

It's not perfect, but it would seem to dramatically raise the bar since a browser based exploit alone is no longer sufficient to unmask a user like with TBB, and potentially with Tails.

At least to me, Whonix seems to be a natural "next step" beyond Tails if you want to ensure that an entire workstation is protected even if the workstation itself has compromises. It's overkill for many Tails users, and has tradeoffs since the gateway and workstation are split (introducing potential attack surfaces between the two) just as Tails itself is probably overkill for many TBB users.

But I might be way off.

Dave Warren

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to