[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

[graphical gui] Whonix Setup Wizard / Anon Connection Wizard - Technical Discussion


#321

iry:

Hi, Patrick!

It seems that the post is not showing up anywhere on the Whonix blog (not on homepage or recent post or certain category). It can be accessed from the direct URL to that post though.

I tried to search the problem online but it seems there is not much I can do. Is there anything I did wrong?

Thank you very much!

Server caching issue. Cache cleared. Thanks!


#322

iry:

Patrick Schleizer:

Would you like to post future content? Feel free to use whonix.org/blog as your platform to amplify your voice.

Definitely! That sounds awesome to me!

Also, would you like to talk more about anon-connection-wizard on Whonix social media?

Very relaxed posting policy. Just post some random screenshots (existing ones are fine). Some random info, snippets, work done, future work, link to discussions, call for contributions, engaging with users, and whatnot.

Yes! The post I wrote on Whonix blog seems satisfied several requirement
here. I will try to do some adjustment on it and post them on twitter
and Facebook.

I am not sure but maybe sending an encrypted email will be the best way
to pass me the confidential?

And/or also other non-anon-connection-wizard, general Whonix/anonymity/security related content.

Sure! As long as I am confident enough to inform the public these
contents without misleading or obscuring them, I will be more than happy
to do so.

Credentials sent by encrypted e-mail just now. Also upgraded your
wordpress account so you can post without prior confirmation.

As for postings, don’t worry too much. We better have non-perfect
activity rather than perfect non-activity. :slight_smile:


#323

As for anon-connection-wizard in Whonix 14… That’s an ambitious goal!

The remaining for Whonix 14 is plenty and difficult.

https://phabricator.whonix.org/maniphest/query/5sZ7FpwCEQDz/#R

But should be doable.

We don’t have tickets for it yet. But since anon-connection-wizard is working good enough… Could you create tickets please? Like for whonix-setup-wizard integreation? And help with these please? :slight_smile: I guess throw out all connection-wizard code from whonix-setup-wizard and then just start anon-connection-wizard from whonix-setup-wizard?

From next year, we can abolish the Whonix first time setup disclaimer. And we’ll enable Whonix’s repository by default for Whonix download version. From then, we’ll only autostart anon-connection-wizard on Whonix-Gateway.

So depending on how long the release of Whonix 14 takes, we might not need whonix-setup-wizard changes.


#324

I agree! That is an inspiring point!


#325

Sure thing! Done: https://phabricator.whonix.org/T716

That sounds awesome!

Yes! Let’s see how far the integration work can go!


#326

Hi @0brand ! To avoid cross-posting, let’s continue the anon-connection-wizard discussion here.

anonym replied on tails-dev@ list, which sounds to be very good new! I will keep following this up.


#327

A ticket for anon-connection-wizard future development has been opened: https://phabricator.whonix.org/T504

A suggestion, not a strict rule at all:
This forum post will be the place to discuss new-features/plans/announcement and so on and T504 will be place to discuss code and implementation.


#328

Hi @iry

Apologies, I should have know better than to start a new developmental discussion elsewhere.

Good news indeed! If they would be willing to share the workload, it could lead to other great thing. Like having time to sleep, eat, etc… :grinning:


#329

How to install anon-connection-wizard in a clean /Debian8 or Debian9:

  1. install all the dependencies: sudo apt-get install git python3-pyqt5 python3-yalm python3-stem tor

  2. anon-connection-wizard is using torrc.d feature which is firstly implemented in 0.3.1.1-alpha. Use tor --version to check if your Tor version is below that. Currently, you need to upgrade to an unstable version of Tor to use it, see this page for better instructions on how to upgrade Tor.

  3. git clone https://github.com/Whonix/anon-connection-wizard
    git clone https://github.com/Whonix/python-guimessages

  4. sudo cp anon-connection-wizard/usr/* /usr/ -r

  5. sudo cp python-guimessages/usr/* /usr/ -r

  6. run sudo anon-connection-wizard to start it


#331

That problem with that is, that uninstallation gets really hard. On source code changes, any files removed from the source, won’t be removed from the disk.

And these extraneous files then could interfere causing issues?


#332

I agree!

Sorry that I was trying to make it using make deb-pkg because of my mistake. The following instructions by Patrick work perfectly:

Packaging is sorted out.
requires Debian stretch based Debian or Whonix 14
https://github.com/Whonix/genmkfile needs to be installed
make deb-pkg builds a package
make deb-icup builds a package, installs it and cleans up
see also make help


#333

The first released tor version with %include feature is 0.3.1.1-alpha. When adding a %include line to /etc/tor/torrc but the Tor version is below it, Tor will stop working, which is a severe issue.

I have no idea when 0.3.1.1-alpha will become stable (and did not find any document on Tor life cycles) . Therefore, if 0.3.1.1-alpha still not become stable when Whonix14 is released, there are two ways to prevent anon-connection-wizard to add %include line to /etc/tor/torrc:

  1. Just do not include anon-connection-wizard into Whonix14 until the feature is included into stable Tor;
  2. merge this commit:

What do you think, @Patrick ?

