Information
ID: 725
PHID: PHID-TASK-k7dk44vkxthfqfmo6v7e
Author: Patrick
Status at Migration Time: open
Priority at Migration Time: Normal
Description
Could we reasonably make a Whonix-Workstation be a ProxyVM (provides_network)?
Running tinyproxy / Qubes updates proxy in a whonix-ws based disposable UpdateVM would have some advantages:
- Whonix-Gateway firewall rules simplification
- [ currently ] Qubes torified updates proxy runs in Whonix-Gateway, a VM that has a “wire” to:
- access Tor: yes
- access clearnet: yes
* → not great
- [ proposed ] Qubes torified updates proxy runs in Whonix-Workstation, a VM that has a “wire” to:
- access Tor: yes
- access clearnet: no
* → better
- Moving the attack surface of tinyproxy from #Qubes
sys-whonixto awhonix-wsbased AppVM running behindsys-whonix. - a compromised tinyproxy is less likely of compromising Whonix-Gateway and sending clearnet traffic
Other advantages:
- Prerequisite for Qubes
whonix-wsbased disposable UpdateVM. - (low priority) Allows sanely running an DHCP server on a Whonix-Workstation.
** (low priority) Opens up for torification of Android emulator. (ref)
** (low priority) Whonix-Workstation could be assigned a WiFi device and being developed to provide a torified WiFi hotspot (useful for circumvention only, not so much for anonymity)
Related:
- DHCP support T239
Comments
marmarek
2017-11-03 13:46:02 UTC