[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

[Answered] Whonix vs backdoors

Hi,

I’ve been thinking about software and hardware backdoors recently.

The most important protection is first to have a good control over any connection, wired, wireless, electromagnetic etc. so that the compromised system cannot attempt any connection on its own.

But then, the backdoor could alter the safe/allowed connections to behave in malicious ways being undetected. For example, in context of anonymity the backdoor could somehow fingerprint or inject identifiers into connections.

Another major topic is encryption and random entropy, I guess we don’t rely on a single source, any improvements possible here?

I know thic topic is mostly theoretical but does anyone know how to protect against known or possible data interferences? Is it possible to have a MAT-like automatic identifier stripper on Whonix-Gateway, on host, on router, etc?

Other than protecting against backdoors, could we have such tools based on some updated database to delete known identifiers from Workstation connections? For example, for protecting anonymity of Whonix users against poorly/not configured (popular) applications (hidden services would be a great example) installed on Workstation. Or in other words protect any idiot’s or newbie’s anonymity, or simply have an additional protection just in case

Entropy:
Whonix is using standard sources + haveged. See:


Contributions/improvements welcome!

Hardware backdoors:
If they exist and are used, we’re hosed. Simple as that. This is probably outside the scope of Whonix. I guess many funds (https://www.opentechfund.org/submit/alternative-sources-support) and/or other investors could get excited if one seriously planing to create hardware, that can be vetted to be backdoor free.

Software backdoors in Whonix itself:
I think Whonix isn’t doing so bad here. Check out:


Needs people actually vetting Whonix, though!

Other software backdoors:

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]