The Tor Desktop Virtual Privacy Machine is a USB JumpDrive preloaded with a complete Linux OS and a roster of useful applications. Plug it into a Windows or Linux machine and launch a virtual Linux desktop that routes all network traffic through multiple network proxies using the Tor network. This provides a totally secure way to access your data, even when using an internet cafe PC or an untrusted network.
Post a Comment
Member since:
2005-06-29
Fans: 0
There was a similar thing called Metropipe that came out a good number of months ago. They had a free download of their linux distro a while back (based off of DSL), and was still useable around a month, month and a half ago. I put it on my Linux install with an updated version of QEMU and the KQEMU accelerator - much better with KQEMU 
Important thing was to edit the .bat launcher to use more ram.
Member since:
---
Fans: 0
The article writer mentioned 'totally secure.' How exactly do you achieve this? Suppose I'm running off a wireless network, unsecured, at my local internet cafe, and I'm jonesin' to check my e-mail, man, *THROBBING* to check my e-mail. But my e-mail doesn't do HTTPS://.
Won't the plain-jane transmission have to be sent through my wifi AP, or will it be encrypted before it even hits the airwaves?
Member since:
---
Fans: 0
Member since:
---
Fans: 0
Member since:---
Fans: 0
Member since:2005-07-01
Fans: 0
Member since:
---
Fans: 0
Member since:
2005-07-06
Fans: 3
Member since:
2005-06-29
Fans: 5
Member since:
---
Fans: 0
Member since:
2005-07-06
Fans: 0
Tor isn't about securing your data, it's about making sure not one single proxy (or eavesdropper) is able to trace it back to your specific IP address. The packets are still perfectly readable on both the tor nodes and beyond the exit points. If you need to also protect the contents of the packets, use end to end encryption.
Either way, it's virtually impossible (or should be anyway) to both trace a single data stream and to capture enough of it to make sense from it. Single packets, or even a couple in a row don't pose much of a threat unless your password happens to be in them in cleartext..in which case you did something wrong anyway.
Either way, the EFF can explain it a lot better than I can, so please read http://tor.eff.org/ for more information on tor and how it works. And please do use SSL for everything you do :-)
Member since:
---
Fans: 0
Member since:2005-06-29
Fans: 5
It just goes to show that if you try to be lighthearted, some thin-skinned know-it-all is going to get all offended. I didn't say that *only* trolls complain about Linux's speed. I said that trolls complain about Linux's speed.
It's funny how you "didn't need to read anymore" once you read one thing that rubbed you the wrong way. Sounds like you're someone who needs to take a college-level reading class.
You don't win any points in an argument by admitting that you didn't read the material, and if you admit to us that your sensibilities are so offended by a little lighthearted comment, it really doesn't give anyone any reason to pay your arguments much attention at all. Not to mention slinging insults. What makes me an asshole? I didn't call anyone names and I didn't insult anyone's education. That was you.
Let's take a survey from the readers. Who's the asshole?
I'm not sure what part of my review you found that gave you the impression that I needed some more writing education, because you didn't give any support to that claim, other than my perhaps-too-weak sense of humor. Or are you just showing up, making a comment to stir the pot and LEAVING?
Member since:
2005-07-06
Fans: 0
I have no beef with the review - I think it was good for such an unbelievably bad product.
Linux on the net today is like what search engines/directories were back in 96 - linux is everywhere and people are customizing it to such extents where you've got at least 500 distributions available. Now why someone would pay $45 for this product is beyond me. The makes obviously wants to make some dough, but why should we (the users) buy this?
It does not offer protection against key logging, it does not boot from the flash drive, and it offers no guarantee that it will be usable when the admins of the computer disable the USB ports not to mention that there could be free alternatives out there.
Member since:
---
Fans: 0
I agree it was a decent review. I do not see what justifies the price, from what I can gather the jump drive is not included in the $45.00 price. The only thing that makes this any different than other live distro's is the novelty of TOR coupled with privoxy, which are both very easy to setup and are lightweight anyway.
