Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure, Portable, Virtual Privacy Machine

Posted by michael on from the zero-knowledge-tried-and-failed dept.

solcity writes "Looks like an online privacy company, Metropipe, are planning to release a secure linux virtual privacy machine that runs from a USB stick. The image contains a pre-release of their new 'Metropipe Tunneler' product and also contains Firefox, and Thunderbird with the Enigmail/gpg extension. Looks like the whole thing is based on damnsmalllinux and uses qemu to boot on Windows or Linux without any installation or configuration. Very interesting use of qemu and damnsmalllinux, and all 100% GPL."

5 of 168 comments (clear)

  1. Trust is the Key Word by ifreakshow · · Score: 5, Interesting

    Basically a USB hard-drive that auto configs ssh and your browser so novice users can access proxyies.
    A very cool idea but only "secure" if you trust the company. They say they don't keep logs, but you never know. Also a yearly fee with a limit on transfer.

  2. Not all GPL... by non-poster · · Score: 4, Interesting

    The ./ story, as well as the link (Portable Virtual Privacy Machine), say that it's 100% GPL, but at least the Mozilla parts (Firefox and Thunderbird) are under the Netscape Public License.

    Should I believe anything else these folks say?

  3. Life span? by Remlik · · Score: 4, Interesting

    I thought USB type keys were limited to 100k writes before failure. How many times or how long can you use this device before wearing out the key?

    --
    Apple free since 1990!
  4. hail open source! hail freedom! by museumpeace · · Score: 4, Interesting

    Good bye Carnivore?
    James bond wants one of these. The FBI, when they finally figure out what this is, will want it banned. I have dreamed of doing something like this with an applet but this is much slicker and more powerful.
    Next questions, can I tunnel through with VOIP? How "special" does my correspondent/recipient have to be for the trail for eavesdroppers to go cold on both ends of the connection?

    --
    SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
  5. Waaaaaait. by cbiffle · · Score: 4, Interesting

    Okay, lemme get this straight.

    You take this USB key and plug it into an untrusted machine (since, if you had a trusted machine, you wouldn't have to go through these hoops). It fires up a virtualized PC that runs Linux and lets you get out to the web using an encrypted proxy.

    I fail to see the utility of this. You're running QEMU on the host. If the host is compromised (and it's best to assume that any untrusted host is), it has full access to your keystrokes, I/O, and the entire memory image of your system.

    Good crypto software for Unix makes sure to prevent its sensitive data from going out to swap by negotiating with the virtual memory system. This keeps your passphrases and keys from showing up in a swapfile if the machine is compromised. This type of system has no control over that -- if the host decides to swap the emulator out, foom! your entire system image is now on disk. A disk you don't trust.

    Not to mention that processes on the host could simply read through your memory in real time.

    So, in short, an untrusted computer is still an untrusted computer. While this sounds useful for encrypting one's network connections, it seems like an awfully complex solution to reinvent the concept of a VPN.