Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure, Portable, Virtual Privacy Machine

Posted by michael on from the zero-knowledge-tried-and-failed dept.

solcity writes "Looks like an online privacy company, Metropipe, are planning to release a secure linux virtual privacy machine that runs from a USB stick. The image contains a pre-release of their new 'Metropipe Tunneler' product and also contains Firefox, and Thunderbird with the Enigmail/gpg extension. Looks like the whole thing is based on damnsmalllinux and uses qemu to boot on Windows or Linux without any installation or configuration. Very interesting use of qemu and damnsmalllinux, and all 100% GPL."

7 of 168 comments (clear)

  1. And yet... by garcia · · Score: 5, Insightful

    And yet I am tunneling through SOMEONE ELSES proxy (which isn't free) to do my "secure" work.

    I'm sorry but I cannot bring myself to trust my cookies, settings, and information to travel over anyone else's network. It's not safe unless *I* am the one controlling the proxy and the tunnel between the two.

    SSH, Putty (for Windows users), and squid on your own machine is what I use. Yeah, you still can't avoid keyloggers and the like but at least you know that you are controlling what is being logged and where.

  2. Re:How big? by Anonymous Coward · · Score: 5, Informative

    The zip is 82MB. Probably want to run this on a 256MB or larger key so you have room to store data as well...

  3. Trust is the Key Word by ifreakshow · · Score: 5, Interesting

    Basically a USB hard-drive that auto configs ssh and your browser so novice users can access proxyies.
    A very cool idea but only "secure" if you trust the company. They say they don't keep logs, but you never know. Also a yearly fee with a limit on transfer.

  4. Re:Who's privacy? by Ford+Prefect · · Score: 5, Insightful

    If it is using QEMU, then it's just another normal process with the same privileges (or lack thereof) as any other. QEMU's basically a PC emulator, albeit a pretty fast and compatible one.

    There is the risk that processes on the host machine can peer at its memory and fish out the unencrypted data without any way of it knowing - unlikely that someone would develop such a thing, but if you're being paranoid there's always the possibility.

    --
    Tedious Bloggy Stuff - hooray?
  5. only limited protection by jeif1k · · Score: 5, Insightful

    Such approaches give you only limited protection: if you don't trust the systems you plug into, you may still be subject to key logging, screen recording and other attack.

  6. Nope by RealProgrammer · · Score: 5, Informative

    RTFA: it's run on the qemu emulator. You first boot the host OS, and your qemu session is just a process under that, with no more rights than otherwise.

    If you had a boot CD, now that would a problem. Would I let someone boot my laptop from Knoppix? Not unless I would trust them to sysadmin my laptop :-).

    As the above poster says, security accepted wisdom is that physical control implies vulnerability.

    --
    sigs, as if you care.
  7. Re:Not all GPL... by juhaz · · Score: 5, Informative

    The ./ story, as well as the link (Portable Virtual Privacy Machine), say that it's 100% GPL, but at least the Mozilla parts (Firefox and Thunderbird) are under the Netscape Public License.

    Huh? NPL is Gone. Dead. Buried. Mozilla has been (mostly, and the exceptions should be BSD etc. GPL-compatible) LGPL/GPL/MPL tri-licensed for quite a while now, the new licensing policy is over three years old.