OK - makes sense.
Maybe, if I need later I’ll ask. Manual changes picks up lots of other issues at the same time.
Fixed.
OK.
Thanks. Will fix sooner or later. 
1 Like
(Nothing to confirm edit. That version is already live. Login required - Whonix Please let me know if I missed any edits to confirm.)
The edit looks good.
An advanced adversary has conducted traffic analysis and successfully used guard discovery techniques to discover the user’s entry point to the Tor network.
Whonix and Tor Limitations is about onions, not Tor client only users. No Whonix and Tor Limitations to link a home internet connection registered at a residential address on someone’s real name to a Tor entry guard. Default Tor traffic (not hidden in any way Hide Tor use from the Internet Service Provider) is easily distinguished from other traffic by the ISP. The list of Tor entry guard IPs is public. Therefore Whonix and Tor Limitations is unrelated.
Whonix and Tor Limitations as defined in that link is also not required. The only part from Whonix and Tor Limitations that is required is Observing the client-to-guard-node network path.. That’s it.
If the user posts about the event and an adversary who is monitoring network traffic conducts a successful guard discovery attack
guard discovery attack is again not required here. (No onions required.) (This is passive traffic logging only.)
1 Like
Mass search and replace idea:
whonix-ws-14 -> whonix-ws (this is just temporary)
whonix-ws -> {{whonix-ws}} (making it a wiki template)
Template:whonix-ws:
whonix-ws-14
Same for Whonix-Gateway.
Thanks. Edit fixed based on passive observation only.
Sounds good.
1 Like
Is package anon-workstation-extra-applications useful?
Package: anon-workstation-extra-applications
Architecture: all
Depends: ${misc:Depends}
Recommends: anon-workstation-packages-recommended,
anon-workstation-default-applications, shutter,
gtk-recordmydesktop, libreoffice, kdenlive, kolourpaint4
Description: Complements anon-workstation-default-applications
A metapackage, which installs extra applications, to complement the
default applications.
.
Does not get installed by default, because extra applications
take too much space and are not required for everyone.
It was never documented. How could it be if I never let anyone know.
sudo apt-get install anon-workstation-extra-applications could result in installing shutter, gtk-recordmydesktop, libreoffice, kdenlive, kolourpaint4. Does that sound useful? If not, I’d rather remove that from Whonix source code for simplification.
1 Like
I’ve been working on instructions that use APT-conf to sort out the dependency problem when installing debian-package electrum 3.1.3
1. In APT-conf create a new file named 99defaultrelease
sudo nano /etc/apt/apt.conf.d/99defaultrelease
Add the following text.
APT::Default-Release "stretch";
Save and exit.
2 Add the current Debian testing codename buster to sources.list
sudo su -c "echo -e 'deb tor+http://vwakviie2ienjx6t.onion/debian buster main' > /etc/apt/sources.list.d/testing.list"
3. Update the package lists.
sudo apt-get update
4. Install electum from debian testing.
sudo apt-get install electrum
Note: since electum is not available in the stable repository no target in necessary when insalling i.e. -t buster install electrum. The package is installed from testing repository: electrum 3.1.3
Also, most of the documentation states that APT-conf should have:
APT::Default-Release "stable";
not
APT::Default-Release “stretch”;
More testing is need but I wanted to ask if I was heading in the right direction with this?
2 Likes
Nit: How come that file name 99defaultrelease? High number yes but maximum is bad since it can never be overruled.
Yes, stretch.
Indeed. Minor: When we make this a wiki template however it may be easier to just add -t buster.
We at Whonix don’t control what stable points to. Debian does. And when Debian does this can break things. Happened in past with electrum and our apt pinning template. So better leave it at specific codename stretch rather than generic codename stable.
If it works why not.
1 Like
Maybe ask in support forum if they think its useful?
PS Do you have “current sources” info listed somewhere for build documentation? Doesn’t appear in Whonix 14 build documentation.
This idea is linked in a couple of areas where I’ve been editing, but I couldn’t find it (so just changed to Dev/Build/Whonix14 documentation in general instead).
Looks good @0brand.
PS The 4 images you uploaded when doing Multiple Whonix-Workstations or similar edits were never embedded in the relevant pages?
Simple as (without options):
[[File:Whonix concept refined.jpg]]
PPS Those leak tests x2 still need to be sorted. I may get to it this week, as they are the only 2 old pics left in that section (OCD and all that… 
)
1 Like
This page needs your technical know-how i.e.
- Is it generally up-to-date for Whonix 14 i.e. these commands will work?
- Whonix 13-only instructions:
- Easy TODO Fix?
Make sure sdwdate-gui is always present in systray. TODO: describe better how to achieve that.
- sdwdate-plugin-anon-shared-con-check is no longer relevant? That GitHub link 404s…
1 Like
I think it 3 screenshots. I deleted the first one. Image was not clear enough.
I embedded one:
Still have to create a template for the other two snapshots: “Qubes/Clone TemplateVM”
I’ll try and get the leak tests done later today 
Edit:
Updated shreenshots are needed for Verify the virtual maching imagaes using Linux . The KGpg pics are causing confusion.
As per this post:
I’ll see about these screenshots when I work on leak testx2 .
