Silk Road forums
Discussion => Security => Topic started by: slanker on June 18, 2013, 08:14 am
-
So I have been looking at tails, Whonix and Liberté.
I have been leaning towards Liberte due to the fact I can use a VPN->bridge->TOR->Socks5
Tails does not allow VPN due to the fact they claim its less secure
Liberte will start up fresh every time
I don't know too much about Whonix but the major turn off that I read that is if you don't remove logs yourself before shutdown/power removal they are still there on the computer. I'm not sure if this has been patched but was reading some forum posts about that.
-
It depends on what you are looking for. Tails and Liberte have the primary goal of not leaving any forensically recoverable traces after you shut down. In some ways this can be even better than FDE, primarily there is nothing encrypted for you to be forced to turn over encryption keys for. On the other hand, if you use persistence then you are back at using FDE. Tails has a MAC spoofer for breaking linkability between WiFi access points and sessions. Additionally, Tails also doesn't keep entry guards for Tor which removes a fingerprint of entry guards if you use WiFi from multiple different access points (or even the same access point over sessions). On the down side, not having entry guards means that you will be much more quickly traced in the first place. I see Tails as being largely a mobile OS, for somebody who uses WiFi from many different access points.
Whonix is more focused on preventing you from being traced by hackers than it is on making sure that it doesn't leave behind any forensic traces of what you did. It does this by isolating the browser away from Tor, and also such that it is unaware of its external IP address. You can still use FDE to prevent forensics teams from recovering logs and such, however you could be held in contempt of court if you refuse to turn over your passphrase, depending largely on where you live and how badly they want you. There is also always the risk that you could be subjected to a cold boot attack or similar.
I personally lean more towards Qubes than anything, it has functionality really similar to Whonix but it takes it several steps further such that everything is isolated into its own user defined security domain. This means you can protect your private encryption keys, your external IP address, Tor, etc. It also has advanced features such as hardware isolation, and a variety of different security tools based on its isolation techniques.
-
I don't know too much about Whonix but the major turn off that I read that is if you don't remove logs yourself before shutdown/power removal they are still there on the computer.
You could store the virtual hard disks in an encrypted volume, even a TrueCrypt file. Normally I would recommend against TrueCrypt files, since metadata like filenames can leak onto the unencrypted parts of the hard drive, but the names of files in a virtual hard disk shouldn't leak, since only the OS running in VirtualBox sees them. Likewise, the content of log files shouldn't leak.
Alternatively, you don't have to use the Workstation that Whonix provides. You can install your own operating system with FDE. I wrote a guide on how to do that. It's really easy, the whole thing boils down to manually configuring the IP address, gateway and DNS. The hardest part is figuring out how to do that on some operating systems.
http://dkn255hz262ypmii.onion/index.php?topic=161335.msg1148298#msg1148298
I personally lean more towards Qubes than anything, it has functionality really similar to Whonix but it takes it several steps further such that everything is isolated into its own user defined security domain. This means you can protect your private encryption keys, your external IP address, Tor, etc. It also has advanced features such as hardware isolation, and a variety of different security tools based on its isolation techniques.
It's more secure than the other options, but probably too advanced for most people in this community.
I would love to see a Qubes Live image. Get the features of Qubes in a burn-and-boot solution. The default configuration would launch the TorVM and run the other VMs through it, create disposable VMs in RAM for opening certain filetypes, and maybe offer a persistent volume.
-
Do you plan to use this laptop only for TOR use or for personal use + tor?
If it's only for TOR, you can consider either removing the hard drive and using only systems that boot from a CD/DVD - leaving no traces on the machine - or you can set up your own system with as much isolation as possible. Probably more work, and more (encrypted) traces of use, but it can be closer to what you want to get...
-
I plan on using this outside of .onion too. So really something like whonix/Qubes is my best bet. I have been trying to load up a VM on tails. As in keep the files for whonix on my harddrive than move them over to tails than load up whonix on that. Tails is loaded on a USB. The 3.0 USB is currently not encrypted. Still got that on my list of things to do.
Qubes seems a little past me atm. I need to get use to linux commands and so on before I even attempt Qubes so was thinking whonix was going to be my best bet until than.
Any Advice on how to get a VM running up on tails would be great. I can't seem to install things onto tails. the VM are .run and .bundles
I doubt I am using the right console command. When it asked me for a password after running it I can't type anything.
-
I have been trying to load up a VM on tails. As in keep the files for whonix on my harddrive than move them over to tails than load up whonix on that.
Any Advice on how to get a VM running up on tails would be great.
So you want to run Whonix inside Tails? I swear if you hang out on this forum long enough, you'll hear everything. :)
Why do you want to do this? What benefit do you think it will give you, that for example, running Whonix on your main OS, where the virtual hard disks are already stored, won't give you?
It *may* be possible. If you log in through the admin option, you may be able to install VirtualBox from the Debian repos. I honestly don't know, because I've never heard of anyone doing this, and Tails does some nonstandard things, like with networking and filesystem mounting, and possibly kernel modules, so I don't know if VirtualBox will work. I don't know if it will require special configuration, and what that would be.
In order to use VirtualBox, you'll have to instal the kernel modules, and I don't know if that's possible.
-
bah think ill just go with Qubes or whonix. Just seems like Qubes would be hard to setup. Dunno. I really don't want to leave a finger print and don't want to risk having anything picked up if I have to do an emergency shutdown. If Qubes is the best option for that Ill just have to take the time to learn how set it up and run it correctly.
