Per the thread on the Tor tracker ( https://trac.torproject.org/projects/tor/ticket/7681), I want to start working on integrating the of Pseudonymity as defined by WiNoN into Tails. Namely, users run multiple, independent VMs connected to independent paths through the Tor network in order to wear multiple hats. A user accessing IRC and GMail under two different contexts would do so in two different VMs. There are other benefits of using VMs as the Whonix folks have recognized. Namely, that information about the host cannot (easily) leak into the guest and vice-versa. To do this I propose the following:
- In the host, we run redsocks (http://darkk.net.ru/redsocks/), this will pick up traffic from the VMs and redirect it to Tor. Currently there exists no package for redsocks in Squeeze, should we check to see if the Wheezy package works or just build our own Redsocks package? - Install the necessary software for both LXC and KVM - Give amnesia the right sudo abilities to start LXC and KVM - Add start LXC Pseudonym and KVM Pseudonym to the desktop - Upon starting a Pseudonym, we'll add a Tap device and connect it to a bridge, where redsocks will pick up the traffic. For each pseudonym, we'll run a unique redsocks instance and start a new Tor proxy socket. - We can either a pseudonym watcher to clean up state or just run the pseudonym in a script, blocking on the VM execution. When the VM has been closed, it is automatically cleaned up. - Use IP Tables to enforce communication between the pseudonyms and Tor In this instance, each pseudonym will have a unique IP address, but it will only be able to talk to Tor running via the bridge and not other pseudonyms. Call this round 1, and we'll add more details as we discuss. Cheeers, David
_______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev