Is it possible to develop a fully stateless system that would function with a live Kicksecure host running a live Whonix VM (set to Immutable in Virtual Box)?
See image of error message here:
– drive. proton. me /urls/ ATVJSDRBS0#2L5gpa2yNrUJ
– drive. proton. me /urls/ PMZPCBGZA0#j0B4BZFjRiAx
(FYI, KVM seems the more secure virtualization technology to me since I have seen Oracle’s software crash many times on Fedora hosts. But I understand the Company’s expertise can come in handy from time to time.)
A few additional security observations:
‘hardened-kernel’ is a highly appreciated feature in Kicksecure.
wiki/Hardened-kernel
Other software is far more susceptible to kernel crashes. For example, both Qubes (Fedora Dom0) and Graphene OS have observable soft-spots in their kernel and it would be very unfortunate if one stored a wallet with Amethyst, etc (Android) or in a weak Fedora host. Building Mobian on Pine64 towards a mobile Kicksecure spin would be awesome for secure mobile crypto wallets that could interact with POS IRL
forum qubes-os org /t/ vm-sigkill-at-will-d-bus-broker-service-and-qubesd-fail-to-boot-attack-disables-qubes-updater/30344
– drive. proton. me /urls/ T0VY01P1E4#jr2QDZ4xppax
– drive. proton. me /urls/ YK1ASHFKWM#ghFIFlLQ5FnQ
virtualization not strong - i.e. rpc and qrexec really all connected
article / 10.1007/s41870-019-00294-x
Native sandboxing like Firejail is also a good place to direct one’s efforts in developing Kicksecure. https:/ /www. kicksecure. com/wiki/Sandbox-app-launcher
After extensive testing, it would appear that the MAC control and permission hardening paradigm of TAILS is stronger than the compartmentalization and isolation through virtualization strategy of Qubes OS.
Dual Strength Tor Level options – If one takes a look at Nym (Chaum mixnet - Free Haven whitepapers) VPN, you can see that there is a Wireguard level and a mixnet level for secure messaging and confidential layer blockchain. I would recommend something similar if not handled on an app-by-app basis for levels of tor: one layer with Vanguards and another layer for low-latency tor.
Kloak - keystroke anonymization is also a very interesting Kicksecure feature under development that is not offered in any other major distribution.
How does this compare to the MAC control and permission hardening and apparmor that Kicksecure utilizes since they both use Debian?
I didn’t think there was such a thing as low-latency tor since UDP is not supported. When you mean low-latency, what types of applications are you talking about cuz even with VPN and things like I2P some applications like real-time communication are not optimized imho.
I’m a little leary about these proton links has anyone verified them?
bubblewrap aka bwrap is good.
Yeah it is underrated. One thing I think would be great to improve on was screen keyboard integration to the xfce panel. However I don’t like onboard compared to screen keyboard that GNOME uses with accessibility settings. Not sure of the package name or if its a dependency that is apart of wider ranged GNOME package?
Hard Code
Stateless (think live) and memory safe (e.g. Rust lang) computing are a hard problem in CS.
For example:
Q: Why can’t you run a VPN live?
Q: Why can’t you run a virtual machine on a live host but you can have a live VM?
Q: Why not ‘live’ (memory safe as possible) wallets? A ‘live’ VM with a Electrum or other crypto currency wallet would be more secure (less susceptible to malicious code modifications not intended by the user) but you have to actually do something more like TAILS persistence for this to work.
Latency
Try working with Nym mixnet. Read the Chaum white paper on Free Haven. Observe how tor + Vanguards (github Mike Perry) functions. Try using tor browser on the “safest” setting. There are many trade-offs that have to be considered when utilizing the internet skillfully. There is not just one answer for everthing as if you could onionsite all your activity online with TB.
I am very interested in Kicksecure as a strong and trusted host for utilizing Nym mixnet network for Zcash and Vanguards with tor network for Monero in Electrum Wallet. Is TAILS or Whonix a more secure OS for the Electrum Wallet?
Kicksecure is perfect for Kloak since this Debian based host is on bare metal. See whonix(dot)org /wiki/Keystroke_Deanonymization
True, Proton does seem hostile to truly anonymous networking. The slides of screenshots from drive are just to illustrate the point. No need to link if you are mistrustful.
They appear to be screenshots of errors but last link makes me think this person might be a “ESL” troll
You can, I’m running Mullvad VPN on debian morphed Kicksecure and I have no issue using it in booted in live mode.
Q: Why can’t you run a virtual machine on a live host but you can have a live VM?
Are you sure about this?
Maybe the way that grub-live is as compared to overlay-root that tails uses?
There is a project called aforensics/HiddenVM on github that allows you run a VM on Tails (live host) that Kicksecure could see how they do it to fix this if indeed an issue.
But like I said it may be do to how grub-live works compared to tails overlay-root or however their live system implementation is.
Doesn’t Nym require lots of heavy installation/dependencies?
Why would you ned Nym for Zcash?
Zcash is not good as it requires a trusted setup and is not shielded by default.
Monero in Electrum Wallet
You mean feather the wallet based off of Electrum?
Of course, typing off-line is the best way to prevent site-side keystroke fingerprinting but that behavior is inconvinent if one is always copy pasting to search bars and not just to paragraph or multi-sentence texteras (postings). But Kloak also anonymizes peripheral inputs which cannot be taken off-line like mouse
and scrolls.