Btw, is “what is the Tor life cycles” a question worth asking on tor-talk@ ? Or it has been documented?

Thank you very much!


#334

iry:

The first released tor version with %include feature is
0.3.1.1-alpha. When adding a %include line to /etc/tor/torrc but
the Tor version is below it, Tor will stop working, which is a severe
issue.

I have no idea when 0.3.1.1-alpha will become stable (and did not
find any document on Tor life cycles) . Therefore, if
0.3.1.1-alpha still not become stable when Whonix14 is released,
there are two ways to prevent anon-connection-wizard to add
%include line to /etc/tor/torrc:

  1. Just do not include anon-connection-wizard into Whonix14 until
    the feature is included into stable Tor; 2. merge this commit:

https://github.com/irykoon/anon-connection-wizard/commit/cf30fb1174060c981fc5cff3339fc0a6442ec660

What do you think, @Patrick ?

It’s not a single line change.

It needs all of this probably.

When we get close to Whonix 14 release, I think it would be better to
forward port what Tor 0.3.1.1-alpha does.

Since there is a lot work left until Whonix 14, I guess chances are we
are in time for 0.3.1.1 getting stable (or we’ll add the beta or even
alpha if that isn’t too crazy).

Btw, is “what is the Tor life cycles” a question worth asking on
tor-talk@ ? Or it has been documented?

Good question. Worth asking.


#335

Patrick Schleizer:

iry:

The first released tor version with %include feature is
0.3.1.1-alpha. When adding a %include line to /etc/tor/torrc but
the Tor version is below it, Tor will stop working, which is a severe
issue.

I have no idea when 0.3.1.1-alpha will become stable (and did not
find any document on Tor life cycles) . Therefore, if
0.3.1.1-alpha still not become stable when Whonix14 is released,
there are two ways to prevent anon-connection-wizard to add
%include line to /etc/tor/torrc:

  1. Just do not include anon-connection-wizard into Whonix14 until
    the feature is included into stable Tor; 2. merge this commit:

https://github.com/irykoon/anon-connection-wizard/commit/cf30fb1174060c981fc5cff3339fc0a6442ec660

What do you think, @Patrick ?

It’s not a single line change.

It needs all of this probably.

https://github.com/Jigsaw52/debian-tor/commit/da6af2d9cda007b05f504837922d3c2068ad13cd

When we get close to Whonix 14 release, I think it would be better to
forward port what Tor 0.3.1.1-alpha does.

Since there is a lot work left until Whonix 14, I guess chances are we
are in time for 0.3.1.1 getting stable (or we’ll add the beta or even
alpha if that isn’t too crazy)
Hi @Patrick !

Thank you for your answer!

I have found the core Tor
release

wiki page, which indicates that Tor 0.3.1 stable will be released Sep
5th. I guess there is no need to worry about this problem anymore.

Lesson I learned: If there is no document of a project available on a
search engine, always check documents on the official site carefully
before assuming it is not documented. :slight_smile:


#336

isis said in the tickets:

This API won’t be publicly accessible though, it’ll be reachable through the API for #22871, and even then it’s only reachable through a special meek reflector as part of #16650.

Is anon-connection-wizard what Tails uses now? I’d be happy to support Tails as well (but I’d strongly prefer the connection to go through the meek reflector).

anon-connection-wizard has not been used by Tails now. But some quick and dirty test on integrating anon-connection-wizard has been done by anonym from Tails. Some details can be found here:

https://mailman.boum.org/pipermail/tails-dev/2017-September/011638.html

meek has not been supported neither by Whonix nor by Tails so far. I will do some status report work in this post: censorship circumvention / Tor pluggable transports

I will also ask Tails about why meek is not supported by Tails, given that Tails does ship a Tor Browser.

The Moat API for BridgeDB document can be found here:


censorship circumvention / Tor pluggable transports
censorship circumvention / Tor pluggable transports
censorship circumvention / Tor pluggable transports
meek_lite: A New Pluggable Transport in Whonix 14
#337

My reply: https://trac.torproject.org/projects/tor/ticket/22871#comment:4


#338

https://mailman.boum.org/pipermail/tails-dev/2017-September/011660.html


#339
  • Support meek_lite in anon-connection-wizard. meek_lite is a meek-like pluggable transport implemented in obfs4proxy. Although it does not normalize TLS signatures, it is still effective to circumvention the Tor censorship in heavily censored area, like China. This feature will greatly increase the accessibility to Tor network in China, along with the incresement of usability of Whonix. See here fore more details: censorship circumvention / Tor pluggable transports

  • Support custom bridges input validation check. The implementation does not strictly match all the invalid input. However, hopefully, this is effective enough to prevent inexperienced user from configuring it with obvious mistake.


#340

#341

Shall I rename anon-connection-wizard git repository to tor-connection-wizard? If we are going for it, we should do it now so we don’t have any name migration work in future.