Ok lets assume that you run Whonix workstation from home. If a 0day exploit or an attack on the tor network itself happens then it would be game over.
If someone was to run the following setup would it be more secure.
Host > Whonix worksation > ssh vps > Whonix workstation and use the workstation on the vps to do your browsing my train of thought is that following an exploit or an attack on the tor network they would get the vps i.p sure but as I would be connected to that vps via another Whonix box that my real i.p wouldn’t be revealed.
Other than maybe slowing down my browsing some is there any downsides to this setup?
Why? Attacking Tor wouldn’t grant an attacker any benefit as IP-Leaks aren’t possible with Whonix. Only a complex attack on the hypervisor would create a “game over” scenario. For this, a “virus” would have to realize that it is in a VM and break out of it, which is currently a scenario so complex and (in the surveillance scene) valuable that it wouldn’t be wasted on anything less than another country like stuxnet was.
I’m not sure I really understand your idea. Are you trying to use “physical isolation” between a workstation on a remote server and a local gateway? Because if yes, this wouldn’t necessarily create a smaller surface of attack. A bigger actually, if you don’t have complete control over the server hardware. Adding to that, often software based isolation is actually more secure than physical isolation, as explained here: http://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf
Thank you for the reply, regarding my idea it was to run a seperate Whonix gateway and workstation on a remote vps/dedicated server, using a Whonix workstation on my host pc to ssh into that vps and then run the other Whonix workstation via a vncserver on the vps…
I’m going to read the link you posted now, I just wanted to clear up my idea.
The problem with mythical, all-powerful “0day exploit or an attack on the tor network” is that for every defense you propose, I can just say, “What’s to stop the attacker from doing the same attack one more time?” In other words, the attacker can use the same attack on your VPS to uncover your real location, so it will be game over no matter what. You need to be more specific in describing the attack you are defending against.
It’s just all theory-craft really I just thought that by connecting to a vps/dedicated server installing a gui interface and then running another Whonix setup from there would be a little more secure. I’m not at all suggesting Whonix is insecure I was just thinking of ways to hopefully make it harder for a potential attacker to compromise me. $10 or so a month to rent a vps for an additional layer of protection would be worth it to me if it did improve my security.
As for an example when CMU university performed the attack on tor, to reveal i.p address how would Whonix have stood up against that kind of attack?