Ok think i found the answer to my question. Just had to read their Faq section lol Can I access a legitimate TOR hidden service? Quietzone is a responsible privacy product. It may only be used for legitimate privacy purposes. Whilst it does not record or sensor any activity, it does not provide access to TOR hidden services. If you wish to use Quietzone to access a legitimate TOR hidden service, then please contact technical assistance and our support team will evaluate the site. If legitimate, it will be added to the Quietzone white-list and may be accessed. Returnil/Quietzone is also a member of The Internet Watch Foundation and blocks access to IWF blacklisted sites.
This is why it's crucial to compartmentalize in at least VMs. And in light of the recently reported VM-to-host display leak in VirtualBox, and firmware vulnerabilities, using separate physical machines is looking like the best bet. And powerful microcomputers have become so inexpensive that ad hoc blade setups are generally affordable.
Do you have a link handy for the exact case you are referring to in this statement? I am all too familiar with the firmware side of your comments above.
Thanks. I am starting to consider a blade setup. Downside for me is the physical presence in the house. Strange concern huh?
No, it's not at all strange It's a hard choice: local stuff that you can't deny vs remote stuff that you can't trust. I'll also be looking at physical hardening. I can't prevent disassembly, of course. But I can rig stuff to destroy itself (electronically) during disassembly. Plus deadman switches, of course, and EM shielding
Newb question but is Whonix safe to use then with VirtualB. regarding the display leak? Also, whonix documentation stress that there should be some form of physical isolation like the gateway vm being place on a separate machine. With an ad=hoc network (just learned this term) is this possible? I understand that it is a temporary network between local cpu's <30' from each other. Just trying to wrap my head around this. :/
As far as I know, Whonix isn't hardened against this. But that's a question for the Whonix forum. Generally, I think that there's little (if any) risk without video acceleration enabled in VMs. Yes, that would work. Both the gateway and workstation have static IPs.
Another question regarding whonix. Is it possible to some way have the gateway run from a usb? If so, does that achieve good security? Also regarding ad-hoc (which I'm understanding is turning your cpu into a hotspot) what is the 'chain' when using it? For example: android(orbot)>cpu>vpn>gateway>vpn(pfsense-still need to learn how to set that up)>workstation Can that be achieved?
What does "run from a usb" mean? Do you mean boot from a USB flash drive? That's probably doable. The Whonix gateway is just Debian, after all. Compared to what? You could make it a LiveCD, I suppose. That would be good. From Wikipedia: I'm confused about "android(orbot)>cpu>vpn>gateway>vpn>workstation". Please say more. Does "cpu" mean "computer"? Are you using an Android phone for Internet access?
I've been feeling configure Vidalia (with some proxy tools) for your browser is better than TBB in terms of security (but not privacy), as TBB is based on ESR which don't have not only latest security feature but some unimportant security fixes, TBB even delay to patch somewhat compared official ESR firefox. Compartmentalization by VMs is ultimate solution which serves both for security and for privacy, but it can have significant performance penalty especially when your host PC is not powerful (my case).
An i5/i7 with 8 Gig or better of Ram smokes on performance running several VM's at the same time. I really like the word COMPARTMENTALIZATION!
Compartmentalization is a good thing. I'm doing it with real machines. I have an obsessive compulsive disorder that keeps me buying hardware. I usually have several laptops going that are doing different things. One is just for forums, one is being used for VM experiments and disk cloning and one for business right now. I adjust security as appropriate for what each one is used for and none have their processors and ram overstressed. The cool thing about laptops is that when I'm not using them, I just put them on a shelf like a book that will be opened again when I need it again. Laptops that are a few years old and are still much more powerful than a VM are really cheap these days.