Secure, Portable, Virtual Privacy Machine

solcity writes "Looks like an online privacy company, Metropipe, are planning to release a secure linux virtual privacy machine that runs from a USB stick. The image contains a pre-release of their new 'Metropipe Tunneler' product and also contains Firefox, and Thunderbird with the Enigmail/gpg extension. Looks like the whole thing is based on damnsmalllinux and uses qemu to boot on Windows or Linux without any installation or configuration. Very interesting use of qemu and damnsmalllinux, and all 100% GPL."

And yet...

[garcia]

And yet I am tunneling through SOMEONE ELSES proxy (which isn't free) to do my "secure" work.

I'm sorry but I cannot bring myself to trust my cookies, settings, and information to travel over anyone else's network. It's not safe unless *I* am the one controlling the proxy and the tunnel between the two.

SSH, Putty (for Windows users), and squid on your own machine is what I use. Yeah, you still can't avoid keyloggers and the like but at least you know that you are controlling what is being logged and where.

Re:Who's privacy?

[Ford+Prefect]

If it is using QEMU, then it's just another normal process with the same privileges (or lack thereof) as any other. QEMU's basically a PC emulator, albeit a pretty fast and compatible one.

There is the risk that processes on the host machine can peer at its memory and fish out the unencrypted data without any way of it knowing - unlikely that someone would develop such a thing, but if you're being paranoid there's always the possibility.

only limited protection

[jeif1k]

Such approaches give you only limited protection: if you don't trust the systems you plug into, you may still be subject to key logging, screen recording and other attack.