Hi, David Wolinsky wrote (19 Dec 2013 03:14:39 GMT) : > I want to start working on integrating the of Pseudonymity as > defined by WiNoN into Tails.
I'm very happy to see someone work on this. > To do this I propose the following: > - In the host, we run redsocks (http://darkk.net.ru/redsocks/), this will > pick up traffic from the VMs and redirect it to Tor. I have a few questions here: - Is Tor running on the host system, or inside a dedicated VM? The latter would have the benefit of making it hard for a compromised Tor client to gather information about the local networking setup, hardware identifiers, etc. I guess going with the former is easier to implement as a first iteration, and I'd like to see a working first iteration ASAP, so I guess it totally makes sense to postpone this for now. - How does this play with our stream isolation design [1]? In other words, what kind of SocksPort(s), with what stream isolation options, would the TCP traffic be redirected to? I could probably take "once we segregate each pseudonym into its own VM, we don't care anymore" for an answer, but I've not thought this through yet. [1] https://tails.boum.org/contribute/design/stream_isolation/ > Currently there exists no package for redsocks in Squeeze, should > we check to see if the Wheezy package works or just build our own > Redsocks package? Replied in the dedicated thread you started about it. > - Install the necessary software for both LXC and KVM I understand you decided to go with KVM only for now, and I think it totally makes sense. The state of the LXC userspace doesn't look very good yet, and it's still unclear to me how strong it is nowadays against a root compromise of the guest (enterprisey distros who currently ship solutions based on LXC only dare doing so with additional safeguards such as SELinux and AppArmor). > - Give amnesia the right sudo abilities to start LXC and KVM I bet this will have to be a bit finer grained than this, but I see what you mean :) > - Add start LXC Pseudonym and KVM Pseudonym to the desktop What system would be started by these launchers? Another full-blown Tails, or something else? If Tails, what difficulties do you expect to face, in other words, how should the Pseudonym-Tails differ from a "standard" one? I guess we could brainstorm it a bit to start with. E.g. do we want the user to be shown Tails Greeter? Or do we want to forward (some of) the user's choices into the Pseudonym-Tails, such as language and keyboard layout settings? We can also probably postpone this to when something simple and working is ready to be tested, your call :) > - Upon starting a Pseudonym, we'll add a Tap device and connect it to a > bridge, where redsocks will pick up the traffic. For each pseudonym, we'll > run a unique redsocks instance and start a new Tor proxy socket. > - We can either a pseudonym watcher to clean up state or just run the > pseudonym in a script, blocking on the VM execution. When the VM has been > closed, it is automatically cleaned up. > - Use IP Tables to enforce communication between the pseudonyms and Tor > In this instance, each pseudonym will have a unique IP address, but it will > only be able to talk to Tor running via the bridge and not other pseudonyms. OK. > Call this round 1, and we'll add more details as we discuss. Looks good for round 1 :) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
