Re: [Tails-dev] Using VMs in Tails

This message is part of the following thread:
M-+\the complete thread tree sorted by date
M.MMintrigeri at <-
M\MMintrigeri at ->
Delete this message

Reply to this message
Author: Sina S
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Using VMs in Tails
On 19 December 2013 14:14, David Wolinsky <isaac.wolinsky@???> wrote:

> Per the thread on the Tor tracker (
> https://trac.torproject.org/projects/tor/ticket/7681), I want to start
> working on integrating the of Pseudonymity as defined by WiNoN into Tails.
> Namely, users run multiple, independent VMs connected to independent paths
> through the Tor network in order to wear multiple hats. A user accessing
> IRC and GMail under two different contexts would do so in two different
> VMs. There are other benefits of using VMs as the Whonix folks have
> recognized. Namely, that information about the host cannot (easily) leak
> into the guest and vice-versa. To do this I propose the following:
>
>
I am a little worried about this proposal because it will mean computers
without a lot of resources can no longer run Tails. I would propose OpenVZ
as a better solution than KVM for this reason and better than LXC for
security reasons.


> - In the host, we run redsocks (http://darkk.net.ru/redsocks/), this will
> pick up traffic from the VMs and redirect it to Tor. Currently there exists
> no package for redsocks in Squeeze, should we check to see if the Wheezy
> package works or just build our own Redsocks package?
> - Install the necessary software for both LXC and KVM
> - Give amnesia the right sudo abilities to start LXC and KVM
> - Add start LXC Pseudonym and KVM Pseudonym to the desktop
> - Upon starting a Pseudonym, we'll add a Tap device and connect it to a
> bridge, where redsocks will pick up the traffic. For each pseudonym, we'll
> run a unique redsocks instance and start a new Tor proxy socket.
> - We can either a pseudonym watcher to clean up state or just run the
> pseudonym in a script, blocking on the VM execution. When the VM has been
> closed, it is automatically cleaned up.
> - Use IP Tables to enforce communication between the pseudonyms and Tor
>
> In this instance, each pseudonym will have a unique IP address, but it
> will only be able to talk to Tor running via the bridge and not other
> pseudonyms.
>
> Call this round 1, and we'll add more details as we discuss.
>
> Cheeers,
> David
>
> _______________________________________________
> tails-dev mailing list
> tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
>
>
This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-[Tails-dev] Mac USB installation warningRe: [Tails-dev] Release schedule for Tails 0.22.1->
lists.autistici.org administrated by postmasterLurker (version 2.3)