Linked by maccouch on Mon 31st Dec 2012 13:27 UTC
OSNews, Generic OSes "Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location. This is because Whonix consists of two (virtual) machines. One machine solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other machine, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible."
Order by: Score:
A bit awkward feelings
by Zbigniew on Mon 31st Dec 2012 17:50 UTC
Zbigniew
Member since:
2008-08-28

On one hand: they assure, that "not even malware with root rights can find out the user's real IP/location". But on the other hand: if someone wants to hide his identity so much, should be aware, that it'll still remain known to... "anonymizing network" admins.

It can be used as kind of "honeypot".

Reply Score: 3

RE: A bit awkward feelings
by WorknMan on Mon 31st Dec 2012 18:07 UTC in reply to "A bit awkward feelings"
WorknMan Member since:
2005-11-13

Yeah, I think that's how they busted one of the dudes in Lulzsec, when his VPN provider ratted him out.

Reply Score: 3

RE[2]: A bit awkward feelings
by f0dder on Thu 3rd Jan 2013 18:39 UTC in reply to "RE: A bit awkward feelings"
f0dder Member since:
2009-08-05

They should have read and followed this: http://www.slideshare.net/grugq/opsec-for-hackers :-)

Reply Score: 2

RE: A bit awkward feelings
by umccullough on Mon 31st Dec 2012 18:17 UTC in reply to "A bit awkward feelings"
umccullough Member since:
2006-01-26

that it'll still remain known to... "anonymizing network" admins.


But in this case, that's Tor...

Reply Score: 5

RE[2]: A bit awkward feelings
by Zbigniew on Mon 31st Dec 2012 18:26 UTC in reply to "RE: A bit awkward feelings"
Zbigniew Member since:
2008-08-28

Yes, my comment was of general nature rather. Not too specifically about Whonix itself.

What I meant, was: such "anonymyzing networks" can be established especially for tracking down the individuals, wanting to hide their identity. Instead of tracking entire Internet - it's easier to create TOR-like network, bid welcome to all those wanting to remain anonymous - and just read the logs. Police, or some other secret services can establish such "TOR"-s exactly as honeypots.

Reply Score: 5

RE: A bit awkward feelings
by Alfman on Tue 1st Jan 2013 00:53 UTC in reply to "A bit awkward feelings"
Alfman Member since:
2011-01-28

The wikipedia page covers some weaknesses of tor.

http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29#We...

One is getting the client to hand out some identifying information, such tor's encryption is irrelevant. But whonix looks like it should be fairly well protected from this particular problem.

Another issue is that tor is susceptible to statistical analysis by trojan peers in the tor network. The tor protocol itself cannot guarantee any anonymity if the peers are ratting out statistical details.

Reply Score: 4

Comment by abstraction
by abstraction on Mon 31st Dec 2012 22:00 UTC
abstraction
Member since:
2008-11-27

If that is an operating system, what do we these days call the thing that was previously known as an operating system?

Reply Score: 5

RE: Comment by abstraction
by iLikeOS on Tue 1st Jan 2013 14:38 UTC in reply to "Comment by abstraction"
iLikeOS Member since:
2008-01-31

The definition of an operating system has not changed I believe.
But since more and more people that are not professionals are using the same vocabulary, it tends to redefine it self over time.
Today OS it's often used to describe distributions of Linux, or some times a predefined system configuration (like this is).
We have the same problem with the prefixes mega and giga.
You seldom know today if people actually mean the real base 2 mega and giga or the base 10.

Maybe we should invent a prefix to use when we actually mean what we write, like BD-Mb, or BD-OS where BD stands for By Definition ;)

Reply Score: 2

RE[2]: Comment by abstraction
by Alfman on Tue 1st Jan 2013 19:28 UTC in reply to "RE: Comment by abstraction"
Alfman Member since:
2011-01-28

iLikeOS,

"Maybe we should invent a prefix to use when we actually mean what we write, like BD-Mb, or BD-OS where BD stands for By Definition ;) "

You know we do have separate binary and decimal notations?

https://en.wikipedia.org/wiki/Mebibyte

1 MB = 1,000,000 bytes
1 MiB = 2^20 (1,048,576) bytes

Alas, not many people seem to know about this, and therefore the binary variants don't get much use.

