HackerTrans
TopNewTrendsCommentsPastAskShowJobs

paravirtualized

no profile record

Submissions

Privleap – Limited privilege escalation framework

github.com
1 points·by paravirtualized·el año pasado·0 comments

Facebook Helped the FBI Exploit Vulnerability in a Secure Linux Distro (2020)

gizmodo.com
60 points·by paravirtualized·hace 2 años·23 comments

AnarSec – Tech Guides for Anarchists

anarsec.guide
1 points·by paravirtualized·hace 2 años·0 comments

Secure Distributed Network Time Synchronization

github.com
2 points·by paravirtualized·hace 2 años·1 comments

HiddenVM – Use any desktop OS without leaving a trace

github.com
170 points·by paravirtualized·hace 2 años·39 comments

Online Spyware Watchdog

spyware.neocities.org
2 points·by paravirtualized·hace 3 años·0 comments

Session: Send Messages, Not Metadata

getsession.org
1 points·by paravirtualized·hace 3 años·0 comments

[untitled]

1 points·by paravirtualized·hace 3 años·0 comments

comments

paravirtualized
·hace 2 años·discuss
For a supposed hacker community, knowledge of Tor sure is low. Perhaps the privacy and anonymity people don't feel too keen on commenting.

Here is a good talk by Roger Dingledine, the original author of tor dispelling common myths and giving some statistics on its real world usage: https://inv.nadeko.net/watch?v=Di7qAVidy1Y

And for good measure,

It's Tor not TOR: https://support.torproject.org/#about_why-is-it-called-tor
paravirtualized
·hace 2 años·discuss
The woes of supporting an "I don't want to leave any crumbs" threat model. There are countless of pro-privacy projects who call themselves that simply because their service can be used to increase privacy, but they do not actually do much to protect privacy beyond that. Many even use Google Analytics.

For B, simply support both. This site is popular enough for there to be no risk sharing: Guerrilla Mail.
paravirtualized
·hace 2 años·discuss
> Made this privacy conscious temporary mail extension

> Enable JavaScript and cookies to continue

It's not privacy conscious. Privacy conscious would mean A) does not use Cloudflare as a CDN B) does not require JavaScript C) does not discriminate against Tor users.

There are a few services like this already, which I'm not going to spoil for cred on HN, but my rating of this site as of now is 0/10, unusable in the literal sense.
paravirtualized
·hace 2 años·discuss
PSA: It's Tor not TOR.

https://support.torproject.org/#about_why-is-it-called-tor
paravirtualized
·hace 2 años·discuss
https://www.kicksecure.com/wiki/Sdwdate
paravirtualized
·hace 2 años·discuss
> How is booting your encrypted partition in a VM within Tails more secure than booting it directly?

There will be no proof of an operating system existing at all, just random data. If you use VeraCrypt along with a hidden partition normally, you would still have the VeraCrypt bootloader or an apparent Windows installation on the drive.
paravirtualized
·hace 2 años·discuss
I think that the focus of combining it with Whonix is interesting and is what piqued my interest originally. Other than that, nothing.
paravirtualized
·hace 2 años·discuss
See also: https://github.com/IncognitoIceman/HiddenVM

Unfortunately, it looks like this version is no longer maintained.

"HiddenVM is a futuristic tool powered by KVM designed to combine the powerful amnesic nature of Tails and the impenetrable design of Whonix with the unbreakable strength of Veracrypt."
paravirtualized
·hace 3 años·discuss
It's highly unlikely that any operating system can be as secure as Qubes OS[1], simply by considering the model itself. Especially if using Whonix[2] VMs to browse the internet. It is based on GNU/Linux and Xen.

Each piece of software can be separated into its own VM. It uses read only templates for the root filesystem, making it difficult for malware to persist.

Templates have no access to networking or hardware making it difficult for them to be compromised, AppVMs where you run software can be treated as throwaway and be trivially destroyed after each use.

Dom0 has no access to networking, USB devices and runs no software. Total compromise would require a hypervisor escape.

It is designed with the assumption that you will be owned start to finish.

[1]: https://www.qubes-os.org/

[2]: https://www.whonix.org/wiki/Qubes
paravirtualized
·hace 3 años·discuss
I'm curious about the "trust" discussion that keeps being brought up here. What does GrapheneOS do differently from say, Debian GNU/Linux or Fedora?

It seems to me that it's no different than running a non-Microsoft/Apple operating system on desktop.
paravirtualized
·hace 3 años·discuss
How about everyone puts their monthly $5 into a VPS to run a Tor node to make the network faster rather than constantly pay for snake oil?
paravirtualized
·hace 3 años·discuss
Luckily I never have to use Windows these days, but with tiling window managers and package managers being a thing now, it might not be as horrible usability wise.
paravirtualized
·hace 3 años·discuss
> How? They fail to say, and most of what they do is just promotional garbage.

On the page that OP linked to, there's statements such as:

"The Everything Tor OS - All traffic is routed through the Tor anonymity network. No exceptions. Whonix is the "All Tor Operating System"."

"Cloaking your typing style - Your typing behavior can be used to identify you. Whonix prevents this with a cloak for your keystrokes."

"Live Mode - Whonix offers a much requested Live Mode. After the session all data will be gone."

So I don't get your point. Of course if you want to know how, in detail, you have to read the documentation.

https://www.whonix.org/wiki/Documentation
paravirtualized
·hace 3 años·discuss
> "Unanimously?" By whom?

By anyone who has read and understood the technical design pages.[1][2][3]

[1]: https://www.whonix.org/wiki/Dev/Technical_Introduction

[2]: https://www.whonix.org/wiki/Dev/Threat_Model

[3]: https://www.whonix.org/wiki/Comparison_with_Others
paravirtualized
·hace 3 años·discuss
See these posts - https://news.ycombinator.com/item?id=37509560#37511890
paravirtualized
·hace 3 años·discuss
I think that we both can agree that less = better, so I don't see your point.
paravirtualized
·hace 3 años·discuss
Tails uses a less secure model because it relies on the system firewall to block any non-Tor connections. This means that any user to root vulnerability will leave you naked, deanonymized. Additionally, protocol leaks, or unintentional leaks are more likely to happen. Both of which have happened in the past and are not mere speculation.

I've commented in this thread that at one point, such a vulnerability was left unpatched in Tails for years despite being documented and a PoC existing.

Whonix on the other uses two VMs, one of which runs Tor and the other applications, and connects via an internal network. This means that non-Tor connections are impossible, as the VM where you run software is completely unaware of the real, external IP.

This raises the level of exploit needed substantially, from user to root, to remote kernel exploits or hypervisor escapes.
paravirtualized
·hace 3 años·discuss
That's not an IP leak.
paravirtualized
·hace 3 años·discuss
> where the fact that you are connecting to a Tor node is extremely obvious

Yes, additionally, it has been concluded that it is impossible to hide the usage of Tor from the ISP, VPNs do not help. The usage of Tor is obvious.

> but don't want you to use a VPN

If you can't use Tor safely, it would be unlikely that you can use a VPN safely either.

> That may give you privacy, but it hardly seems like it makes you anonymous.

What makes you say that? There are millions of Tor users connected at any time, if you believe the number of users is an issue. I suggest you read more about Tor on their website - https://torproject.org

> Rather, wouldn't that send up a giant beacon for anyone at your ISP who cares to look at connections they (or the authorities) might want to pay more attention to?

No, I don't believe so granted that you live in a western democracy.
paravirtualized
·hace 3 años·discuss
I don't know of any distribution that gets 10 years of support besides Ubuntu LTS with paid support.