Hello Wilders, I have recently discovered the fascinating realm of virtualization! I have been doing a lot of research on it, and I am interested in learning how to properly set up a virtual machine to ensure privacy. I have not been able to find any information on what I am currently researching. I hope Wilders can help. I am using VirtualBox to run a few Linux guests with my school's VPN to help with my learning. (It's free and easy to use. So it's a good setup to experiment with.) The following questions all apply to guests that are using the internet. I would like to know if there is any way in which somebody could determine that the guest is a virtual machine rather than an actual physical computer. And if so, is there any way for somebody to determine any information about the host? And if so, can enough information be collected so as to identify that the various virtual machines are all running from the same host? I know that using a program written in Java allows the owner of the program to potentially gather a lot of information about the computer using the program. I am particularly interested in how the questions I have apply in the context of using a Java program online. What peaked my interest in this is that I know that many people have to use virtual machines and VPNs to protect themselves in countries with strong censorship. I've heard that people will use a different machine (each with a different IP) for each of their different needs. (e.g. casual surfing, political writing, etc.) If other people on the internet are able to link the various virtual machines all to the same host, then that could be a big problem! (Especially if they end up determining the identity of the host.) I'm still very new to virtualization, so if I haven't clarified properly or I am using terms improperly, please let me know! Thanks, SDRS On a side note, are there any other flaws to VPNs besides DNS leaks when it comes to identifying the individual using them? (Disregard logging that might be done by the company providing the VPN).
The biggest tell used to be Flash and Java revealing your GPU driver as Oracle or VMWare. Now on the Jondonym test and Browserspy.dk the GPU manufacturer doesn't show up anymore so maybe it's been blocked/fixed. If you run your VM's in a bridged networking mode, they show up on the network as their own hosts, they will use DHCP and DNS through the router so the VM's MAC addresses will be in the access point logs. When bridged, the VM talks directly to your network cards. You can disable all networking in the host to prevent it from leaking and the virtual machines will still have full network/internet connectivity. In NAT mode, everything is channeled through the host OS so the only connection records will be from the host's MAC. The access point admins can then see that your VM is only online when your host is and they'll share the same internal IP so that would be a tip-off. More intense fingerprinting could figure out the VM's hardware profiles and nmap could probably figure out they're on one machine regardless of bridged/NAT modes. Either your outside IP address would be needed, or you'd have to connect to a hostile network or website from the VM. Also make sure your clipboard is disabled in Virtualbox so the VM can't read stuff you've recently copied or cut in the host OS. Drag and drop further blurs the lines between guest and host and I'm not totally sure what allowing Guest Additions will open you up to, others on here probably do.
Thank you for the excellent information penguin. I really appreciate it! I am now quite interested in the guest additions. I had not given them much thought until you brought them up. Truth be told, I am not even aware of everything guest additions does! I had installed it to enable full screen out of convenience. I hope you're right that others have more information. This is all very interesting, and I've already gathered more information from your post than from hours of my own research. (It's tricky finding what you need to know when you don't know the proper terms to search with. Also, being a newby doesn't help.) Do you have any advice on a good guide for setting up a secure bridged network? I've been trying to install a VPN on my virtual machines today with no luck. I eventually realized I need to use a bridged network instead of NAT, but I have been unable to get an internet connection with a bridged network. After asking on the virtualbox forums, I was told I need to have a DHCP server running or assign a static IP to each VM. I don't know how to do either of these. Time for more research!
Needing a DHCP server running just means you need to go into your router's settings and enable DHCP for the local network. Usually this is on by default, consumer routers don't ship with static IPs enabled but you should check to make sure. If you don't have a router and you're connecting straight to a modem, then tha twill be the DHCP server. Try to ping the router or modem from in your VM. If that works, try renewing the IP address for your VM. If it doesn't work, then you've got a problem with VBox's setup. In bridged mode you gotta be careful that you're using whatever interface the Name property says in Virtualbox's netowrk settings window. If it's set to eth and you're using wifi then the VM's internet won't work, you'd have to set it to wlan...and vice versa.
I do But I use nested chains of VPNs, rather than multiple independent VPNs. And they use virtual networks of pfSense VMs, not NAT or bridging to the host (except for the first VPNs in the chains). Some of my hosts run VMware, and some run VirtualBox. But I don't particularly care if someone can figure out which use one or the other. There are many users for each. Qubes would be more unique, I admit I'm not aware of anything that leaks unique host information to VMs. And I'm not aware of anything in guest additions that does that. You do want to avoid shared clipboard and USB, and be very careful using shared folders. Well, you want to prevent leaks if the VPN connection goes down. I'm not aware of any other flaws in OpenVPN or IPSec. PPTP is useless, of course. As long as the VPN provider doesn't compromise you, and there are no leaks, the major threats are traffic analysis, browser fingerprinting, browser exploits and phone-home malware. But those aren't VPN problems, per se.
In VirtualBox, NAT is much easier than bridging. As awkwardpenguin said, with bridging you must use an adapter that's actually connected. As you got on the VirtualBox forum, that adapter either needs to see a DHCP server (on LAN or WLAN) or have an appropriate static IP (much harder to get right). Using VirtualBox NAT, VPN clients on the VM should just connect.