-
Whonix and Qubes are somewhat similar, the primary difference being that Whonix focuses on isolating Tor and the web browser whereas Qubes focuses on isolating everything. They both use virtualization to achieve isolation and they both offer strong protection from hackers deanonymizing you by pwning your browser. Qubes just has a much broader focus. I would suggest giving Qubes a try, but if you find that it is not suited to your needs, or if you find it too difficult to use, Whonix is a solid alternative. For the most part I would strongly suggest using either Whonix or Qubes over using something like Liberte or Tails. But you do need to keep in mind that the focus is different.
Tails: Focus is on not leaving any forensically recoverable traces, being highly portable, best suited to people who use a wide variety of wireless access points. Keep in mind that if you opt to use persistence, then you are not fully protecting yourself from leaving forensically recoverable traces. I find persistence to be almost contradictory to the original goal of Tails, making it more similar to Liberte now (although I think Liberte at least supports persistent entry guards).
Liberte: Focus is on being a portable light weight OS oriented towards simplicity of use and basic security. This is what the focus of Tails seems to have shifted toward as well, at least when it is used with persistence.
Qubes: Focus is on protecting yourself from hackers and providing very strong security via user defined and potentially very intricate virtualization based isolation policies. This can be utilized to encompass all of the security goals of Whonix and more.
Whonix: Focus is on protecting yourself from hackers and providing very strong security via virtualization based isolation of Tor and your browser. The primary focus is to protect your IP address from hackers, although isolation of your browser will also protect your private keys / plaintexts provided that you encrypt with GPG on the host. For the most part Whonix is probably adequate for most of the people here, Qubes is definitely a lot more capable but Whonix does address the primary concerns.
-
I have been reading you still don't want to run a VM off windows. I was trying to use Tails or Lib for a base operating system.
-
The problem with whonix & Qubes is that it will leave a trace when you'll be using it. So if you also want to use this machine for other stuff and if you are just a buyer, I'd recommend debian/ubuntu/whatever as main OS, and tails as an onion system.
Whonix or Qubes could be better - isolation is great, and really important. But they'd leave traces...
An option would be to have your whonix/qubes install in a truecrypt container...
-
The problem with whonix & Qubes is that it will leave a trace when you'll be using it. So if you also want to use this machine for other stuff and if you are just a buyer, I'd recommend debian/ubuntu/whatever as main OS, and tails as an onion system.
Whonix or Qubes could be better - isolation is great, and really important. But they'd leave traces...
An option would be to have your whonix/qubes install in a truecrypt container...
I don't really care if my OS leaves traces, I would rather that it protects ME from being traced and therefor prevents forensics from ever even attempting to recover traces off of my thoroughly encrypted hard drive. Tails doesn't leave any forensic traces, but it also doesn't really offer the level of security I am interested in, and FDE prevents forensics recovering traces anyway. And if they bypass my FDE (covert cameras, hardware keyloggers, etc) then chances are they could monitor me if I used Tails anyway (covertly planted cameras, hardware keyloggers, etc). The only situation I can see Tails as being a big win is if you don't use persistence with it and if you live in a country where not turning over encryption keys can get you sent to prison.
-
I have been trying to load up a VM on tails. As in keep the files for whonix on my harddrive than move them over to tails than load up whonix on that.
Any Advice on how to get a VM running up on tails would be great.
So you want to run Whonix inside Tails? I swear if you hang out on this forum long enough, you'll hear everything. :)
Why do you want to do this? What benefit do you think it will give you, that for example, running Whonix on your main OS, where the virtual hard disks are already stored, won't give you?
It *may* be possible. If you log in through the admin option, you may be able to install VirtualBox from the Debian repos. I honestly don't know, because I've never heard of anyone doing this, and Tails does some nonstandard things, like with networking and filesystem mounting, and possibly kernel modules, so I don't know if VirtualBox will work. I don't know if it will require special configuration, and what that would be.
In order to use VirtualBox, you'll have to instal the kernel modules, and I don't know if that's possible.
It is very possible to run virtual box inside tails. I wouldn't recommend it, I could find no way to make it persistent which meant having to set it up fresh every time which was a real pain. In the end I was stopped due to firewall restrictions in tails which I lack the knowledge to play with and not break them. The set up is also quite long, fairly complex and less entertaining than watching sfill -v filling any drive over 128mb.
A possible alternative is using something like lubuntu as a live USB, with virtual box installed there and the whonix files in a hidden volume. You need a big usb/microsd for that though.
I don't think there is a way to run Qubes on virtual box or anything. For traces, I believe release 2 can run windows vms so I guess you could run true crypt in there with your pgp keys etc in there and scrap it after each session on SR and the like? It appears I have some serious reading on Xen to do before I actually do anything unsavory.
-
I have a 64GB USB 3 so space really shouldn't be too much of an issue. I like lubuntu idea. Now the hidden volume can that even be picked up w/o a password?
-
64GB is plenty for lubunut plus virtual box plus a hidden whonix.
I'm not sure what you mean by "Now the hidden volume can that even be picked up w/o a password?". No matter how I parse it I can't make sense of it. Sorry. please rephrase and try again and I will hopefully be able to help.
-
I have a 64GB USB 3 so space really shouldn't be too much of an issue. I like lubuntu idea. Now the hidden volume can that even be picked up w/o a password?
Theoretically no, practically probably.