Long Wiki Edit Thread

Wiki History

{{Anchor|I wonder what my site looks like when I’m anonymous}}

Please don’t change any anchors.

The anchor is there to make sure old existing links don’t break. The anchor isn’t visible in the final wiki page seen by users. By changing the anchor in the wiki markup, no one benefits and old links break. Anchors implement page-name/#anchor-name without having to use a headline for that.

Options:

• restore old anchors
• restore old anchors and add new anchors (so the links from previous revision don’t break)
• never mind any old links, remove all anchors and break them all
• continue to use dots . inside headlines, but add the appropriate anchors so they also work without dot (I did not think about this option earlier)

What do you think?

I vote for deprecating the grsec page as its no longer relevant?

Should I delete or copy to wiki/deprecated first?

Well, I understand the 4.8 and 4.9 grsec kernels will still work with the last patched versions that were made available from coldhak, so maybe it can wait until those are not safe to use?

i.e. we can still git clone those?

Yeah, my mistake. I’ll just go back and undo any anchor changes and resubmit. That’s easiest.

grsecurity page should not be deleted.

• We could consider to move the last version with real documentation to Deprecated/grsecurity - Whonix.
• Or just edit Deprecated/grsecurity - Whonix. It’s good to keep the existing documentation in the wiki history. I hope, there is a small chance grsecurity will come to senses and revert this madness or someone else taking over development of it.
• Deprecated/grsecurity - Whonix should contain a comment explaining the situation. That page simply gone would confuse users because many will miss the news.

Each point release they did required manual tweaking and fixes to sync it with upstream. Since thats no longer happening its pretty much dead and was removed immediately from Arch.

Coldkernel is also dead.

Where is the warning message template that you use?

Not sure where the generic one is, but just use mbox e.g.?

Or you could search special:uncategorizedtemplates, but Patrick will remember if there is one.

{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px|alt=warning]]
| text =
Security warning: Adding a third party repository allows the vendor to replace any package on your system. Proceed at your own risk! See [[Install_Software#Foreign_Sources|Foreign Sources]] for further information.
}}

Re: Grsecurity. Yeah, really disappointing. Especially the way it happened abruptly - like a kid taking his ball and bat and storming home.

I think if Brad Spengler didn’t have some kind of personality disorder where he annoyed everybody with his “eccentric security genius” routine, kernel devs probably would have adopted a lot more of his stuff years ago.

But, if you read his rants against everyone and everything around him (informed as they may be), he comes off as a real narcissist.

The other factor is Linus himself doesn’t think highly of security/hardening. So, for these two reasons kernel security has been retarded in recent years.

Although, Kees Cook seems to realize the importance, so that’s one good factor at least.

Fixed them back to the original anchors (as below). Should be good for sign-off now (didn’t edit the general text though - can do that later on):

{{Anchor|I wonder what my site looks like when I’m anonymous}}

{{Anchor|Login into your real life Facebook account and think you are anonymous}}

{{Anchor|Never login into accounts you ever used without Tor}}

{{Anchor|Don’t login into your bank account, paypal, ebay or other important personal accounts unless}}

{{Anchor|Don’t alternate Tor with open WiFi}}

{{Anchor|Prevent Tor over Tor scenarios}}

{{Anchor|Don’t send sensitive data without end-to-end encryption}}

{{Anchor|Don’t disclose identifying data about yourself}}

{{Anchor|Do use bridges if you think Tor usage is dangerous/suspicious in your country}}

{{Anchor|Don’t use different online identities at the same time}}

{{Anchor|Don’t log into Twitter, Facebook, Google, etc. longer than necessary}}

{{Anchor|Do not mix Modes of Anonymity}}

{{Anchor|Do not use clearnet and Tor at the same time}}

OK - “Do Not” editing is finished.

Although those anchors are still off (where do they go, below/above the == section?). I think we should just nuke them and fix up any broken refs later.

So if/when that gets signed off (along with Tor Browser entry), I’ll just re-organize the Do Not bullet points by category e.g. “Logins” etc. Too many bullet points right now in a big block.

So, what’s your next editing priority - fix up the FAQ first or finish the “Computer Security” section towards the phabricator goal?

I don’t care, either is fine.

The anchors are above the == headlines, right. There are just there to not break old links. They’re not visible in the final wiki page that users see. Why remove them? Because they mess up the wiki markup? Fixing them all could be hard since they are often used in the forums and perhaps on third party pages as well.

