Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Important: Move to KVM ASAP #14

Open
ParanoidPandaa opened this issue Dec 28, 2020 · 1 comment
Open

Important: Move to KVM ASAP #14

ParanoidPandaa opened this issue Dec 28, 2020 · 1 comment

Comments

@ParanoidPandaa
Copy link

Like one of the previous issue opened. I want to thank you for this amazing tool.

VirtualBox is still vulnerable to Spectre and Meltdown which makes using it extremely dangerous for privacy activists, whistleblowers and people in countries where the internet is censored. Especially for people like me in China. It is well documented that the Chinese Communist Party will go to great lengths to control information and jail whistleblowers every chance they get. Maybe you can switch to KVM instead of VirtualBox and like the other contributor said, make another beta repository for KVM HiddenVM in the meantime while you're testing it. KVM provides better hardware performance than VirtualBox. I'm adding a link from Whonix's official website suggesting this change.

https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F

That being said, I really appreciate the hard work you have put into this tool. You have given the oppressed like me a great piece of software to protect us.

Thanking you.
@aforensics
Copy link
Owner

It's a definite goal we want to achieve (for both performance reasons and, after we research to confirm it's the case overall, privacy). The question is how long it will take to get there. We're still very new and, at the moment, a small team. It will take some programming gymnastics to get KVM working in Tails but we hope we can get there. We need to complete our move to Python first, which we aim to happen this year: https://www.reddit.com/r/HiddenVM/comments/kra5o5/hvm2_release_delayed/

We will have to make the KVM experience manageable in our GUI for beginners so that it's no harder to use than VirtualBox. A wizard to set up a new VM from an ISO (or to launch GNOME Boxes to do it), and make sure it's easy to click around to change any existing VM's settings. It's a huge amount of work because of how we have to also hack Tails to make everything possible (while not compromising security in any unacceptable way), but it could potentially be done.

For now, you can try to use your VMs while offline or lock down the possibility of any software in Tails from spying on your VMs using firewall rules or a firewall program at the Tails Linux level. Put it in your Extras script to automate it. E.g. configure firewall to only allow processes like VirtualboxVM to connect to the Internet.

Thank you for your patience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aforensics @ParanoidPandaa and others