Edit: The two are sufficiently close that it doesn't matter that much in most contexts, but I get really peeved when MB/s mBps and mbps get interchanged because that mistake forces us to second guess between values which differ by a factor of 8 for bits and bytes. When talking about network transfer speeds, they're both plausible and they're both in common usage.

Edited 2013-01-01 19:42 UTC

Reply Score: 4

RE[3]: Comment by abstraction
by iLikeOS on Wed 2nd Jan 2013 01:18 UTC in reply to "RE[2]: Comment by abstraction"
iLikeOS Member since:
2008-01-31

Alfman,

I know about all this.
What I am saying is just that it is a lot of different words we are using, that are redefined over time.

If going back to the 80:s and before that, Mb was only one thing, 2^20, but most of us only mattered about Kb at that time.

So the point is that it is a problem to know these days what somebody actually means, with everything that measures things such as speed and storage etc. But in recent years I would say that the same things starts to happening with definitions like operating system, programming language, applications etc. etc.
Nobody really differs between tools and apps any more.
Different packaging of Linux has become different operating systems.
Writing HTLM has became programming.

So my only point really is that from my point of view.
The heading of this article is wrong. It's not about a new operating system, it's a Linux preconfigured to perform a certain way, combined with applications like virtual machine etc.

Reply Score: 3

RE[4]: Comment by abstraction
by Alfman on Wed 2nd Jan 2013 16:26 UTC in reply to "RE[3]: Comment by abstraction"
Alfman Member since:
2011-01-28

"If going back to the 80:s and before that, Mb was only one thing, 2^20, but most of us only mattered about Kb at that time."

It's always depended on the context, unfortunately. Everyone probably knows that "16 megabytes" of ram means 2^24 because of the binary nature of ram, but with disks it's not obvious and with networking it's supposed to be normal SI units.

Ironically even your post has me second guessing because contextually you probably meant megabytes and kilobytes, but the lowercase 'b' indicates bits. The case is significant.

Reply Score: 3

state of the 'net
by kateline on Tue 1st Jan 2013 12:55 UTC
kateline
Member since:
2011-05-19

It's a sad state of the internet when you realize how necessary an OS like this is. Or will come to be.

Reply Score: 3

protection from Tor-exit GW?
by renox on Tue 1st Jan 2013 17:47 UTC
renox
Member since:
2005-07-06

If memory serves, you have to use encrypted traffic on Tor otherwise the Tor's exit gateway can listen to your traffic, do Whonix do something about this point?

Reply Score: 3

RE: protection from Tor-exit GW?
by Alfman on Tue 1st Jan 2013 19:21 UTC in reply to "protection from Tor-exit GW?"
Alfman Member since:
2011-01-28

renox,

"If memory serves, you have to use encrypted traffic on Tor otherwise the Tor's exit gateway can listen to your traffic, do Whonix do something about this point?"

That's true, however tor is designed for anonymity rather than end to end encryption. From what I've read at the Whonix website, it looks like it's nothing more than a bog standard tor node in front of a standard virtual machine running standard browser software.

In theory the virtual machine shouldn't be necessary but it's there just in case the browser could be exploited.

You can take a look at freenet for another kind of solution designed to provide both encryption and anonymity. It even protects from statistical analysis through probabilistic data transfer. However it's extremely inefficient and not really real time.

Reply Score: 3

RE: protection from Tor-exit GW?
by maccouch on Tue 1st Jan 2013 20:44 UTC in reply to "protection from Tor-exit GW?"
maccouch Member since:
2012-03-14

If memory serves, you have to use encrypted traffic on Tor otherwise the Tor's exit gateway can listen to your traffic, do Whonix do something about this point?

as i far as i know yes, the Tor's exit gateway can still listen to you, but if you're using an SSL http connection between you and whatever web service you're using, wouldn't that resolve the issue?

That would effectively grant you anonymity and privacy.

Edited 2013-01-01 21:00 UTC

Reply Score: 1