I don’t know either. Somewhat has the same priority. Perhaps computer security guides reorganization has more importance.

Computer Security Education - Whonix is rather VirtualBox specific and hard to grasp. Whatever I must have thought when I wrote that back then… Do you know what we suppose to say there?

In Qubes terms: shut down as many VMs as possible before you upgrade your TemplateVMs. And “don’t run VMs of different domains at the same time”. Probably not realistic anyhow. Perhaps better for advanced security guide.

No problem.

Let me just edit the full wiki entry text first, then we can re-organize the Computer Security & Security Guide & Advanced Security Guide to something nicer (also gotta edit Advanced Security Guide text; gulp).

At that stage, I’ll sketch out the proposed sections here first for your okay.

@torjunkie your editing work is always appreciated however the massive re-do of the TBB page is excessive. Also there is no need to quote overly technical details on what FF architectural features the TBB patches change as that read Greek to new users and detracts form the main purpose of the page of explaining safe use guidelines.

Please point to a single edit that includes typo, grammar fixes only.

Hi,

Doesn’t exist.

The easy solution →

Just approve it, then I’ll create another page called “Tor Browser Design Features” or “Hidden (Onion) Services” and similar.

Then, where I have War and Peace around adversary stuff, and functions of Tor Browser etc. I’ll chop those sections straight out and shift them, with a one-liner pointing to the design doc. “For more information, see blah blah”

BTW the Whonix docs are not consistent around level of detail.

For example, I could easily argue that the one pager on “Out of band Management Features” that I just edited today in the Computer Security Education entry is also excessive, since most users don’t care how/why Intel ME and AMT is a danger. Especially since it’s meant to be aimed at beginners.

That is, it could be reduced to one paragraph basically saying “Intel ME bad. Just got pwned with exploits proven this month.” “Don’t buy hardware supporting it”.

Ditto “Windows Hosts” and so on.

True but we don’t quote data from outside sources whenever we can. Simply referring to an archived copy of the TBB technical spec is enough.

No because this oversimplification was a cause of confusion and FUD. It led users to think “all hardware is phoning home to intel so why bother” which is not true and what I spent time clarifying to those who care. There is a difference between AMT and ME and it matter a lot. Also those paragraphs contain a lot of original content I spent time researching, combining and making recommendations based on them - not copypasta (no offense).

Like I said, Adversary stuff and Tor design functions is easily moved to a “Technical Design” page.

Yes, this part was a lot of copy-pasta. But, even there, the Torbutton and Tor Browser design docs have different information (Tor Button is more detailed for its functions), so combining that provided a more comprehensive list of what those options actually do.

But, regarding the 6 days I spent rewording the document, re-organizing the text which was a dogs breakfast, finding pics that were missing, re-sizing pictures that were ridiculously large, formatting text/titling for consistency, clarifying intent of the sub-chapters, and fixing errors in instructions; that wasn’t a lot of “copy-pasta”.

If it doesn’t meet the grade, simply reject all the edits. In that case, I’m happy to do a Spender and pass the baton, since all this time spent on Whonix can be used pursuing other interests.

We haven’t been consistent with how much content is okay per page. Even
before the edit I did not like all the advanced stuff on the Tor Browser
page.

We can keep it all, just needs to be properly split into multiple pages.

I think this is a result of lack of communication.

Whenever I make a major edit or create a new page I discuss it with Patrick first to see the best place and presentation for the material so I don’t get disappointed. There’s nothing wrong with that and it works out. Many of my first edits were flat out rejected but I learned the best way to do things and stuck around. I’m happy I did and I hope you do too.

Bad example. Spender is a greedy asshole with a god-complex who is making money off other people’s contributions - not really a good example for anyone to copy.

Right, sorry I spat the dummy there a bit.

To resolve it, how about creating a new page: “Tor Browser (Advanced Users)” or similar.

