As I suggested once in the past for another project, you could bundle up all the software in one package, and either run it on dedicated hardware *and VNC into it* to use it's secure browser, or run it locally in which case you interact directly with the VM (and it can still have multiple VMs if a script or other software makes the process entirely automatic). A dedicated box should support multiple simultaneous VNC users.
- Sent from my phone Den 26 mar 2014 20:26 skrev "Patrick Schleizer" <adrela...@riseup.net>: > TLDR: > > Future Directions - Where Whonix wants to be in 2 or 5 years? > > Do we want Whonix to be for average users or just for those with unix > knowledge? > > Whonix is a useful tool for some already, got many fans. How can we make > Whonix really user friendly to allow mass adaption by regular people who > need anonymity most? > > Long: > > It seems, Whonix limits itself by its two machines design. [1] It's not > exactly simple and user friendly to say "you first need to get > VirtualBox, then import these two VMs, then start Whonix-Gateway, then > start Whonix-Workstation or use physical isolation [2]". How could that > be improved while keeping Whonix's design? > > In the last days many had great ideas. One was to create a hardware > appliance. Whonix running as physically isolated gateway running on > devices such as Raspberry PI or OpenWRT or creating a Tor WiFi Hotspot > (a WiFi hotspot once using it, torifying the whole connection). The > issue is, having a "route everything through Tor" approach alone doesn't > make it anymore nowadays. If someone would run their usual applications, > such as their Firefox or Internet Explorer browser they used for > non-anonymous stuff beforehand over Tor, they wouldn't be anonymous at > all due to (flash) cookies, browser fingerpriting [3] and so forth. > Saying "plug this hardware appliance between your router and your > computer AND install this client package" also doesn't sound exactly > simple. > > Another idea was to create a Whonix Live DVD. But even if we managed to > create one, it would still be clumsy to say "you have to burn this iso > to DVD, then boot it, then start Whonix-Gateway, then start > Whonix-Workstation". > > Jason Ayala suggested to create an Whonix USB installer [4]. It would > still be clumsy (as above), but installing Whonix would get simpler and > more encouraging to use a non-Windows, separate operating system. We > then would have to support lots of different hardware, but additional > support by funding [5] this would be possible. Users still would have to > figure out how to boot from USB, which is not entirely trivial due to > different BIOS implementations. Also "secure boot [6]" won't make this > simpler. > > Cerberus raised the idea to make Whonix fully managed. Perhaps he meant > to enable automatic updates [7] for the host, Whonix-Gateway and > Whonix-Workstation. Whonix-Gateway could then be fully managed and > hidden from non-advanced users. However, there are some settings that > need to be set up on Whonix-Gateway, such as settings for Tor bridges > [8]. Maybe a Whonix-Host operating system could ssh into Whonix-Gateway > to manage it. > > Or maybe while we're at discussing a Whonix-Host operating system, we > should revive the OneVM [9] concept? In essence, we're shipping > Whonix-Gateway as VM package, because it is a simpler and more robust > implementation to support a variety of different host operating systems > and configurations. As long as Whonix doesn't provide a host operating > system, the two VM solution is more robust. But if Whonix is enters the > next stage of evolution, i.e. by shipping a host operating system, the > OneVM concept may work better. > > The idea to add Whonix to the usual app stores, such as Windows / Mac > app store as well as “sudo apt-get install whonix” has been raised as > well. This wouldn’t make Whonix less clumsy (still two VMs), but it > would make installation simpler and more secure. > > In summary, we're not sure yet where the journey should go to. We'd > appreciate the input of the community. Please share ideas on how Whonix > could become really usable while not sacrificing security. > > Footnotes: > > [1] https://www.whonix.org/w/images/9/90/Whonix.jpg > [2] https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation > [3] https://www.torproject.org/projects/torbrowser/design/ > [4] https://www.whonix.org/forum/index.php/topic,205.0.html > [5] https://www.whonix.org/forum/index.php/topic,201.0.html > [6] > > https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot_criticism > [7] https://www.whonix.org/wiki/Dev/Automatic_Updates > [8] https://www.whonix.org/wiki/Bridges > [9] https://www.whonix.org/wiki/OneVM > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu.
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
