Long Wiki Edit Thread

Re: Libre Hardware section in Computer Security Education (marked as TO DO expand).

If you read a bunch of references e.g.

[Hardware Designs Should Be Free. Here's How to Do It | WIRED]

[Why We Need Free Digital Hardware Designs | WIRED]

[https://blog.invisiblethings.org/papers/2015/state_harmful.pdf]

[Novena (computing platform) - Wikipedia]

[Top 4 open-source PCs | PCWorld]

[Take Control With Open Source Hardware - Linux.com]

[Purism Librem 15 | Linux Journal]

[Hardware Devices that Support GNU/Linux — Free Software Foundation — Working together for free software]

[https://h-node.org/]

[https://www.coreboot.org/Supported_Motherboards]

[Single-board computers — Free Software Foundation — Working together for free software]

You basically discover there is no such thing as truly open hardware right now.

Since open source RISC processors supporting a fully-fledged operating system don’t yet exist, the closest thing available is Single-board computers (SBCs) which are computers delivered as one circuit board that are powerful enough to run a real operating system. They generally contain a System-on-a-Chip (SoC) with an ARM processor. This then:

• Limits you to things like Novena, PandaBoardES (but still has closed-sourced binary blobs). FSF also notes severe flaws in these designs re: proprietary concerns
• Rules out Purism laptop, since it uses an Intel CPU
• Rutkowska notes even if you can run Coreboot/Libreboot with Intel CPUs this means jack shit, since the FSP can potentially malicously modify things, plus you’re still stuck with Intel ME (unless squashed with a python script - how many users will do that?)
• Rutkowska also notes that ARM processors are really releases designed to a set of specs and othe IP, which is then licensed by various vendors. Also notes potential limitations eg availability of IOMMU and so on.
• ARM also comes with so-called TrustZone mechanisms.

Basically, based on all the limitations of open source hardware currently, and the fact it is a partial solution that just leaves users with over-priced snake oil and/or not very powerful desktops/laptops, I don’t think it can be recommended in the docs.

Users are better off using modern hardware, taking their chances and waiting ten years until the open-source industry matures.

So, that’s what I’ll be writing there and leave it up to the reader to research the many hardware “solutions” themselves if Richard Stallman is their brother from another mother.

If there are no objections, I’ll create a new page called Tor Browser: Advanced Users today.

The edits are hanging around like a dump that won’t flush, and it’s annoying from an editor’s perspective. Plus, Tor Browser questions coming up in forums (like today for example), could have just been referred to the updated wiki.

Note how all the bridges questions have dropped off to zero since that was edited for clarity? All of this saves work in the long run.

torjunkie:

If there are no objections, I’ll create a new page called Tor
Browser: Advanced Users today.

Yes, please. Page name:

Tor Browser Advanced Topics

This is because colons and spaces look ugly when the URL gets pasted.

The edits are hanging around like a dump that won’t flush, and it’s
annoying from an editor’s perspective. Plus, Tor Browser questions
coming up in forums (like today for example), could have just been
referred to the updated wiki.

Please fix/shrink that page please, i.e. move the new more detailed
stuff to Tor Browser Advanced Topics.

Note how all the bridges questions have dropped off to zero since
that was edited for clarity? All of this saves work in the long run.

True, that’s awesome!

Although the term adversary is not defined by The Tor Project,

Please remove that chapter from Tor Browser Essentials. Slippery legal territory when words get twisted under hostile interpretation. Not worth getting into.

OK. That’s done.

• Split Advanced Topics into Advanced page.
• Put adversary stuff into Advanced page + removed inflammatory language about who adversaries probably are (to save us all a free, involuntary firmware upgrade)
• Removed all technical stuff around Torbutton and specific functions into the Advanced section, while leaving basics in the main Tor Browser entry
• Changed a million internal references to point to Advanced page where necessary (hopefully got them all). If not, easy to fix later.
• Fixed a couple of typos and extra white spaces here and there.

Will return to Computer Security Education tomorrow. I reckon 2 or 3 days max and that will be done. Then I’ll edit the Advanced Security section (taking forever) before proposing here a full reworking of which sections go where from all the main security guides.

