Guest post by “Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user’s real IP/location. This is because Whonix consists of two (virtual) machines. One machine solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other machine, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.”
On one hand: they assure, that “not even malware with root rights can find out the user’s real IP/location”. But on the other hand: if someone wants to hide his identity so much, should be aware, that it’ll still remain known to… “anonymizing network” admins.
It can be used as kind of “honeypot”.
Yeah, I think that’s how they busted one of the dudes in Lulzsec, when his VPN provider ratted him out.
They should have read and followed this: http://www.slideshare.net/grugq/opsec-for-hackers 🙂
But in this case, that’s Tor…
Yes, my comment was of general nature rather. Not too specifically about Whonix itself.
What I meant, was: such “anonymyzing networks” can be established especially for tracking down the individuals, wanting to hide their identity. Instead of tracking entire Internet – it’s easier to create TOR-like network, bid welcome to all those wanting to remain anonymous – and just read the logs. Police, or some other secret services can establish such “TOR”-s exactly as honeypots.
The wikipedia page covers some weaknesses of tor.
http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29#We…
One is getting the client to hand out some identifying information, such tor’s encryption is irrelevant. But whonix looks like it should be fairly well protected from this particular problem.
Another issue is that tor is susceptible to statistical analysis by trojan peers in the tor network. The tor protocol itself cannot guarantee any anonymity if the peers are ratting out statistical details.
If that is an operating system, what do we these days call the thing that was previously known as an operating system?
The definition of an operating system has not changed I believe.
But since more and more people that are not professionals are using the same vocabulary, it tends to redefine it self over time.
Today OS it’s often used to describe distributions of Linux, or some times a predefined system configuration (like this is).
We have the same problem with the prefixes mega and giga.
You seldom know today if people actually mean the real base 2 mega and giga or the base 10.
Maybe we should invent a prefix to use when we actually mean what we write, like BD-Mb, or BD-OS where BD stands for By Definition
iLikeOS,
“Maybe we should invent a prefix to use when we actually mean what we write, like BD-Mb, or BD-OS where BD stands for By Definition
”
You know we do have separate binary and decimal notations?
https://en.wikipedia.org/wiki/Mebibyte
1 MB = 1,000,000 bytes
1 MiB = 2^20 (1,048,576) bytes
Alas, not many people seem to know about this, and therefore the binary variants don’t get much use.
Edit: The two are sufficiently close that it doesn’t matter that much in most contexts, but I get really peeved when MB/s mBps and mbps get interchanged because that mistake forces us to second guess between values which differ by a factor of 8 for bits and bytes. When talking about network transfer speeds, they’re both plausible and they’re both in common usage.
Edited 2013-01-01 19:42 UTC
Alfman,
I know about all this.
What I am saying is just that it is a lot of different words we are using, that are redefined over time.
If going back to the 80:s and before that, Mb was only one thing, 2^20, but most of us only mattered about Kb at that time.
So the point is that it is a problem to know these days what somebody actually means, with everything that measures things such as speed and storage etc. But in recent years I would say that the same things starts to happening with definitions like operating system, programming language, applications etc. etc.
Nobody really differs between tools and apps any more.
Different packaging of Linux has become different operating systems.
Writing HTLM has became programming.
So my only point really is that from my point of view.
The heading of this article is wrong. It’s not about a new operating system, it’s a Linux preconfigured to perform a certain way, combined with applications like virtual machine etc.
“If going back to the 80:s and before that, Mb was only one thing, 2^20, but most of us only mattered about Kb at that time.”
It’s always depended on the context, unfortunately. Everyone probably knows that “16 megabytes” of ram means 2^24 because of the binary nature of ram, but with disks it’s not obvious and with networking it’s supposed to be normal SI units.
Ironically even your post has me second guessing because contextually you probably meant megabytes and kilobytes, but the lowercase ‘b’ indicates bits. The case is significant.
It’s a sad state of the internet when you realize how necessary an OS like this is. Or will come to be.
If memory serves, you have to use encrypted traffic on Tor otherwise the Tor’s exit gateway can listen to your traffic, do Whonix do something about this point?
renox,
“If memory serves, you have to use encrypted traffic on Tor otherwise the Tor’s exit gateway can listen to your traffic, do Whonix do something about this point?”
That’s true, however tor is designed for anonymity rather than end to end encryption. From what I’ve read at the Whonix website, it looks like it’s nothing more than a bog standard tor node in front of a standard virtual machine running standard browser software.
In theory the virtual machine shouldn’t be necessary but it’s there just in case the browser could be exploited.
You can take a look at freenet for another kind of solution designed to provide both encryption and anonymity. It even protects from statistical analysis through probabilistic data transfer. However it’s extremely inefficient and not really real time.
as i far as i know yes, the Tor’s exit gateway can still listen to you, but if you’re using an SSL http connection between you and whatever web service you’re using, wouldn’t that resolve the issue?
That would effectively grant you anonymity and privacy.
Edited 2013-01-01 21:00 UTC