Member since:2005-07-13
Fans: 0
Member since:
---
Fans: 0
If you're worried about keylogging then couldn't you just install an onscreen keyboard program on the virtual machine? You could just use it when typing passwords or sensitive e-mails or whatever. As for packet sniffing, you should already be using encryption for anything you wouldn't want seen (like e-mail) so that seems like it'd be a fairly useful produce so long as you have access to a USB port. Of course, if the contents of the virtual RAM found their way into the paging file that could be a problem, as would an admin using VNC or a video recorder on the monitor to watch the screen, so it's not for the uber-paranoid. It does, however, seem like a decent solution for the porn-seeking student or minor activists in repressive societies though.
Member since:
2005-07-06
Fans: 0
I forgot to mention that all in all it was a decent review of an interesting product. Of course the whole idea of booting a linux VM from an USB key just to use tor is a bit over the top. I can imagine a couple of other mechanisms which could be used to achieve the same effect, but without forcing users to change to using a linux VM. And $40 for such a device, well, you can argue about price, but IMO it's not that much for something which has obviously cost a lot of effort to put together.
Anyway, this review is a nice change from all the news bites and the inflamatory editorials :-)
Member since:
2005-07-06
Fans: 0
A nice progression from the livecd distro. But it need to go further by for example integrating with the home host (if linux) and allow the reconciliation of some documents and some apps configs.
But 512MB would be a lot more appropriate for that matter and still pretty cheap.
Member since:
---
Fans: 0
If you know about Tor, you know there are a two main weaknesses. Application leaks and DNS leaks. Tor Desktop solves both of these problems.
An application leak is when a client connects to a server and sends information that can identify the client. Most important to protect is the LOCAL IP address. If you're on a LAN it will be some private address such as 192.168.1.100, but if you are directly connected to the internet your LOCAL IP address is your real IP address and you don't want that leaking out to the internet. If you boot directly from USB then it is possible you are using your real IP address. However, by running inside of Qemu, it provides a virtual IP address in the 10.*.*.* range. Any applications that run will only know about this address and this address is safe to leak.
DNS leaks are more simple. This is when you resolve a domain name to an IP address directly without proxying it. If you send DNS queries directly then it is obvious to eavesdroppers what addresses you are interested in. Tor Desktop overcomes this with a DNS server that routes all queries through Tor using Tor's resolve protocol.
Member since:
---
Fans: 0
Anything you do through Tor can be spied upon by the proxy at the end of the chain. They won't be able to tell *who* requested the information, but they can read it. This means that it is a dangerous idea for you to use Tor to access sites that require passwords like your webmail/pop3/imap/telnet. You just have to trust that the last proxy in the chain is run by an honest person.
It would be safer to use something like SSH over Tor, where the password is not sent as plaintext.
Member since:
2005-07-06
Fans: 1
Just like in Mother Russia, when the Communists moved in, we had to develop a thriving underground economy to serve the interests of the people.
Now that the industrio-socialists have seized America, well, it is good that the TOR is there. It is a beginning.
When all of an American's tax dollars go to the mighty war machine and to the bankers, there must be a way for people to get bread and vodka.
Bravo, EFF for making TOR.
Member since:
---
Fans: 0
Metropipe has something called the "Portable Virtual Privacy Machine" (likely the same thing as this uses) available as a free download at their website. It does use a demo of the "Metropipe Tunneler" though, rather than normal ol' Tor, but I'm sure there's a way to install the more desirable option.
http://www.metropipe.net/ProductsPVPM.shtml
Member since:
---
Fans: 0
Member since:2005-07-06
Fans: 0
Member since:---
Fans: 0
Member since:
---
Fans: 0
I thought it was a GREAT concept - so great I bought one. (where I live, a 128 Jumpdrive would have cost $30 US by itself) and Tor isn't the easiest thing to set up -especially for someone as "geek-challenged" as I. It works pretty much like the reviewer said - of course, when "running" it on a PII 400, which is well above the requirements for DSL, it was more like crawling, as the host system used most of the resources before QEMU even loaded. Then I found ELE ("Everything Leaves Encrypted") http://www.northernsecurity.net/download/ele/ which is essentially the same idea - except it has a virtual keyboard (for the keylogger moments), is a free download, and burns to a bootable ISO or USB Stick and which doesn't seem to suffer from "DNS leaks"
I still think it's a great concept, and I believe in supporting the F/LOSS community - but while Virtual Privacy Machines doesn't offer a refund on their product, ELE doesn't need one.