On Tue, Feb 17, 2015 at 11:55 AM, WhonixQubes <whonixqubes at riseup.net> wrote:
> Right.
>> For example, subdividing the cross-section of privacy/anonymity users by the
> following attributes would no doubt be a privacy/anonymity killer for
> individual human identities...
>> # of unique combined mixtures of the following attributes:
> - # of Qubes Users
This is relatively easy, because all Qubes users would look similarly
thanks to the local IP address.
Contingent on being able to retrieve local IP or MAC address - which
is not trivial in a privacy-minded setup.
Other information looks like a Fedora system with hardware not
supporting OpenGL.
> - # of Qubes + Tor AnonVM Users
This would require correlating previous step with the list of Tor exit
nodes or using a hidden service for a callback.
> - # of Qubes + Whonix AnonVM Users
This is actually much harder, there's not enough information to
discern between Tor AnonVM and Whonix AnonVM I think.
> - # of CPU Model Info
> - # of CPU Microcode Version
This information is hard to get, unless you crack every one of the
people above - and then, you have to be sure they do not use the same
CPU model.
To do so, you need to break Tor or, say, JavaScript implementation of
most browsers. Then at least access /proc/cpuinfo.
Alternatively, run a plugin which allows access to such information.
(Java comes to mind.)
Fortunately, CPUID does not provide Processor Serial Number in any recent CPU.
Microcode can be either updated when starting Xen via
ucode=<number|scan> and the microcode image in number case or
initramfs with early microcode in scan case.
If Qubes updated the microcode for everyone (a generally good idea),
that could be ignored. Xen 4.4 supports it, so it could be done for
r3.
I think dracut supports adding microcode to the initramfs, so would
just have to add the parameter.
> ...should be pretty easy to reveal individual people through their usage of
> Qubes privacy/anonymity this way.
No. Again, the hardest step is the last one - breaking out of the
sandbox of the web browser.
Once you have local access, there is enough ways to fingerprint
everything imaginable that you've lost.
> Although, AFAIK, other platforms are not totally immune from this. Some just
> have a higher # of total users out in the world, but at their technical
> expense of lacking strong security isolation to protect the integrity of
> their privacy/anonymity systems.
Disable JavaScript, plugins, OpenGL. (e.g. NoScript) Disable cookies.
You are then depending on the web browser's security of this mechanism
and should be left with a vastly smaller TCB.
It also becomes much harder to identify you as a Qubes user as well.
>> Thus, perhaps we should consider distributing Whonix workstation
>> template as an HVM template instead of a PVM one? Fortunately we do have
>> templates support for HVMs, so this should be perfectly possible.
>>>> Assuming there is no feasible way to accomplish this objective with PVMs,
> then implementing the Whonix-Workstation in a HVM template with
> "generic_cpuid" sounds like the right move.
Available free memory in the VM is a much better predictor of the user
and usage than CPUID.
Especially if you allow the VM to balloon (automatically resize memory).
This information is even available from JS in Chrome. (but not Firefox
to my knowledge)
> Another anonymity upshot of HVMs is their, by default, non-seamless fixed
> single windowing. Even though the seamless desktop mode of the new Qubes +
> Whonix platform is sexy and smooth to use, it does expose another
> semi-unique host machine attribute to the AnonVMs, which is the host's
> unique display resolution size and pixel depth (maybe some other related
> stuff too?). Not as bad of an attribute as the host's unique CPU info,
CPUID does not have unique CPU info - Processor Serial Number is not
implemented there in modern CPUs.
> but
> still would be best to make use of the fixed single windowing for AnonVMs so
> this could be generic. Maybe both seamless and non-seamless windowing
> options could be offered for Whonix-Workstation HVM template, since some
> people hate non-seamless.
Why not just resize the browser window by means of the internal window
manager or virtual display size?
(But why are you allowing JS then?)
Much easier than tossing HVM at it, you need to patch exactly one line
in the client VM.
