Closed mfc closed 1 year ago
Jeeppler
commented
8 years ago @mfc the whole point of tails is to be non-persistent how do you want to achieve this feature in Qubes OS? Where is the benefit for Qubes users over Whonix? What do you think about offering tails as disposable VM?
adrelanos
commented
8 years ago I don't see any distinctive advantages gained by Tails in a Qubes VM in comparison to Qubes-Whonix.
Anyhow. There is value in having Tails boot in a Qubes HVM. So I can more conveniently boot Tails sometimes to look around rather than involving a second computer. Convenience improves productivity. Similarly having a Tails template for Qubes with full integration of Qubes tools would also simplify other things. (Non-desktop related stuff, file copy etc.)
Also for the sake of having diversity. Being made by a different developer community. Coming with different default applications. Perhaps convenient for previous users of Debian / Tails that now like to migrate to Qubes / Tails.
My question:
Generally speaking… Putting Qubes aside for a moment for the sake of argument… Let’s suppose we have a Debian Live DVD. Then, from there start Whonix. Or Tails. How specifically would Tails be more amnesic than Whonix?
jmercier reply:
If both are running from a live cd, then (simply put) that would be the same.
Source, the comment section of the blog post:
https://garlicgambit.wordpress.com/2016/04/22/how-to-run-tails-from-a-qubes-live-cd/
Let's go through the original argument.
Why would you want to run Tails from a Qubes live cd?
There are two main reasons for this:
By default Tails obscures a lot of uniquely identifying bits about the system and the user. However Tails is mostly run on bare metal. This is a recommended approach for good reasons. But this makes it relatively easy to get access to uniquely identifying parts from the hardware of the system. This can include (unique) serial numbers from: the motherboard, cpu, videocard, memory, network card and bios. It can even include the unique service tags from the original equipment manufacturer (woops). Sophisticated attackers can use this information to de-anonymize users. With virtualization you can obscure and anonymize this information even more to minimize information leaks.
As concluded above, Tails in a VM has no advantages over Whonix in a VM in this regard. Whether the host operating system is run from read-only media or not does not change anything about this.
Tails does not protect against a compromised endpoint. If attackers can gain root access to a Tails system they can shutdown or circumvent Tor to de-anonymize the user. One solution for this problem is to separate the ‘workstation’ from the ‘Tor proxy’. With virtualization it is easy to create such a setup. Whonix is a project that already implements this idea and it is available for Qubes!
So why not switch to Whonix? Well because Whonix is mainly aimed at persistent installations, whilst Tails is not. We would argue that, on top of all the security and privacy technologies, Tails’ main strength is the fact that it is amnesiac or non-persistent. A reboot should clean up all records of its use. In order to keep this important property and get the benefits of virtualization you would need to run Tails from a virtual environment which in itself is also not persistent. One such virtual environment is the Qubes live cd.
a) Qubes Live plus Qubes-Whonix b) Qubes Live plus Tails -> persisted data after shutdown: a = b = 0 (*)
Otherwise please explain what and how Qubes-Whonix could possibly persist anything more than Tails?
(*) Issues fixable by Qubes only:
Issues not possible to fix at either Whonix or Tails at the VM level, that are required to make Qubes Live comparable to Qubes-Whonix Live / Tails Live.
mfc
commented
8 years ago I agree it is very unclear to me what the difference is between a theoretical Tails-workstation and current Whonix-workstation. Because of this, I think #1969 is misdirected since once there is an updated Qubes Live USB image it will have Whonix integrated in it... unless there are specific functionalities of Tails that are not captured in Whonix (please share if these exist!).
and I agree that "Tails in Qubes" probably means (1) improving Qubes Live USB and (2) improving Whonix templates in Qubes.
I'm going to change this ticket to be a meta-ticket tracking implementing "Tails-like functionality" in Qubes, since that would probably be more useful.
DrWhax
commented
8 years ago Hi,
As I see it, there are quite some differences between Whonix and Tails. So far, the direction seems to be, "Tails like functionality" which seems to mean, improving Whonix templates.
Correct me if i'm wrong but I think the differences here are:
How to leverage Qubes:
There are probably more differences but I would have to use Whonix for that.
andrewdavidwong
commented
8 years ago @DrWhax:
How to leverage Qubes:
- DispVM's for Tails means we get Amnesic features by default!
As Patrick explained above, this is only part of the picture. There are two senses of "Tails-like functionality in Qubes":
"DispVMs for Tails" would only achieve 1, not 2. (And, arguably, the same or better could be achieved with Whonix VMs.)
But if 2 is ever created, I propose the name TaiQuWhonDo: The Amnesiac Incognito Qubes Whonix Desktop operating system. (Just kidding.)
Jeeppler
commented
8 years ago TaiQuWhonDo I like the name ;-)
jpouellet
commented
5 years ago Another forensics concern to track/address if we want to go down this road:
/etc/qubes/backup/qubes-manager-backup.conf. This is previously known/documented, but still was an undesired surprise to me.andrewdavidwong
commented
1 year ago Closing this since we don't do meta issues anymore:
https://www.qubes-os.org/doc/issue-tracking/#projects
If needed, we can make a project for this instead, but it probably doesn't need one for now.
Just wanted to create a ticket for those interested to track Tails-like functionality in Qubes. This would include:
Are there additional functionalities in Tails not currently captured in these categories or the referenced tickets? Please share, or create tickets to track these differences.
mailing list thread that touches on the subject: https://secure-os.org/pipermail/desktops/2015-November/000015.html