Edit: Having problems installing flash in Whonix / Tor Browser. May have to install in a Debian VM with sys-whonix as NetVM
2 Likes
Never mind. If the doc writers first reaction is not screaming “yay” I am happy to remove it.
Always current sources atm. Frozen sources deprecated.
https://www.whonix.org/wiki/Template:Build_Documentation_CurrentSources
1 Like
All addressed.
1 Like
Whonix-Gateway Security Hardening - Whonix applies to both gw and ws. Moved here: Network Time Synchronization - Whonix
Haven’t been able to install flashplugin-nonfree. Its only available in debian sid and jesse.
https://packages.debian.org/sid/flashplugin-nonfree
Tried manually installation and still does not function when enabling in about:prefs.
1 Like
Thanks. I nitpicked some of those changes.
It says the opposite in that page? Just needs an update?
Build Documentation CurrentSources
DEPRECATED!
OPTIONAL!
Advanced users can install from Current Sources (custom) instead of from Frozen Sources (the Whonix default since version 7.4.0). Both options have security advantages and disadvantages.
Also, Network Time Synchronization issues →
Does sdwdate runs on only Whonix-Gateway or both WS and GW?
Needs clarification for user actions in this page:
We say:
Edit /etc/whonix_firewall.d/50_user.conf
Where? e.g. TemplateVMs / AppVMs (Qubes) / Both Whonix-WS and Whonix-GW?
We say:
Edit /usr/lib/sdwdate-gui/start-maybe
Where? e.g. TemplateVMs / AppVMs / Both (?) Whonix-WS and Whonix-GW?
1 Like
Ha. Thanks for trying. There is always the option of cloning a template, ramming a sid flash player turd down its throat from unstable repos, destabilizing the clone and eventual AppVM, just to force the issue. 
Depends how bad we want it…
2 Likes
Should have mentioned. I tried that to. (unstable) 
I can keep trying. There has to be a way
2 Likes
Since you’ll delete the template and appVMs anyway, you could try either:
a) The really unsafe method.
b) The just-as-insecure method.
A)
Download the tar.gz directly from Adobe https://get.adobe.com/flashplayer/
Then apparently this will work:
apt - How to install Flash on Debian Stretch? - Unix & Linux Stack Exchange
As root, extract the downloaded archive and copy libflashplayer.so to /usr/lib/flashplugin-nonfree
Fix the file’s ownership and permissions:
chmod 644 /usr/lib/flashplugin-nonfree/libflashplayer.so
chown root:root /usr/lib/flashplugin-nonfree/libflashplayer.so
- If necessary, install the alternative so Firefox will find the plug-in. If:
update-alternatives --list flash-mozilla.so
returns /usr/lib/flashplugin-nonfree/libflashplayer.so, it’s set up correctly (this would be the case if you had the plug-in working in the past), but if it doesn’t, you need to run
update-alternatives --quiet --install /usr/lib/mozilla/plugins/flash-mozilla.so flash-mozilla.so /usr/lib/flashplugin-nonfree/libflashplayer.so 50
Running random commands off stackexchange. What could go wrong. But that 2012 flash leak test just burns so bad
B)
Probably marginally safer:
https://wiki.debian.org/FlashPlayer/
Debian 9 Stretch
Download the latest Adobe Flash Player for Linux from https://get.adobe.com/flashplayer/
On 64bit systems, it should be: flash_player_npapi_linux.x86_64.tar.gz
On 32bit systems, it should be: flash_player_npapi_linux.i386.tar.gzAlternatively, you can download it from: https://get.adobe.com/flashplayer/otherversions/
Unpack the tar.gz file: tar -xzf flash_player_npapi_linux*.tar.gz
Identify the location of the browser plugins directory, based on your Linux distribution and Firefox version:
Example: Debian 9 Stretch + Firefox 52.4.0 (64-Bit): /usr/lib/mozilla/plugins/
Example: Debian 9 Stretch + Firefox 62+ (64-Bit): ~/.mozilla/plugins/
Please note you may have to create this directory if it does not exist
- Copy libflashplayer.so to the appropriate browser plugins directory: sudo cp libflashplayer.so
Example: sudo cp libflashplayer.so /usr/lib/mozilla/plugins/
Copy the Flash Player Local Settings configurations files to the /usr directory: sudo cp -r usr/* /usr
Restart Firefox.
Or maybe easiest, since you don’t care about an unstable Template etc for testing, just use apt -t option to set testing repo and force install.
1 Like
I tried all of these previously. None of them work.
a) Likely outdated
b) Works for Firefox. Not for Tor Browser.
Maybe Tor Browser requires the files to be added to different directories. Not sure where.
Tried moving libflashplayer.so to the Tor Browser profile folder:
~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default
The only thing that changed was I could then enable flash-plugin in about:addons#plugins where I couldn’t previously. But still not working.
Was able to install flash in a Whonix unstable (sid) TemplateVM but was not working in Tor Browser. But flash worked in Firefox.
This has to be something simple that I’m missing. Something in about:config or maybe a file ownership or permissions issue.
BTW I tried all of this in a Debian TemplateVM and manually in a VM and still the same results.
2 Likes