Which “EndGame” features are missing feature requests tickets at Whonix?
Selection of what’s needed next to improve Whonix onion services support:
- onionbalance:
needs conceptual proposals, see OnionBalance help - #7 by Patrick→ ---- EDIT: https://www.whonix.org/wiki/Onion_Services#OnionBalance - Onion Services - Whonix mentions a few ideas but …
- for example to come up with specific recommendations and documentation for
HiddenServiceExportCircuitID
credible research, authoritative statements or something similar would be required. “EndGame” uses it but without clear rationale which configuration parameters have been chosen why this cannot be moved forward in Whonix either as documentation or otherwise (such as a helper script or pre-configuration).
- for example to come up with specific recommendations and documentation for
Which specific features or feature requests are missing in Whonix?
- Fully scripted and easily deploy-able (for mass scaling!) on blank Debian 10 systems.
Doesn’t easily translate to Whonix. Mass scaling where? On VPS or dedicated servers? On VPS: hard since these are virtualized by default it gets cumbersome to run virtualization (Whonix) on top.
- Full featured NGINX LUA script to filter packets and provide a captcha directly using the NGINX layer.
EndGame/lua/cap.lua at master · onionltd/EndGame · GitHub / EndGame/resty at master · onionltd/EndGame · GitHub is hard to port to Whonix even if it was properly licensed. It would require audit/review from someone who understands lua and nginx. Maybe it was copy/paste from elsewhere? Then it could be sourced from the original source (and perhaps the difference checked). Or could be replaced. Any other (Tor specific) DOS defenses / captcha implementations?
Onion Services - Whonix already mentions a few ideas for DOS defenses.
Could be left as an exercise for the sysadmin / contributions welcome.
- Easy Configuration for both local and remote (over Tor) front systems.
- Easily configurable and change-able to meet an onion service’s needs.
Turning Whonix into an uber onion service project is not on my mid term roadmap.
- Rate limiting via Tor’s V3 onion service circuit ID system with secondary rate limiting based on a testcookie like system.
Mentioned above.