When installed on the host, you can immediately detect that the sensitivity of the inputs has changed.
Since there is no bare-metal Whonix, I presume that the fact that Kloak is alrealy installed means that some action is taking place, although it is not sensorily evident.
The test from vmonaco(dot)com/device-fingerprinting was very interesting. You can see that ‘N=’ changes between enabling or disabling kloak via systemctl.
Since I interepret @quicksilver as referring to touch screens on mobile devices, I will also add that the UBlock Origin add-on functions in a similar way when testing with vmonaco and this can be added to mobile browsers. No doubt, Kloak is much more advanced.
Seeing Kloak in action was very exciting. Kloak is not available in Qubes OS (Fedora bare-metal) or TAILS but site-side deanonymization via type fingerprinting analysis much be a major source of identifying information in cyberspace.
@privacy - dvm (live/disposible VMs) in Qubes with any VPN service does not function. In a sense, tor is just a particular kind of VPN and it does function live. Mullvad does not function live in any way. I have tried it. Please prove what you claim is true with a screenshot or a substantiate with a link. You are trolling, it could be claimed. What is ESL? It is not possible to run a guest VM with a live host. That is not trolling. You have some prejudice about substanitating or citing information.
Aparently, people only use Linux for onionsites or bitcoin or have one device for every other aspect of the interenet that doesn’t function with tor and the highest levels of anonymity and another device for projects similar to Whonix. Another possibility is that everyone in the tor community is wating for the day when everything is onionsprayed and accessible via tor and not blocked by corporate capitalism that wants everything tracked and blocks tor.
The main challenge here is that while live mode keeps the root filesystem read-only, the OS itself needs to be able to write to the root filesystem. This paradox means we have to use an overlayfs in RAM, which keeps all changes to the root filesystem in RAM. This means that while booted in live mode, your available disk space is limited by available system RAM. VMs used during this time have to run entirely in RAM, which is hard when your VM disks are even modestly large. When you modify a file when using OverlayFS, the base file is copied wholesale into the overlayed filesystem, meaning if you boot a Whonix VM while in live mode, the whole disk image has to be loaded into RAM, which is difficult unless you have a lot of RAM. For this reason, it will probably be impractical to run a Whonix VM while booted into Kicksecure’s live mode. Instead, you can boot Kicksecure into persistent mode, and then boot the Whonix VMs themselves in live mode.
What may be possible in the future (no promises, I’ve only talked about this idea briefly with @Patrick and it may not be on the roadmap at all) is that Kicksecure could potentially boot itself in a VM while in live mode. Essentially when the root filesystem is immutable, you can actually boot it multiple times (once on the host and then once per VM you run) without running into any conflicts, so long as each user of the base filesystem uses their own overlay and doesn’t touch the contents of the base disk. This would let you have the protection offered by a VM, without requiring any extra disk space. This wouldn’t give you the advantages of Whonix (at least not the way I have it envisioned), but it would give you sandboxing. This will potentially become easy to implement if Kicksecure gets support for Verified Boot.
I don’t think hardened-kernel was actually fully released, and it seems to be somewhat outdated. The last commit to it was last year, and it’s downloading a now-EOL LTS 4.x kernel. I would advise against using it. As the wiki page notes, it’s for developers only.
Thank you for answering @arraybolt3. Do you think 32GB of RAM (which is the highest, standard amount of 16x2) would be sufficient? Then a custom and expensive amount of RAM would not be necessary and running both guest and host live is a reasonable possibility.
At one time Qubes OS offered an ‘alpha’ live USB iso. I sought out a new ‘developer’ OS after my Qubes system was destroyed by an attacker (ROP sigkill VM-s, qubesd and d-bus – I shared drive links to screenshots of these events if anyone is curious). Perhaps an expert looking at the slides (that is another good use for sandboxing if mistrustful) would be able to tell what sort of vulnerability caused the crashes. At the time, I was also experiencing frequent kernel crashes on Graphene OS. As you noted, adding Kloak to TAILS is possible, but that might not be optimal even though additional software can be added. TAILS is an OS that seeks to appear uniform (everyone looks like tor Windows) and is not a ‘development’ OS for testing and building new projects.
If harden-kernel is not maintained well enough for mainstream use, is that also true of hide-hardware-info (abstraction with virtualization does this to a certain extent as does mandatory access control)? These are still interesting development areas even if more work is needed.
It is probably wise to onionize deb.whonix (for Kloak) and deb.kicksecure in derivative.list for best security. Or do you think https is sufficient? Onion-tlsrepositories are also under development. Do you have any thoughts about building secure signing enclaves like Arch or do you think apt is still the best way to update and acquire packages? I read the discussion about getting a tarball vs. the service unit for Kloak. There is no way to ‘update’ an .ova or a .libvirt; it is transferred (“transmitted”) like a tar file is “down” loaded. Checking the shasum or .asc can’t be much improved upon. Only a very advanced adversary could forge such a file, no?
Thanks for answering the primary question and addressing a few of the other exploratory topics.
Kloak is not a Kicksecure feature. Kloak is installed by default in Whonix, which is a derivative of Kicksecure. It won’t be installed by default in Kicksecure. Reasons, see:
