Pages:
Author

Topic: Whonix Anonymous Operating System, anything, any Bitcoin client/server over Tor - page 2. (Read 6774 times)

newbie
Activity: 33
Merit: 0
What if you are not under active surveillance? I want to avoid passive data collection.

The second part of my answer was supposed to answer that.

Quote
For the other cases, that depends if Tor does protect from nsa. The answer to that is not really clear:
https://lists.torproject.org/pipermail/tor-talk/2013-July/029014.html

And even if Tor was a whole lot better, you can never prove a negative. So I am hesitate with any broad claims and would be skeptical if some other project claimed that.

Also Whonix does not make such broad claims. For an related statement about three letter agencies, also see:
https://whonix.org/wiki/Dev/Technical_Introduction#With_more_technical_terms
newbie
Activity: 16
Merit: 0
Does this protect you against the nsa
full member
Activity: 228
Merit: 100
CIYAM - UI/UX design
cool idea. will give it a try  +1

@adrelanos: you got PM



newbie
Activity: 33
Merit: 0
True. 01BTC10 said it already. This is only an issue in public networks, i.e. WiFi hotspots.
vip
Activity: 756
Merit: 503
I don't understand how the ISP could record your MAC address unless they have access to your router. MAC address is only needed on LAN and is not broadcast to the WAN.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo

Of the connecting device running WHONIX. It is a known vulnerability of Tor routing that many (all?) ISPs record MAC addresses. So that when you connect without WHONIX the MAC address will be the same as when connecting with WHONIX, unless it spoofs the MAC address on the network connection.

Quote
In home networks, there is no reason to change it, since its never send to the ISP.

In public networks it gets really difficult. Just using a random MAC address isn't sane. It depends on threat models, what is best.

There is a whole documentation chapter about that topic: See:
https://whonix.org/wiki/Pre_Install_Advice#MAC_Address

And to find out how difficult it was to solve the controversy of MAC addresses in public networks, see:
https://whonix.org/wiki/Dev/MAC

At the moment no one knows the answers, its only clear, that it's not as simple as "use a random MAC".

Yeah, I bet there is ... the ISPs are selling their customers out by not keeping private data private. These are not new problems.


full member
Activity: 154
Merit: 100
(is there a typo in the thread subject? makes me think of )
newbie
Activity: 33
Merit: 0
Does it spoof MAC address?

From whom?

Applications usually don't send the MAC address to anyone else and malicious applications inside a Whonix-Workstation VM could only send a virtual MAC address (which isn't your real one) to someone.

In home networks, there is no reason to change it, since its never send to the ISP.

In public networks it gets really difficult. Just using a random MAC address isn't sane. It depends on threat models, what is best.

There is a whole documentation chapter about that topic: See:
https://whonix.org/wiki/Pre_Install_Advice#MAC_Address

And to find out how difficult it was to solve the controversy of MAC addresses in public networks, see:
https://whonix.org/wiki/Dev/MAC

At the moment no one knows the answers, its only clear, that it's not as simple as "use a random MAC".
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
Does it spoof MAC address?
newbie
Activity: 33
Merit: 0
Our new website is online!
https://whonix.org

We are also looking for developers to make Whonix even better!
https://whonix.org/w/images/a/a3/Whonix-ad.png
newbie
Activity: 33
Merit: 0
Sorry to hijack,

I don't see it as hijacking.

but OpenBSD and FreeBSD developers disagree, they claim virtualbox or hypervisor is just bugs on top of an already buggy arch and the idea that they can't break out from their weak software isolation is ideology not computer science. Look up virtualization on both mailing lists for more info, esp Theo De Raadts comments:
By the way, there is a statement about OpenBSD:
https://whonix.org/wiki/FAQ#Why_aren.27t_you_using_OpenBSD.2C_it.27s_the_most_secure_OS_ever.21.21.211.21

Wouldn't it be better to run an actual firewall, and dmz with your tor server in it then proxy all your communications through it with pf rules? This can be accomplished with tiny boxes, old servers and even a couple of $200 laptops instead of virtualization.
Yes. You can do that with Whonix already. It is recommend on the Security page. Please see:
https://whonix.org/wiki/Physical_Isolation
newbie
Activity: 33
Merit: 0
Cool, I will give it a try. Do you know how it compare to TAILS ?
Yes, this has been extensively compared.

https://whonix.org/wiki/Comparison_with_Others

Feel free to ask if there are still questions open.
legendary
Activity: 1099
Merit: 1000
Cool, I will give it a try. Do you know how it compare to TAILS ?
newbie
Activity: 33
Merit: 0
Introduction:
Quote
Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP.

Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.

https://whonix.org/w/images/9/90/Whonix.jpg

The official Bitcoin-qt client works, thanks to the Transparent Proxy feature, very well in Whonix out of the box. Connections to normal and hidden servers work. Setting up a hidden Bitcoin server should also work, since Whonix supports everything Tor support and more, just with stronger guarantees of hiding IP/location. The usual IP/DNS leak issues vanish.

This topic is supposed to find and solve any Tor/anonymity related problems with respect to Bitcoin. I am also probing for general interest in this project.

The offical Bitcoin-qt client is unfortunately not yet included into Whonix by default, because Bitcoin-qt didn't make it into Wheezy. It has to be installed manually (works well). I am also open for other clients.

Another advantage is, that any Bitcoin client, no matter if it has proxy settings or not, can be used safely over Tor. I am currently looking at and into electrum.

Whatever you wanted to do over Tor, it likely works well and safely in Whonix. Of course it inherits all weaknesses of Tor (exit node sniffing...), but it makes it much harder to misconfigure something on your side.

Please give me feedback about Whonix and free your mind about a future Bitcoin integration.

Homepage with documentation:
https://www.whonix.org

Screenshots:
https://whonix.org/wiki/Screenshots

Announcement:
https://lists.torproject.org/pipermail/tor-talk/2012-October/025921.html

Connectivity is very good. Hidden services can be connected without proxy settings, without torsocks etc.
Code:
~ $ nslookup idnxcnkne4qt76tg.onion
Server:         192.168.0.10
Address:        192.168.0.10#53

Non-authoritative answer:
Name:   idnxcnkne4qt76tg.onion
Address: 10.192.0.2


/usr/bin/wget 10.192.0.2
--2012-10-20 02:49:00--  http://10.192.0.2/
Connecting to 10.192.0.2:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 492 [text/html]
Saving to: `index.html.1'

100%[==========================================================================================================================================>] 492         2.25K/s   in 0.2s    

2012-10-20 02:49:13 (2.25 KB/s) - `index.html.1' saved [492/492]


/usr/bin/wget http://idnxcnkne4qt76tg.onion/
--2012-10-20 02:50:21--  http://idnxcnkne4qt76tg.onion/
Resolving idnxcnkne4qt76tg.onion (idnxcnkne4qt76tg.onion)... 10.192.0.2
Connecting to idnxcnkne4qt76tg.onion (idnxcnkne4qt76tg.onion)|10.192.0.2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14440 (14K) [text/html]
Saving to: `index.html.2'

100%[==========================================================================================================================================>] 14,440      --.-K/s   in 0.1s    

2012-10-20 02:50:44 (95.5 KB/s) - `index.html.2' saved [14440/14440]
Pages:
Jump to: