• VirtualPrivacyMachine

Virtual Privacy Machine Wiki

• Official Virtual Privacy Machine Development Homepage

Introduction

Virtual Privacy Machine, known as VPM for short, is an assemblage of various Free Software to provide a secure platform for improving Tor's weaknesses. VPM is built on top of the DamnSmallLinux embedded distribution which is designed to run on portable rewritable media such as a USB flash drive. VPM uses the default release and hardens it using iptables for strict firewall rules, tsocks to force all applications to use Socks4 and a custom DNS server that resolves addresses via Tor to quell leaks.

Virtual Privacy Machine runs inside Qemu, an open source processor emulator. The benifits of running inside of an emulator are two-fold. First, Qemu behaves like an ordinary application and as such does not require administrator rights, access to the BIOS and also allows continued use of the host operating system for other tasks. Second and most importantly, Qemu provides applications with a virtual network address which has no relevence outside of the virtual machine and is therefore safe for applications to leak. Most applications are not designed for anonymity and as such have no qualms about giving out your local IP address. Also, a malicious script or application could intentionally leak your IP address for the sole pupose of breaking your anonymity. As Tor does not scrub protocol data there is no other way to prevent such an occurence.

Installing Virtual Privacy Machine

The install process is relatively simple. First of all, the current version of DamnSmallLinux embedded is required. It can be obtained from the official DamnSmallLinux download page. The current build is based on version 2.1b and the required release is dsl-2.1b-embedded.zip. Once downloaded, extract the contents to your USB flash drive or hard drive. From there, launch dsl-windows.bat if you are on Windows or dsl-linux.sh if you are on Linux. Currently DamnSmallLinux embedded does not support other operating systems but this is likely to change in the future as Qemu already supports other operating systems and processors. A VPM Mac OS X release is quite possible and efforts are underway to obtain this goal.

Upon booting into DamnSmallLinux launch a terminal and execute the following commands.

1. wget http://freehaven.net/~aphex/vpm-dev/install.sh

2. chmod +x install.sh
3. ./install.sh

After the script completes you must reboot DamnSmallLinux by right-clicking on the desktop and selecting Power Down -> Shutdown. DO NOT simply close Qemu or your changes will be lost. Qemu has a backup/restore system which VPM uses to make the changes persistant. This backup/restore script is executed during boot time and when shutting down so simply closing Qemu will prevent the script from running.

Once DamnSmallLinux has been restarted iptables, Tor and Privoxy should be loaded. If not, something has gone wrong such as improperly shutting down DamnSmallLinux. Otherwise the installation was a success and nothing else is needed. All applications are loaded with libtsocks and therefore all applications will connect anonymously via Tor. For an extra layer of anonymity it is recommended to configure your browser to use Privoxy's http/https proxy on port 8118.

Sometimes Tor can be slow to establish a circuit. If this happens there could be several minutes delay before it is possible to access the Internet. This does not mean it's broken, just one of the drawbacks of Tor's recent surge in popularity.

Building Virtual Privacy Machine

Building VPM from source is done using KNOPPIX. The reason for this is because DamnSmallLinux does not include a compiler and many of the headers needed to build the various applications. Also, since DamnSmallLinux is based on KNOPPIX it is the closest thing to DamnSmallLinux. The current build is created using KNOPPIX 4.0.2. The build process is also automated and is performed in the same way as the install process.

Upon booting into KNOPPIX launch a terminal and execute the following commands.

1. wget http://freehaven.net/~aphex/vpm-dev/build.sh

2. chmod +x build.sh
3. ./build.sh

After several minutes and lots of text, the script should exit leaving vpm.tar.gz in the KNOPPIX home directory. This contains all of the binaries needed by VPM and should be copied to DamnSmallLinux. The install script must be edited to use your tarball. This can be done by editing the URI of the install script or removing it completely and using a pre-downloaded copy in the home directory.

In The Media

• NewsForge Anonymous Linux Desktop on USB June 02, 2005

• OSNews Review: Virtual Privacy Machine July 12, 2005