Then, the following sections would go in there (cut and pasted from already edited versions), along with the detailed design crap around Torbutton functions. “Advanced:” part could be removed from the title headings too →

1) Proposed Tor Browser (Advanced Users) page

Tor Browser Adversary Model

Adversary Goals
Adversary Positioning Capabilities
Adversary Attack Capabilities

Torbutton

Torbutton Design
Torbutton Functions
    New Identity Function
    New Tor Circuit

Sandboxed Tor Browser

Introduction
Sandboxing Effects on Tor Browser Functionality
Sandboxing Tor Browser in Non-Qubes-Whonix
    Tor Browser Sandbox Dependencies
    Download Tor Browser Sandbox
    Launch Sandboxed Tor Browser
Sandboxing Tor Browser in Qubes-Whonix

Custom Homepage

Custom Configurations

Verify New Identity
Get a New Identity without Tor ControlPort Access

Proxy Settings

Remove Proxy Settings
Change Proxy Settings

tor-launcher vs torbrowser-launcher

tor-launcher
torbrowser-launcher

Platform-specific Issues

Qubes-Whonix
    Running Tor Browser in Qubes TemplateVM
    tb-updater in Qubes TemplateVM
Whonix-Custom-Linux-Workstation
Windows

Debugging
Footnotes
License

2) The main Tor Browser page is then left with the (recently re-organized) Table of Contents like so →

Introduction
Anonymity vs Pseudonymity

Encryption

HTTPS Encryption
    HTTPS Advantages
    HTTP / HTTPS Connections with and without Tor
Onion Services Encryption
    Onion Services Advantages
    How Onion Services Connections Work

Tor Browser Add-Ons

HTTPS Everywhere
NoScript
    Security vs Usability Trade-off
Non-default Add-ons
    Non-default Add-on Risks

Torbutton (simplified, with design features detail removed)

Torbutton Functions
    New Identity Function
    New Tor Circuit
    Security Slider
    Check for Tor Browser Update
    Disabled Torbutton Functions

Tor Browser: How-To

Start Tor Browser
    From the Menu
    From the Command Line
    Successful Tor Browser Connection
File Downloads
    Warnings
    Navigating Tor Browser Downloads
Browser Language
Local Connections
    Configuring an Exception
    Local Connections Exception Threat Analysis
Harden Tor Browser
    Tor Browser Series and Settings
    Multiple Tor Browser Instances and Whonix-Workstations
    Sandboxing and DisposableVMs
    AppArmor Confinement

Update Tor Browser

Tor Browser Downloader by Whonix
    Installation Process
    Download Confirmation Notification
    Installation Confirmation Notification
Tor Browser Internal Updater
Tor Browser Manual Update

Unsafe Tor Browser Habits
Whonix Tor Browser Differences
Glossary and Key Terminology

Glossary
Key Terminology

Footnotes / References
License

3) Compare 1 & 2 to the current (old) approved Tor Browser entry →

Introduction
Anonymity vs Pseudonymity
HTTPS Encryption
HTTPS Everywhere
Torbutton
New Identity Button
Protection against dangerous JavaScript
NoScript
Tips

Maximizing Browser Window

Tor Browser in Whonix differences

Introduction
Whonix Proxy Settings
More than one Tor Browser in Whonix

Update Tor Browser

Introduction
Updating
    Tor Browser Downloader by Whonix
        Introduction
        Download Confirmation Screen
        Installation Confirmation Screen
    Tor Browser Manual Update
    Tor Browser Internal Updater

Start Tor Browser
File Downloads
Not installed by Default
Local Connections
Browser Plugins / Flash / Java
Browser Language
AppArmor Confinement
Advanced Topics

Tor Browser Hardened
Tor Browser Sandboxed
    Introduction
    Sandboxing Effects on Tor Browser Functionality
    Sandboxing Tor Browser in Non-Qubes-Whonix
        Tor Browser Sandbox Dependencies
        Download the Tor Browser Sandbox
        Launching sandboxed-tor-browser
    Sandboxing Tor Browser in Qubes-Whonix
Custom Homepage
Unsupported Tor Browser Features in Whonix
    Tor Circuit View
    Misc
Verify New Identity
Get New Identity without Tor ControlPort Access
Remove Proxy Settings
Change Proxy Settings
Local Connections Exception Threat Analysis
tor-launcher vs torbrowser-launcher
tor-launcher
torbrowser-launcher
Terminology
    Tor vs Tor Browser
    Tor Browser Transparent Proxying
Qubes specific
    Running Tor Browser in Qubes TemplateVM
    tb-updater in Qubes TemplateVM
Whonix-Custom-Linux-Workstation specific
Windows specific
Start from Command Line
Debugging

Footnotes / References
License

Where does an “Advanced” page get created if this goes ahead. /Dev or elsewhere?