On 06/18/2020 04:31 PM, coderman wrote: <snip>
it's all about attack surface (to a lesser degree, hardening).
when FaceBook bought 0day dev against their own user, the weak link was a video player - not Tor Browser, not tor, nor Tails model, but a video implementation inside the security boundary of your nymity protections.
C.f.: https://www.schneier.com/blog/archives/2020/06/facebook_helped.html
From that link:
They also paid a third party contractor "six figures" to help develop a zero-day exploit in Tails: a bug in its video player that enabled them to retrieve the real I.P. address of a person viewing a clip.
That means that it was Tails that failed. Because some process other than Tor was able to reach the Internet. That should have been prevented using iptables. <snip>
P.S. a deeper defensive posture, for example Qubes OS, would have rendered the video player exploit useless, as that constrained App VM would not have network egress. of course, add more money for VM escapes, etc. :P
and so it goes, ever onward...
Even using Whonix would have rendered the video player exploit useless. Because there is no path to the Internet, with forwarding disabled in the gateway VM, and just Tor SocksPorts exposed to the workstation VM.