Some ISPs are based on LANs, in that case they can see the MAC address. ^20^ Most ISPs do not see the MAC addresses of their clients. Therefore yes, always hidden from destination servers. ^19^ It is in the nature of the MAC addresses, that destination servers can not see them. The Gateway is the place where Tor and the firewall is running. ^18^ The Workstation is the place where the browser, IRC client and so on is running. TOR BROWSER BUNDLE SAFE SERIAL NUMBERSSee also, Are hardware serial numbers hidden in TAILS?. This is only at risk in case the machine gets compromised by malware. ^17^ By default there get of course not send to anyone. ^16^ See Whonix’s Protocol-Leak-Protection and Fingerprinting-Protection for details. It’s just a browser, not a live system or operating system. ^15^ Tor Browser comes with it’s own Tor instance. ^14^ Tor Browser should set SOCKS username for a request based on referer ^12^ Although it does not try to store to disk, swap can still leak. TOR BROWSER BUNDLE SAFE FULLThere is a Recommendation to use multiple VM Snapshots and it is is recommend to apply Full Disk Encryption on the host. It can also not be prevented, that the host memory swaps to the host disk. Whonix acts like an ordinary installed operating system. This includes (non exclusive list) user created files, backup files, temporary files, swap, chat history, browser history and so on. ^7^ There are no special measures to limit what is written to disk. Quoted from the Tails Security Page: “Until an audit of the bundled network applications is done, information leakages at the protocol level should be considered as − at the very least − possible.” When applications in Tails are configured wrong, due to a bug in Tails or the application, IP can leak. ^5^ See first example of Whonix security in real world. ^2^ In case Tails or TBB gets rooted, the adversary can simply bypass the firewall and get the user’s real IP. ^1^ Such kinds of leaks are impossible ^a^ in Whonix, since the Whonix-Workstation is unaware of it’s external IP. How difficult is it to compromise Whonix? See Attack on Whonix and. This is because Whonix-Workstation can only connect through the Whonix-Gateway. In case Whonix-Workstation gets rooted, the adversary can not find out the users real IP/location. ^a^ Whonix has Protection against IP/location discovery through root exploits ( Malware with root rights) inside Whonix-Workstation. Privacy enhanced IRC client configuration. Secures your MAC address from local LAN (sometimes ISP) ^20^ Secure Distributed Network Time Synchronization Stream isolation to prevent identity correlation through circuit sharing TOR BROWSER BUNDLE SAFE SOFTWAREHides hardware serials from malicious software Protection against IP/location discovery through root exploits ( Malware with root rights) on the Workstation ^18^. TOR BROWSER BUNDLE SAFE DOWNLOAD^6^ You can download files and keep them, save bookmarks and passwords depending on your settings. TOR BROWSER BUNDLE SAFE INSTALL^5^ You can install your host operating system on USB. You can build your own images for other virtualizers, but it requires effort. (Subject for change in future.) is an security optional feature for advancend users. ^3^ Default downloads are for Virtual Box. The concept is agnostic, you could use another operating system as base, but it requires effort. Whonix-Gateway: In long term we are also agnostic about any other secure distributions. ^2^ Whonix-Workstation: also OtherOperatingSystems are supported. Whonix Framework gateway: anonymizer (Tor) must support that platform. Intel VT-x or AMD-V will greatly speed up Virtual Machines. ^1^ Whonix Framework workstation: self made builds can run on any real or virtual hardware. ^3^Įstablished, respected project for many years Gateway and torify any operating system (advanced users) Tor, Debian ^2^ and a Virtualizer ^3^ when not using Physical Isolation X86 compatible and/or and Virtual Machines General purpose os, VM plugin for Qubes OS, General purpose os available as VM images and physical isolation
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |