back to article Devs cook up 'leakproof' all-Tor untrackable platform

Developers are brewing an anonymous general purpose computing platform, dubbed Whonix. Whonix is designed to ensure that applications (such as Flash and Java etc) can only connect through Tor. The design goal, at least, is that direct connections (leaks) ought to be impossible. "This is the only way we know of that can …


This topic is closed for new posts.
  1. koolholio

    Looking forward to see-ing this

    Keeping in mind, anything that can be compiled, can be de-compiled, whether it be packed or obfuscated using any cryptography method.

    1. Anonymous Coward
      Anonymous Coward

      RE: Whether it be packed or obfuscated using any cryptography method.

      I believe your statement is misleading - Assuming a secure cipher has been used, the only way to decrypt the code would be if you had the encryption key, or used some kind of brute force method which would take a ridiculous length of time. I would use systems such as Playstation and XBox an example, though the PS has now been "cracked" this only occured because the key was leaked (the same happened with DVDs), the other way hackers use is by bypassing the encryption, but the encrypted content still remained secure.

      Perhaps I'm wrong on this :)

    2. PyLETS

      @koolholio: Re: Looking forward to see-ing this

      As to reverse engineering, I supect you're not looking at the risk the developers are trying to defend against. The issue of anonymity isn't only to do with what plod breaking down your door and taking away your equipment can find. It's also to do with whether plod can identify the right door to break down, and my reading of this article suggests the latter risk is being defended by this development, and not the former. No doubt work could be done to combine techniques to defend against both risks, e.g. using encrypted hard disk partitions etc.

      1. Danny 14 Silver badge

        Re: @koolholio: Looking forward to see-ing this

        afterall, in the UK if plod knew where you were you would simply be compelled to release said encryption key.

  2. Joe K
    Big Brother


    Tails and Liberte do exactly the same as this, and do it a lot better from the sounds of it. Just stick them on a memory key and boot from that, everything is kept only in RAM.

    A lot better than this thing.

    1. Old Handle

      Re: ????

      I think the idea is that using a VM provides a stronger layer of defense between an attacker (e.g. a malicious website) and the part of the system that forces connections to go through Tor.

      I'm not as familiar with Liberte Linux, but Tails runs Tor and other applications run on the same OS, albeit as different users. It's probably no coincidence that the browser is still relatively locked down, e.g. no Flash or Java. A worst case scenario malware attack could potentially gain access to the settings that force traffic through Tor. This would provably require some kind of privilege escalation exploit, but these things happen.

      If I understand right, the idea here is that no matter what happens, the virtual machine can't access a direct connection. So malware would have the additional daunting challenge of breaking out of the VM before it could reveal your identity. Still not impossible, but it's another layer of security.

  3. Anonymous Coward
    Anonymous Coward


    When can I start nicking, ooooh I mean, visiting things anonymously?

  4. Anonymous Coward
    Anonymous Coward

    Sounds interesting

    I may have a look-see. I would definitely combine it with Truecrypt though, to host the VM (hidden volume an all that).

    Other options I'd like to see would be a TOR virtual network adaptor (as per a VPN virtual adaptor) which would be used by all applications on the machine (rather than having to Socksify lots of applications), or the ability to embed a TOR only end-point/proxy into the common wifi/lan routers people have at home (e.g. netgear/cisco home routers).

    You can get the same effect at the moment by using a dedicated machine/VM to act as a proxy, and the proxy only uses TOR to connect out. Then set up your firewall to only allow the proxy to connect and get all machines o the home lan to use the proxy. Slow as hell though.

    There are many options - but looks interesting.

  5. Anonymous Coward
    Anonymous Coward

    Unfortunately I'm not an exciting spy or wikileaker, and fortunately I'm not an online criminal, BUT I have thought about anonymous-ness, and surely you're much better served using a collection of already released software in conjunction?

    E.g. any host OS using a VPN, with a VM installed in a Truecrypt ram disk, VM OS using TOR. Once it powers down, there would be no trace. Using unsecured wifi would be icing on the cake.

    It's sad to see those people in the actual Anonymous group use something as lame as HideMyAss, when the above could be set up all for free, with open source software.

  6. JaitcH

    So why is Cameron wasting taxpayer money on new GCHQ e-goodies costing billions of pounds?

    Cameron, and GCHQ, should realise that as hard as they work sticking their long snouts into peoples private business, others are working just as hard to keep them out.

    Silent Circle is securing the smartphone so the snoopers playing field is narrowing.

    Why the public is accepting of these intrusions for all this security theatre beats me. All that is necessary is for the UK government to let the Middle East sort out it's own problems and the Blighty will disappear from these so called terrorists sights.

    1. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward


    Designing an OS/Platform from the ground up is the best way to achieve this. Tor Tails is still based on other systems, so has all the inherent weaknesses. Just dont' install browser plugins/addons/java and open up more holes.

    Sad times when everyone is fed up of every part of their lives being snooped on and catalogued.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019