Re: Whonix ALPHA 0.4.5 - Anonymous Operating System released
> [dropped tor cc]
> adrelanos left as an exercise for the reader:
>> This is because Whonix consists of two (virtual) machines. One machine
>> solely runs Tor and acts as a gateway, which we call Whonix-Gateway.
>> The other machine, which we call Whonix-Workstation, is on a
>> completely isolated network. Only connections through Tor are possible.
> I'll take a look at your  in a moment, but what about leaks at layers
> 5 and higher? If I understand correctly, you've got your proxying system
> scrubbing layers 3 through 4, and layer 2 is handled by virtue of the
> virtual machines, but if i own the box, and then go to whatsmyip.com or
> whatever, that's still going to see the......
If you get into the VM and own the box, i.e. escalate form the VM to the
host, it's game over. (Unless using Physical Isolation. ) See the
attack comparison table. 
> ahhh, nevermind, just read your "Protocol leaks" section. OK, so you're
> aware of this issue :D. you clearly feel it doesn't make moot the rest of
> the effort; could you explain why? thanks!
As the attack comparison table  shows, Whonix download version (no
Physical Isolation ) gets indeed defeated by VM exploits, exploit
against Tor process and attacks against the Tor network.
Nevertheless, it's useful. Misbehaving applications are confined.
It improves security in real world. 
Feel free to ask further questions about this or other topics.
> feel free to take this private, or back onto the tor list, or whatever.
No issue with me, whatever is most appropriate.