Anonymization

One of the design objectives of Subgraph OS is create an endpoint that is resistant to user identification and tracking. Anonymization through the Tor onion routing network plays an important role in the Subgraph approach to accomplishing this.

Everything through Tor

By default policy, Subgraph OS will restrict the communication of applications so that they use the Tor network exclusively, obfuscating the endpoint's physical origin. Applications will be transparently redirected to connect through the Tor network via our Metaproxy application. Metaproxy will intercept outgoing connections and relay them through the correct proxy (SOCKS, HTTP, etc). Proxy configuration is managed within Metaproxy, allowing applications to transparently connect to the Tor network without having to configure each individual application to use a proxy.

Exceptions to the "everything through Tor" policy will be made for specific use cases, such as accessing a captive portal on a public wi-fi network.

Application Network Policy

The policy that controls how and when applications can connect to external peers will be enforced in two different ways.

Firstly, the Subgraph Metaproxy is configured to white-list allowed applications based on connection properties such as the name of the application and the destination port. Any connections that do not match the white-list will simply be dropped. Metaproxy is also configured to leverage Tor's stream isolation capabilities to ensure that two applications do not use the same Tor circuit. This will make it more difficult to correlate activities from different applications to the same pseudonym.

Our second layer of network policy enforcement is the application firewall. The application firewall manages outgoing connections. When it sees a new connection that does not match an existing policy, it prompts to user to accept or deny the connections on a temporary or permanent basis. The user will be able to set policy based on the properties they wish to allow or deny, such as the destination of the connection or the name of the application that initiated the connection.

Click to Explore Subgraph OS