The theory is, Tor is secure, but Firefox is not.
Therefore, you have 1 computer that runs Tor only, and a WiFi hotspot... Another computer runs Firefox and any other programs.
So long as the other computer connects to the Tor computer for network access, it doesn't matter if it gets hacked, because your real IP address never leaks.
Qubes implements this somewhat by separating the Whonix Net VM and App VM.
However, the problem with Qubes, of course, is all the Xen exploits which make it insecure.
If you were hacked in Qubes, the hacker could easily then leak out your real IP address.
But if you were hacked behind a physical Tor box, your real IP can never leak, unless the Tor box itself can be compromised... And as far as we know, there are no exploits for the Tor network itself, only for Firefox.
I would use Qubes for the Tor box and the other box, if only for the VT-D protection, although maybe there are other free Linux OSs that have VT-D protection.
What do you think...? Has anyone tried doing this..? How did it work out...?
Once they hack the computer, they simply start scanning for nearby non-tor routers, and they can identify you by which non-tor router you connect to.
Even if they don't have your router's WPA2 password, they have your router's NAME.
I am talking about a nation-state quality hacker here.
They will have a database of every house in the country (and world?) and the name and addresses of every router... Therefore, they just hack in, and figure out who you are by which router is the core router.
They just skip the Tor router altogether, and find out the nearest non-Tor routers.
Unless... there is some way to make a router hidden from the outside world somehow. But I don't think that's possible. If you have an ISP, then the nation state can correlate router to person.
I just thought though... maybe use an all-wired network.
You would have a wire from Router => Tor router => Workstation
If it's all wired, then surely the workstation can never see the regular Router, or in fact, any routers at all.
So what do people think..? Could an all-wired solution solve this problem..?
https://www.whonix.org/wiki/Physical_Isolation
(Unsupported but it worked fine under Whonix 12 - haven't tested Whonix 13)
>>They will have a database of every house in the country (and world?) and the name and addresses of every router... Therefore, they just hack in, and figure out who you are by which router is the core router.
Or they just use the compromised Workstation to connect to the neighbor's xfinitywifi hotspot and look up the address. Wireless networking opens up a whole new set of risks.
>> So long as the other computer connects to the Tor computer for network access, it doesn't matter if it gets hacked, because your real IP address never leaks.
Joanna's paper will interest you:
http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf
AFAIK, there haven't been any attempts to have a Tor Gateway in one Qubes machine acting as a router for Workstations in a second Qubes machine.
Off-topic here but is Qubes really insecure? Should I be worried?
Qubes tends to quickly patch the exploits, but we know how it works in the real world... nation states and other people buy up the exploits before they can get to the market.
I would also suggest that if you are using Qubes, this may even be a flag at somewhere like the NSA to target you for surveillance.
I could be wrong, but see the NSA Snowden documents mentioning "extremist" Tails OS.
So if you assume that simply using Qubes puts you on a nation state's attention list... then, at this point, the question is.. do you think the NSA has Xen exploits before everyone else finds out about them...?
Considering that Snowden is literally advertised on the Qubes home page, I would suggest the answer is "Yes".... The NSA is now very likely spending money buying up Xen exploits and developing them themselves.
But just in the last 1 year, 2 Xen exploits have directly affected Qubes.
Hence, why they switched over to SLAT for QUBES 4.0.
So no.. Xen really is a very big issue for Qubes.