[tor-talk] Review request: TorVM implementation in Qubes OS

adrelanos adrelanos at riseup.net
Fri Oct 19 12:30:37 UTC 2012


Abel Luck:
>>> Future Work  Use local DNS cache to speedup queries (pdnsd)
>> 
>> That could make users more fingerprintable.
>> 
>>> Future Work  Support arbitrary DNS queries
>> 
>> That could make users more fingerprintable.
>> 
> 
> Yup, I'm aware. Really I've no plans to move forward here until 
> something more concrete develops. (I'm looking at who Tails and
> Whonix, who've discussed this issue extensively).
> 
> 
>> What is it needed for anyway? Which things do not work without
>> arbitrary DNS queries?
>> 
> XMPP SRV lookups for one. Not a pressing issue of course.

If you need any "special" DNS features, I don't see why they should be
implemented on the Gateway. They can equally easy more and safely
implemented on the Workstation(s) were needed.

Things I tested: DNSSEC over Tor, DNSCrypt by OpenDNS, httpsdnsd by
JonDos. [1]

There is no reason why ttdnsd or dns cache wouldn't work on the
Workstation/AppVM.

>>> Future Work  Optionally route TorVM traffic through Tor
>> 
>> What is the motivation behind it?
> There is no good reason I can think of yet, I'm just concerened a
> user misunderstanding what a TorVM does (provides torified
> networking to other AppVms), and opening firefox on it or
> something.

I see. Not sure, if possible, but could you remove all such
unnecessary applications? Maybe make it very clear as desktop
background or automatically opening text file?

Whonix as a optional configuration "Hide the fact that you are using
Tor/Whonix". [2] Not sure if the TorVM use can be easily hidden. Users
would have to download the templates over Tor.

[1] http://sourceforge.net/p/whonix/wiki/OptionalConfigurations/
[2]
http://sourceforge.net/p/whonix/wiki/OptionalConfigurations/#hide-the-fact-that-you-are-using-torwhonix


More information about the tor-talk mailing list