5 eyes Whonix? Possible?

Is it possible to set up the Whonix gateway such that it avoids 5 eyes countries?

What about other “eyes”, 9, 14 eyes?

Is it possible to set up Whonix so that it avoids 5, 9, or 14 eyes countries?

If it is possible, is it advisable?

You harm your anonymity by modifying Tor path selection. Traffic in 5 eyes countries has some nominal protections from surveillance authorities that don’t apply for foreign traffic. 5 eyes agencies have interception points across most global exchanges and ISPs and are practically unavoidable.

1 Like

Hi rob75

As HulaHoop mentioned, excluding relays from the to pool will degrade anonymity. Just because a relay resides in country X does not make it more or less likely to be compromises. Keep in mind if an adversary can see both side of the network stream, Tor can not protect against de-anonymization.

The Tor manual lists all configuration options including how to exclude relays. These option can be added to your torrc. I would listed to HulaHoop on this one though.

sudo nano /usr/local/etc/torrc.d/50_user.conf

add option(s)

ExcludeNodes node,node,…

A list of identity fingerprints, country codes, and address patterns of nodes to avoid when building a circuit. Country codes are 2-letter ISO3166 codes, and must be wrapped in braces; fingerprints may be preceded by a dollar sign. (Example: ExcludeNodes ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, {cc},

By default, this option is treated as a preference that Tor is allowed to override in order to keep working. For example, if you try to connect to a hidden service, but you have excluded all of the hidden service’s introduction points, Tor will connect to one of them anyway. If you do not want this behavior, set the StrictNodes option (documented below).

Note also that if you are a relay, this (and the other node selection options below) only affects your own circuits that Tor builds for you. Clients can still build circuits through you to any node. Controllers can tell Tor to build circuits through any node.

Country codes are case-insensitive. The code “{??}” refers to nodes whose country can’t be identified. No country code, including {??}, works if no GeoIPFile can be loaded. See also the GeoIPExcludeUnknown option below.

Could also be researched as per Free Support for Whonix ™

Whonix is a Debian based Linux distribution that included Tor. Can you do it with Tor? Is it advisable to do? These are general Tor, non-Whonix specific questions.

You shouldn’t do this.

  1. Nodes in 5 eyes countries are no more likely to attempt to de-anonymize people than nodes in other countries. The 5 eyes is just a group of governments that share data with each other, it doesn’t make Tor nodes more likely to share data with them.

  2. You’d be worsening anonymity by trapping your traffic into a smaller set of nodes which allows for easier traffic correlation. You’ll also stand out from other Tor users by never connecting to those nodes.

  3. GeoIP (the thing used to determine the node’s country) is unreliable. This means you likely won’t be able to block all nodes in the 5 eyes or will block nodes that aren’t in the 5 eyes.

Also see https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-li.pdf. It shows how avoiding countries in Tor is unreliable.