Feeds

Devs cook up 'leakproof' all-Tor untrackable platform

Whonix? You'll never find out, The Man

Top 5 reasons to deploy VMware with Tegile

Developers are brewing an anonymous general purpose computing platform, dubbed Whonix.

Whonix is designed to ensure that applications (such as Flash and Java etc) can only connect through Tor. The design goal, at least, is that direct connections (leaks) ought to be impossible. "This is the only way we know of that can reliably protect your anonymity from client application vulnerabilities and IP/DNS and protocol leaks," the developers explain.

The main goal is to prevent the determination of users' IP address and location. Not even malware that has buried deep into machines can access IP address information. In this way, Whonix aims to be safer than Tor anonymity software alone.

Whonix can be used in conjunction with VPN technology - routing networks through isolated remote computer networks - for even greater security.

The technology is better described as design approach or platform than as an operating system. In one example, the implementation of anonymity is provided around Tor on two virtual machines using VirtualBox and Debian GNU/Linux. Whonix can be installed on every computer capable of running Virtual Box (virtualisation software), so it supports Windows, OS X, Linux, BSD and Solaris. Running the technology on physically separate machines (a Whonix gateway and a Whonix workstation) would also work, and might provide greater security, say the devs.

The technology is currently only at an Alpha stage of early development, making it suitable for use only for the computing equivalent of test pilots.

In a post to a full disclosure mailing list last week, the main developer behind the project explains its goal and requests help from other members of the development community.

More details on the emerging computing platform can be found in a development Wiki here. The developers are pretty open about the tradeoff in using their technology (more complex set-up, potentially slower) as well as the anonymity advantages of their approach.

Paul Ducklin, head of technology in Asia Pacific for Sophos, said the approach followed by Whonix is different from the Live CDs associated with more traditional anonymity systems. This brings advantages as well as some drawbacks.

"Whonix is different from most existing 'all-in-one anonymity' systems inasmuch as the lead developer decided not to stick to the idea of a Live CD but to go with a set of virtual machines that don't need to fit on a CD or to boot from one," Ducklin explained.

"This allows much greater functionality and easier security updating."

The main disadvantage is that Whonix is more complex than comparable systems.

"The safety and security of your Whonix environment is dependent on the safety and security of your host OS, of the virtualisation software and of its configuration," Ducklin told El Reg. "The anonymity system then becomes, at worst, no more secure than the host itself. So you just took one problem (guest anonymity) and made it two problems (guest anonymity and host security).

"Whonix's size also makes its internal surface area larger than is strictly necessary. That in turn brings its own risks."

Ducklin added that there are many "tricks and traps of anonymity online", many covered by the Whonix developer. He added that users would be well advised to review these before placing their faith in Whonix (or any other approach) to shield their identity online. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.