[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Debian-OneVM, AnonOneVM non-self-contained, host-depending-OneVM


#1

Sometimes I am considering to deploy:

  • a plain Debian-OneVM, just Debian ova / libvirt / raw images ready for download and use inside virtualizers.
  • a self-contained Anon-OneVM (less security, but easier to deploy and use)
  • the non-self-contained, host-depending OneVM concept which depends on the host is unattractive (complicated, less security).

Maybe there is better naming than OneVM?


Deploying a self-contained Anon-OneVM looks close because:

  • Whonix-Gateway’s own traffic has always been torified. I expect it’s doable effort to think and code it through more to make it into a secure, anonymous Anon-OneVM .

On the other hand, deploying a self-contained Anon-OneVM is unlikely because:

  • would require rebranding so it won’t get confused with Whonix
  • would require a separate project page distinct from the Whonix brand to avoid generating confusion (separate project, separate website, wiki, issue tracker, forum?)
  • lack of time

Deploying a plain Debian-OneVM has still faint hope:

  • doesn’t require much added maintenance burden
  • would probably just a project page on some project hosting website (gitlab or something)
  • low support project: only answering to good bug reports and pull requests, otherwise not giving support

Some questions on Whonix Gateway as a Workstation
#2

So in contrast to the linked OneVM setup torification will be done on the VM and not on the host? Imho usecases boil down to people with older computers and mostly to something like low RAM. The number of those people will decrease over time and without GUI you can run the gateway with quite low RAM. So it would be a difference of 256-512 MB RAM for OneVM vs the current setup. I’m not sure if it will make much of a difference CPU wise. Most posts here where something lagged were due to RAM. If it is only one VM then only one can break. But then you need to maintain it in addition to the other ones and the security is not much different from Tails.


#3

So in contrast to the linked OneVM setup torification will be done on the VM and not on the host?

Yes.

Imho usecases boil down to people with older computers and mostly to something like low RAM.

Yes, and better usability.

If it is only one VM then only one can break. But then you need to maintain in addition to the other ones and the security is not much different from Tails.

Yes.


#4

Regarding usability. This is certainly true. Still there should be some warning that this setup is the less secure option + maybe give some hints about hardening the host. Maybe something like installing/enabling corridor on the host when using OneVM. The question, which you can probably answer best, is also how feature complete the gateway or workstation should be. I.e. install torbrowser and maybe IRC and other programs on the gateway. Or make torification directly on the Workstation. Not sure how much work this actually would be. Maybe as simple as installing the gw firewall package + timesync + connection wizard?


#5

It wouldn’t be called gateway anymore. It would be a separate build/VM/project.

corridor is not defeating malware.

https://github.com/rustybird/corridor#pitfalls

Only a safety net. And if that project was to prioritize usability over security/anonymity, then don’t mention difficult things like corridor.

Otherwise it would be feature complete, Tor Browser, IRC, all.

Recommendation that there is a more secure project makes sense.

An interesting idea. (Wouldn’t be called workstation anymore.) Development effort could be smaller. The code delta might also be smaller that way. Hard to foresee development effort either way.


#6

If such a project is indeed doable with minimal effort then it would be worth it to attract more users. I imagine a modified WS would be least path to resistance than modifying GW.

I don’t believe that a separate project page/brand is warranted. A clear disclaimer on the download page and a self evident name is enough.

There is also another potential project our packages are good for. A hardened vanilla Debian guest that is VM friendly with a TBB version that can use the clearnet. IMO such a project may have traction in the enterprise world.

Naming:
UniStation or Whonix Omni
For vanilla project: ClearnetVM


#7
  • Whonix Unified
  • DebianVM
  • Hardened Debian

#8

DebianVM - Would cause confusion between plain Debian and Whonix enhancements. Ideally our changes would become default upstream at some point but until then we need a name that differentiates.

Hardened Debian - Would imply that default Debian is not secure which is not true because we chose it for our base because its great sec policies. Even though Debian don’t have absurd trademark rules like Ubuntu, its still a good idea to emphasize our Distro name in our spins until we become an official Debian project (if ever) - in that hypothetical case it becomes Debian-Whonix GW…


#9

What about…

  • DebianVM - just plain Debian
  • HardenedDebianVM - Debian + security-misc

Later on we improve Hardened Debian more and more with

I don’t see that happening since no one is working on it.

Debian can be made secure but Debian also doesn’t tune default security settings. With https://github.com/Whonix/security-misc alone it’s getting more secure.
Also looks like while Debian does a great job at making it possible to fix Spectre/Meltdown there is as it looks to me a discrepancy since they won’t go as far as installing some diagnostic tool by default which tests if Spectre/Meltdown is actually patched like we do in Whonix with whonixcheck to make sure they fixes also actually reach users. They also don’t enable apparmor by default. Debian is a great toolbox which I am going to use to create a preconfigured product.

make whonixcheck work outside of Whonix
https://phabricator.whonix.org/T827

Btw there is Debian Hardened project.

http://www.debian-hardened.org

A Hardened Debian project could lead to people contribute more hardening.


#10

Sounds good.

A fair point. We do go well beyond the default and at least for a first time install there are a lot of knobs to be turned for a default Debian. I could really do without having to do this - this project would be perfect. Will you support physical hardware for host installs if this picks up?

OK so it’s been attempted before but these guys’ effort has since been abandoned. I like the Hardened Debian name now but I recommend asking upstream first if it’s OK just to be absolutely sure we don’t run into any problems down the road. Might give us some publicity too.


#11

#12

Proverbial “sudo apt-get install whonix” will be possible.

sudo apt-get install hardened-debian-cli

.

sudo apt-get install hardened-debian-kde

(Build instructions as per https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation would also be possible but probably pointless.)

Installation instructions would be similar if not the same like this:

Installer ISO would be nice but I might need help with that.