Anonymisation
L'un des objectifs de conception de Subgraph OS est de créer un point de terminaison qui est résistant à l'identification et la localisation de l'utilisateur. L'anonymisation à travers le réseau de routage en oignon Tor joue un rôle important dans l'approche de Subgraph pour atteindre cet objectif.
Tout passe par Tor
By default policy, Subgraph OS will restrict the communication of applications so that they use the Tor network exclusively, obfuscating the endpoint's physical origin. Applications will be transparently redirected to connect through the Tor network via our Metaproxy application. Metaproxy will intercept outgoing connections and relay them through the correct proxy (SOCKS, HTTP, etc). Proxy configuration is managed within Metaproxy, allowing applications to transparently connect to the Tor network without having to configure each individual application to use a proxy.
Certaines exceptions à la politique "tout passe par Tor" seront prises pour les cas d'utilisation spécifiques, tels que l'accès à un portail captif sur un réseau wi-fi publique.
Politique de routage par application
The policy that controls how and when applications can connect to external peers will be enforced in two different ways.
Firstly, the Subgraph Metaproxy is configured to white-list allowed applications based on connection properties such as the name of the application and the destination port. Any connections that do not match the white-list will simply be dropped. Metaproxy is also configured to leverage Tor's stream isolation capabilities to ensure that two applications do not use the same Tor circuit. This will make it more difficult to correlate activities from different applications to the same pseudonym.
Our second layer of network policy enforcement is the application firewall. The application firewall manages outgoing connections. When it sees a new connection that does not match an existing policy, it prompts to user to accept or deny the connections on a temporary or permanent basis. The user will be able to set policy based on the properties they wish to allow or deny, such as the destination of the connection or the name of the application that initiated the connection.