I’m thinking that at that point, it’s also worth putting the Security checklist (from the Security Guide) into a page of it’s own. So we end up with:

• Computer Security Education (maybe renamed)
• Security Guide
• Advanced Security Guide
• Security Checklist

All four would sit better in a section of their own on the main wiki Table of Contents page too IMO. But let’s worry about that later. Perhaps it could be entitled “Whonix and Security”.

Moved How Onion Services Connections Work here:

Onion Services - Whonix

Haven’t fully reviewed Template:Onion Services Technical - Whonix yet. Are you sure onion services are using a distributed hash table (DHT)?

Tor Browser page.

Security Slider

I don’t think Whonix should make any recommendations and stick with Tor Project recommendations.

Should we perhaps move Security Slider up?

Because chapter Security vs Usability Trade-off equally applies?

There is a lot great new stuff on the Tor Browser page that was previously undocumented. It’s quite a lot stuff users have to know.

Wondering if Start Tor Browser chapter can be simplified a bit. To make the Tor Browser page shorter. From the Menu should be the main thing. Perhaps hide From the Command Line? Same for debugging start? The outer text should say “for start from command line or debug start, please press expand on the right”?

I think the following needs a revision.

‘’‘Do not Open Documents Downloaded via Tor while Online’‘’

The Tor Project provides an explicit warning: Tor Project | Download

Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files, unless you use the PDF viewer that's built into Tor Browser) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to use BitTorrent and Tor together, however.

Do not Open Documents Downloaded via Tor while Online does not equally apply to Whonix. Either way, as a “feature” or otherwise, files such as pdf’s won’t be able to leak the user’s IP. An argument could be made that it’s better for privacy to open even non-malicious files (pdfs…) in offline VMs because then there won’t be any unwanted outgoing connections (bad for privacy and security). But the quote does not work for Whonix and needs a rewrite.

Do not Torrent over Tor is that related to Tor Browser? Perhaps when users install a torrent client in form of an add-on?

The Tor Project also warns against torrenting: Tor Project | Download

Torrent file-sharing applications have been observed to ignore proxy settings and make direct connections even when they are told to use Tor. Even if your torrent application connects only through Tor, you will often send out your real IP address in the tracker GET request, because that's how torrents work. Not only do you deanonymize your torrent traffic and your other simultaneous Tor web traffic this way, you also slow down the entire Tor network for everyone else.

IP leaks does not apply to Whonix. See Filesharing and Torrenting.

Could you please move Local_Connections_Exception_Threat_Analysis to advanced as well?

1) Security Slider

Right.

The Security Slider was positioned with Torbutton, since it seemed to be logical to put all those functions together e.g. New Identity, New Tor Circuit and so on.

Can move it though - no problem and remove any recommendation. Instead note something like:

“Users need to make a decision whether they prefer greater security and lower usability at higher levels, or vice-versa. While fingerprinting risks are greatly reduced at higher levels, some site functionality may also be lost.”

2) Start Tor Browser

Yes, the easiest solution is just to hide all the extra text with a “Expand on the Right” part.

3) Torrent over Tor & File Downloading

Yes, I was aware of the no IP leak in Whonix, but thought it best to encourage best practices.

Perhaps I’ll just note they are bad practices and paraphrase the quotes, while suggesting files be opened in offline VMs (which I think I mentioned elsewhere in the entry e.g. “Unsafe Tor Browser Actions” or similar.)

4) Local Connection

Yes, I’ll move that threat analysis to Advanced as well.

5) Onion Services

The DHT stuff was straight out of Tor docs, but I can double check.

Let me fix up 1-4, and double-check point 5 for accuracy. Shouldn’t take too long.

1) DHT seems to be the case for .onion services, see:

So, I think the .onion services technical template is good for sign off. I added a link in Tor Browser entry to the relevant hidden services wiki entry.

2) Security Slider

On second thought, it’s too hard to move it around logically with current TOC. So I just entered this line at the bottom of security vs usability trade-off part:

“Note: The Torbutton extension’s [[#Security_Slider|Security Slider]] (see below) also involves a security versus usability trade-off. Users need to decide whether they prefer greater security and lower usability at higher slider levels, or vice-versa. While fingerprinting risks are greatly reduced at higher levels, some site functionality may also be lost.”

