[tor-talk] [tor-dev] Porting Tor Browser to the BSDs
Dave Warren
davew at hireahit.com
Tue Apr 14 20:21:16 UTC 2015
On 2015-04-14 06:05, Apple Apple wrote:
> I'm not too familiar with Whonix. May I ask what it does exactly to protect
> the system from a malicious actor with root level access to the "gateway"
> machine?
As I understand it, this isn't a threat that they are addressing.
Instead, they're trying to ensure that such access doesn't happen in the
first place. The attack surface is inherently small since you don't run
browsers or applications on the gateway itself, so you need to find a
specific vulnerability in the gateway itself AND you need to find a way
to exploit it.
By splitting the gateway and workstation, you can run less-safe code on
the workstation, a browser level exploit wouldn't automatically be able
to violate your privacy without a second vulnerability on the gateway
itself since the code on the workstation doesn't have the information
needed in the first place. On Tails, you have to assume that the
software you're running isn't actively trying to thwart you, which may
not be the case since browsers often have vulnerabilities.
It's not perfect, but it would seem to dramatically raise the bar since
a browser based exploit alone is no longer sufficient to unmask a user
like with TBB, and potentially with Tails.
At least to me, Whonix seems to be a natural "next step" beyond Tails if
you want to ensure that an entire workstation is protected even if the
workstation itself has compromises. It's overkill for many Tails users,
and has tradeoffs since the gateway and workstation are split
(introducing potential attack surfaces between the two) just as Tails
itself is probably overkill for many TBB users.
But I might be way off.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the tor-talk
mailing list