As we all know that Linux Foundation dont mind having nonfree software into linux code which is called “binary blobs”.
what does that mean is, any distro which is using normal linux kernel it will always contain a nonfree software. and what does that also mean:
- Security bugs inside these nonfree codes (mostly firmwares) wont be discoverable (Zero day could take forever).
- Any intentional malicious action from these nonfree software is also hidden with no one knowledge.
- It can be used as backdoors.
Thats why we have ppl who came to rescue this situation by developing GNU Linux-Libre.
Linux Foundation is a total bullshit organization in the way they contribute to the society and freedom of software. one of their laughable things they accepted Microsoft company (the developers of windows malware) into their company ?!
- if you have no idea why windows is bad , please read small sample here “Upgrade from Windows”
Good news we have that Debian share the same thing by default with libre linux and they dont add any nonfree software into their distro by default unless the user going to add “non-free” packages into the distro repository.
Whonix Problem:
-
Whonix as well doesnt use libre linux.
so this is by default we are selling non-sense regarding security and anonymity regardless what advantages could some gain from installing it by default. as we might installing backdoors into every whonix user who installed it without anyone knowledge and no body should trust any company (and oracle not very well user security interest) or any nonfree closed source product.
solution:
Remove all nonfree software/repo which is installed inside whonix as we dont need any support for any nonfree drivers (since whonix is installed inside virtualized platform, so this is done by host distro if the user want to install for e,g nonfree driver for his wireless or so…).
Note: vbox Guest should be left to the user needs , we CANT give pre-shipped threat to justify user satisfaction while using full-screen,sharing clipboard …etc. If the user wants these features then he either:
- install the gues additions by himself
- complain to Oracle to make it free software in order to be installed by default from us.
- user contribute or pay and rise a developer to reverse engineering the Guest Addition and make it compatible with current vbox features/version.
for whonix organization and for taking care of their users we should stop doing it and we shouldnt doing it in the future.
Also this add an advantage to whonix-i2p , since its only for Qubes then we can remove these issues very easily.
Conclusion:-
- Whonix is NOT secure distro unless its only contains libre/free software.
This should be added to the comparison with others table as:
contains nonfree software or purely free software