Whonix should definitely cater to Chinese users seeking internet freedom - that’s what this project is all about. Unfortunately learning Chinese doesn’t happen overnight so your translation efforts are much appreciated. I do worry that Whonix devs might get some additional unwanted attention from MSS - and they may not play by the same rules as US/European agencies (whatever those may be).
Just had a lengthy discussion about entry guards so I have a handy quote about this:
Here’s what arma (Roger Dingledine) wrote about that:
Our best bet would be to use an anonymity system to reach Tor – but even then whatever remains as the equivalent of the first hop would still need something like entry guards, assuming we’re aiming for a system that scales to millions of people and doesn’t involve having each user set up ‘trusted’ infrastructure (whatever trusted would even mean on this fine Internet we have).
So yes, it is a good idea to use another anonymity system with Tor if those entry guards are not monitored along with your current exit points. We don’t know how many Tor or JonDo Entries are evil or whether or not separate anonymity networks are cross-correlated with each other. (I don’t know anything about JonDo but it might be easier to control a larger portion of their Entries - legally, or otherwise).
It’s unlikely that anyone is performing trace-back attacks against Tor when it’s much easier to attack the ends.
Re: Lantern: I’m more interested in user -> tor -> lantern -> internet but I’ll take a look at your setup as well.
Not sure if this is what you meant, but FYI, using the Firewall settings in Qubes GUI affects the iptables of the netVM that the machine is connected to, not the machine itself. Example: if you have:
sys-net - proxyVM - whonix-gw - ubuntu
- sys-net has no firewall settings, because it’s not connected to a netVM.
- Changing proxyVM’s firewall settings, changes iptables rules on sys-net
- Changing ubuntu’s firewall settings does nothing because whonix doesn’t care.