Of course someone might have a weird screen size... but again, this
requires JS to be running.
--
Radosław Szkodziński
More information about the Whonix-devel
mailing list
“Look here!” Dick began to chuckle. “We’ve got a queer combination to work with—our Sky Patrol has! Suspicious Sandy—and—Superstitious Jeff!” Sandy grinned ruefully, a little sheepishly. Larry smiled and shook his head, warning Dick not to carry his sarcasm any further, as Jeff frowned. 52 "You do doubt me. If you did not, it would never occur to you to deny it. You doubt me now, and you will doubt me still more if you don't read it. In justice to me you must." "That same. She was part Mescalero, anyway." This Act, as disgraceful as any which ever dishonoured the statute-book in the reigns of the Tudors or Stuarts, was introduced into the Commons, on the 12th of May, by Sir William Wyndham, and was resolutely opposed by the Whigs, amongst whom Sir Peter King, Sir Joseph Jekyll, Mr. Hampden, Robert Walpole, and General Stanhope distinguished themselves. They did not convince the majority, which amounted to no less than two hundred and thirty-seven to one hundred and twenty-six. In the Lords, Bolingbroke himself moved the second reading, and it was ably opposed by the Lords Cowper, Wharton, Halifax, Townshend, Nottingham, and others. The greatest curiosity was displayed regarding the part which Oxford would take, as it was known that in the Council he had endeavoured to soften the rigorous clauses; but in the House he followed his usual shuffling habit, declaring that he had not yet considered the question; and, having induced the Opposition to let the second reading pass without a division, he absented himself from the final voting, and thus disgusted both parties and hastened his own fall. The battle of Falkirk, which in itself appeared so brilliant an affair for Prince Charles, was really one of his most serious disasters. The Highlanders, according to their regular custom when loaded with plunder, went off in great numbers to their homes with their booty. His chief officers became furious against each other in discussing their respective merits in the battle. Lord George Murray, who had himself behaved most bravely in the field, complained that Lord John Drummond had not exerted himself, or pursuit might have been made and the royal army been utterly annihilated. This spirit of discontent was greatly aggravated by the siege of the castle of Stirling. Old General Blakeney, who commanded the garrison, declared he would hold out to the last man, in spite of the terrible threats of Lord George Murray if he did not surrender. The Highlanders grew disgusted with work so contrary to their habits; and, indeed, the French engineer, the so-called Marquis de Mirabelle, was so utterly ignorant of his profession, that the batteries which he constructed were commanded by the castle, and the men were so much exposed that they were in danger of being destroyed before they took the fortress. Accordingly, on the 24th of January they struck to a man, and refused to go any more into the trenches. "Haint we bit off more'n we kin chaw. Shorty?" asked Si, as he looked over the increasing gang. "Hadn't we better ask for some help?" "How far would it carry?" Corpril, Company Q, 2 Hundsrdth Injiamiy Volintear "He d?an't care much. F?ather, he likes to be comfortable, and this Inclosure w?an't make much difference to that. 'T?un't as if we wanted the pasture badly, and F?ather he d?an't care about land." "Byles," interrupted Calverley, speaking rapidly, "you are poor—you are in arrear with your rent; a distress will be levied, and then what will become of you—of your wife and the little one? Listen to me! I will give you money to keep a house over your head; and when I am steward, you shall have the first farm at my lord's disposal, if you will only aid me in my revenge! Revenge!" he repeated, vehemently—"but you hesitate—you refuse." "Yes, yes, there is little doubt of that: but how can we come at the truth? Sudbury still retains his wrath against us, and would oppose an arrest; and even could he be waylaid, and brought hither, he is stubborn, and might refuse to answer." HoME一级做人爱c视正版免费
ENTER NUMBET 0017 yezu1.com.cn www.tefan9.com.cn www.gdic.net.cn www.rezu6.net.cn www.fanzu6.com.cn dudou0.net.cn jiuwo3.net.cn 09907.com.cn 5dhfz.net.cn www.au74.com.cn