3) Collapsed Tor Browser Start stuff

Done.

4) Tor Browser Downloads

Done. Reworded.

"The Tor Project explicitly warns users not to open documents handled by external applications, since in the normal case they may contain Internet resources that may be downloaded outside of Tor by the application that opens them. Tor Project | Download

This warning is not strictly relevant to Whonix users since all traffic is forced over the Whonix-Gateway and the IP address will not be leaked. Despite this fact, for greater safety users should open files such as PDFs and word processing documents in offline VMs.

Malicious files or links to files pose a greater threat; potential compromise of the user’s system. Therefore users should heed the Whonix advice to [[DoNot#Do_not_Open_Random_Files_or_Links|not open random links or files]] in the Whonix-Workstation. Instead, in [[Qubes-Whonix]] it is preferable to [How Qubes makes handling PDFs way safer sanitize the PDF] or open the file or link in a [[Qubes/DisposableVM|DisposableVM]]. [[Non-Qubes-Whonix]] users should only open the file in a separate, offline Whonix-Workstation."

5) Local Connections Threat Analysis

Done. Moved to Advanced Section.

So, right now the Advanced Tor Browser entry is not signed-off, which means anybody trying to use that documentation today sees a blank page.

Probably best to sign-off ASAP.

TODO → TO DO this change may be grammatically more correct, but then one cannot search the wiki for TODO. Therefore please leave that unchanged.

‘’‘2. Add jessie-backports to sources.list’‘’

Do we have a template for that?

Since the move, Local Connections Exception Threat Analysis is now a case of lost me at hello. Could you please link back to the Tor Browser page for context or write an introduction to which situation it applies?

OK.

• Fixed all the “To do” back to TODO.
• Also fixed a bunch of internal references that were pointing to the wrong (non-existent) entry after the split (missed them earlier).
• Also changed some remaining ugly (long) internal references into nice wording instead.
• I’ve fixed the threat analysis thing.

So Tor Browser is done! Great, thanks!

[[Tor_Browser/Internal_Updater#cite_note-64|this footnote]]

That won’t work for long. Could you add an anchor please?

It worked on my preview test i.e. took me to the right footnote.

Please remind me about the Anchor formatting if you want me to change it anyway.

Footnotes aren’t stable. As soon as another footnote is added above, the number will change.

Please remind me about the Anchor formatting if you want me to change it anyway.

{{Anchor|anchor_name}}

Then you can use pagename#anchor_name.

Right. Fixed. I used an easy work-around instead of anchoring (PTSD from last time I used/touched anchors).

Also fixed up a bunch of broken internal refs for Unsafe Tor Browser behavior and x1 in Custom Homepage. They now link properly.

OK, now I really think we’re done there. Party time.

Do you want the license section on every (main) wiki documentation page? That is:

= License =

{{License_Amnesia|{{FULLPAGENAME}}}}

If so, I’ll fix that up (it’s not consistent now and often missing).

Also, decide whether you want references noted as:

== References ==

Or

== Footnotes ==

On each page, since it is inconsistent now on each page.

PS I removed the “Secure Back-ups” part from Security Guide, since that issue is now closed on github (Qubes), because scrypt has been implemented and solves this problem. See:

torjunkie:

Do you want the license section on every (main) wiki documentation
page?

No, license is only required for pages originally forked from elsewhere.

{{License_Amnesia|{{FULLPAGENAME}}}}

That specifically is only for pages that originate from Tails.

If so, I’ll fix that up (it’s not consistent now and often missing).

Also, decide whether you want references noted as:

What you could do is compare with the original. Then if the original was
improved in meanwhile, backport the changes to Whonix. And if our page
doesn’t include anything from the original anymore, we could as well as
also remove it.

== References ==

Or

== Footnotes ==

It depends. Sometimes it’s just references. Sometimes it’s footnotes.
Got any example where that looks wrong?

PS I removed the “Secure Back-ups” part from Security Guide, since
that issue is now closed on github (Qubes), because scrypt has been
implemented and solves this problem. See:

Improve qvm-backup key derivation/management · Issue #971 · QubesOS/qubes-issues · GitHub

Thanks for noticing. Has this fix been deployed to recent Qubes versions
(R3.2)?