I just opened my GW VM folder (i use vbox) and there were 11gb of webm video recodrings of my sessions. Now in the settings of the VM video capturing is disabled and I’ve never used it for any reason within the VM.
I’ve deleted the files but this seems very strange.
You sure you didn’t install any video recording / screenshot software accidentally on Whonix-Gateway?
Or installed anything else on Whonix-Gateway that might have pulled such a tool as a dependency and then you accidentally pressed a key combination to start recording?
I doubt we install such a tool by default?
A compromise of that sort seems unlikely. Someone with the skills to pull off such an attack would probably
does not troll in that way?
why record the gateway if anything not the workstation?
has better ways to monitor all keystrokes, mice movements and desktop images that are not so obviously detectable?
I haven’t installed any additional software on the GW or modified it in any way except for some basic hardening from the wiki.
My host is Kali, regularly updated and the only additional software is bleachbit. I now check every time and there haven’t been any new recordings but still very perplexed about this.