Secure, Portable, Virtual Privacy Machine

solcity writes "Looks like an online privacy company, Metropipe, are planning to release a secure linux virtual privacy machine that runs from a USB stick. The image contains a pre-release of their new 'Metropipe Tunneler' product and also contains Firefox, and Thunderbird with the Enigmail/gpg extension. Looks like the whole thing is based on damnsmalllinux and uses qemu to boot on Windows or Linux without any installation or configuration. Very interesting use of qemu and damnsmalllinux, and all 100% GPL."

Comment removed

[account_deleted]

Comment removed based on user account deletion

And yet...

[garcia]

And yet I am tunneling through SOMEONE ELSES proxy (which isn't free) to do my "secure" work.

I'm sorry but I cannot bring myself to trust my cookies, settings, and information to travel over anyone else's network. It's not safe unless *I* am the one controlling the proxy and the tunnel between the two.

SSH, Putty (for Windows users), and squid on your own machine is what I use. Yeah, you still can't avoid keyloggers and the like but at least you know that you are controlling what is being logged and where.

Re:Who's privacy?

Depending on what else is included in the distro... Yes. But there are already distros that let you do that NOW. There's even Windows live CDs that will let you do it to other windows systems. Google is your friend.

So what's your point?

[pavon]

The data on the laptop is insecure. Anyone with physical access to a machine can read the unencrypted data on that machine. It has been that way forever. The existance of this product doesn't make it any less secure than it already was.

However, the person with this USB fob has increased his security. Thus a net gain in securtity. If you want to be secure you need to take care of yourself. Sticking your head in the ground is not a viable security plan.

Re:So what's your point?

[mukund]

Actually you could argue that trusting a method is worse than not trusting it at all. Trusting a unknown key for example, for the sake of security, and sending out private encrypted data protected by it is worse than not trusting the key at all.

Personally, I think carrying your own laptop around is a far better approach (for what the author is trying to achieve) as you don't have to trust others' computers which may contain software to thwart the security of devices such as this USB key by reading all data off it.

You could find flaws with what I've said too---good security is not easy.

Re:So what's your point?

[metlin]

True, but there are situations where having such a tool around would be quite handy.

The problem is that one cannot always carry one's laptop all the time, wherever they are. Often times, you end up needing your laptop at a time and place when you are least prepared for it -- I'm sure those of us here who need to shuttle all over the place to meet clients have encountered this.

And besides, the laptop is an insecurity in and of itself. Thieves view it as something that can be stolen, and it is a device that can be physically bugged.

True, you don't necessarily trust a computer off an airport in Paris. However, using that computer with your safe-toolkit is probably a whole lot safer than using your laptop with a bug in it -- hypohetically, ofcourse :-)

So, I suppose this is a good security tool. Not the solution to all the problems, but a good tool neverthless.

Or maybe I'm just being too paranoid. And that black helicopter outside my apartment probably belongs to that hot chick across the street. Who knows! ;)

Re:So what's your point?

There are always hardware key loggers that can capture your keystrokes. When was the last time you checked the keyboard port for one on an untrusted computer?

Re:So what's your point?

It boots an emulator to run it's OSes. You still have to trust that there's not a software keylogger, etc. in place in the host OS.

Re:Who's privacy?

[julesh]

Presumably, if they were concerned, they'd have encrypted their files.

OK, let's think this through

[wowbagger]

OK, let's think this through:

As I read it, this is a Linux session running in a virtual machine under the host operating system - the idea being that any "sensative" data resides in the virtual session, so the host has no visibility to it.

Except that the host is providing all the screen and keyboard access, so if the host is comprimised and is running VNC the attacker can see where you are going, and what your password is.

True, *IF* the password is only the SSH keyphrase for a private key that is only accessible to the virtual machine, then *maybe* it does him no good.

But since the virtual machine needs to access the media through the (comprimised) host OS, the attacker can copy that data as well.

It sounds to me like this is just giving you a false sense of security.

Re:OK, let's think this through

[gl4ss]

besides than that..

you can buy dongles that record keypresses(that go into the cable).

if it's someone elses computer and you're _really_ paranoid.. then just forget about using it.

Re:Who's privacy?

[Ford+Prefect]

If it is using QEMU, then it's just another normal process with the same privileges (or lack thereof) as any other. QEMU's basically a PC emulator, albeit a pretty fast and compatible one.

There is the risk that processes on the host machine can peer at its memory and fish out the unencrypted data without any way of it knowing - unlikely that someone would develop such a thing, but if you're being paranoid there's always the possibility.

only limited protection

[jeif1k]

Such approaches give you only limited protection: if you don't trust the systems you plug into, you may still be subject to key logging, screen recording and other attack.

Re:Life span?

[FirstTimeCaller]

How many times or how long can you use this device before wearing out the key?

Well, if you set up a RAM disk and only store personal settings on the USB key -- then I suspect that it would last for quite some time. If you don't care about saving settings, then you can boot off the key as a read-only media and never write back to it. So I don't think this would be a major concern.

Re:hail open source! hail freedom!

[metlin]

No.

You are still trusting the person at the other end. After all this, if the spooks could install sniffers at the other end, your data is still compromised.

Why go that far, the spooks need install stuff on just your machine, or use other means.

Carnivore will never entirely go out of the pictures, it's always a Cat & Mouse game. If this becomes widespread, something else would come up to counter it.

Besides, all this is good only until QC becomes viable and widespread, and at which point your existing encryption systems become quite moot.

Re:Who's privacy?

[Pantheraleo2k3]

Please RTFBlurb. It uses QEMU to run on top of Windows or Linux. Therefore you do not circumvent the default OS.

Re:How big?

[Dan+Yaeger]

Dell is offering a 1GB Mini Cruzer for $50.96 after MIR. This should be plenty of storage for your needs. With 1GB at USB 2.0 speeds you can do more than use this as a toy. Link http://accessories.us.dell.com/sna/productdetail.a spx?sku=A0290872&c=us&l=en&cs=19&category_id=2999& page=external

Re:How big?

[Charliems]

Uncompressed it is 122MB, a 128MB USB FOB would just make it with very little room for additional storage. 256MB would be more than enough.

A PDA with Wifi will work

Computers in internet cafes have keystroke loggers.
Laptops are heavy and get stolen.
My Palm Tungsten C stays safe in my pocket and communicates using Wifi. Easy to intercept, but who cares, if it's encrypted?
Or am I missing something?