[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Review request: TorVM implementation in Qubes OS



Abel Luck:
>>> Future Work  Use local DNS cache to speedup queries (pdnsd)
>> 
>> That could make users more fingerprintable.
>> 
>>> Future Work  Support arbitrary DNS queries
>> 
>> That could make users more fingerprintable.
>> 
> 
> Yup, I'm aware. Really I've no plans to move forward here until 
> something more concrete develops. (I'm looking at who Tails and
> Whonix, who've discussed this issue extensively).
> 
> 
>> What is it needed for anyway? Which things do not work without
>> arbitrary DNS queries?
>> 
> XMPP SRV lookups for one. Not a pressing issue of course.

If you need any "special" DNS features, I don't see why they should be
implemented on the Gateway. They can equally easy more and safely
implemented on the Workstation(s) were needed.

Things I tested: DNSSEC over Tor, DNSCrypt by OpenDNS, httpsdnsd by
JonDos. [1]

There is no reason why ttdnsd or dns cache wouldn't work on the
Workstation/AppVM.

>>> Future Work  Optionally route TorVM traffic through Tor
>> 
>> What is the motivation behind it?
> There is no good reason I can think of yet, I'm just concerened a
> user misunderstanding what a TorVM does (provides torified
> networking to other AppVms), and opening firefox on it or
> something.

I see. Not sure, if possible, but could you remove all such
unnecessary applications? Maybe make it very clear as desktop
background or automatically opening text file?

Whonix as a optional configuration "Hide the fact that you are using
Tor/Whonix". [2] Not sure if the TorVM use can be easily hidden. Users
would have to download the templates over Tor.

[1] http://sourceforge.net/p/whonix/wiki/OptionalConfigurations/
[2]
http://sourceforge.net/p/whonix/wiki/OptionalConfigurations/#hide-the-fact-that-you-are-using-torwhonix
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk