[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Long Wiki Edits Thread


#1

I think it’s worth having a ‘Long Wiki Edits’ thread, where people can highlight what they’re working on etc.

I understand this material will always be around, even when short guides and long form guides are finished (?). Stop me now if that’s not the case.

1) Added/edited the Virtualization Platform in Security Wiki as so:

Virtualization Platform

Type 1 vs Type 2 Hypervisors
Qubes-Whonix vs Physically-Isolated Non-Qubes-Whonix
Qubes-Whonix Hardware Requirements
VirtualBox Hardening

The text of Qubes-Whonix Hardware Requirements can probably move to here (since it is really related to system requirements) ->

http://kkkkkkkkkk63ava6.onion/wiki/System_Requirements

With the entry under Virtualization Platform just reading:

To determine compatability of your hardware with Qubes-Whonix, see here.

2) Removed +tor references for ‘Onionizing Repositories’ since that command is non-functional (feel free to add the correct command).

3) Edited Whonix’s (very long) Table of Contents/Index Page for readability and consistency e.g. capitalization.

I’ll keep working on various things from here that I believe are priorities e.g. the templates, finish off the Security Guide etc.

The detailed wiki on the website definitely needs reworking, since it is not logically ordered and repetitive. A lot of stubs that add no value or repeat information elsewhere or have minimal text should simply be deleted and/or referenced in a larger pre-existing entry.

But, I think this can wait until a LOT of editing work is done across pretty well everything.

Did I mention that there is a LOT of material on here, touched by a thousand hands with different writing and formatting styles over several years, with many contributors not having English as their first language? :slight_smile:


#2

There is something not right with on the Security Guide wiki page.

Edit: Actually, I think one of you fixed it, so I toned down the rant! :wink:

I specifically edited the “Introduction” to the Whonix-Workstation Security with the text below, and instead of slotting in the right place, it wiped over my text for Qubes-Whonix Hardware Requirements…

Hopefully you can pull that text back. Not sure where the coding on that page is going wrong.

Whonix-Workstation Security

Introduction

Note: Whonix implementation examples are based on Debian. To use a customized Whonix-Workstation VM based on other operating systems, see [[Other_Operating_Systems|here]]. For technical design notes, see [[Operating_System|here]].

If the Whonix-Workstation VM is ever compromised, the attacker has access to the data it contains, including all credentials, browser data and passwords. The IP address is never leaked, since this requires a compromise of the Whonix-Gateway VM, but this information may still result in identity disclosure.

In [[Non-Qubes-Whonix|non-Qubes-Whonix]]:

The best practice is to keep a clean master copy of the Whonix-Workstation VM, make snapshots/clones of the master, and then only use these for internet activity. The user can then ‘rollback’ (use a new clean clone/snapshot VM) after risky activity, or if they suspect the integrity of the system has been compromised. See the [[Security_Guide#VM_Snapshots|multiple VM snapshots recommendation]] below.

In [[Qubes-Whonix|Qubes-Whonix]]:

The best practice is to use [[Qubes/Disposable_VM|Disposable VMs]] for all your internet activity. Alternatively, periodically delete your Whonix-Workstation AppVM(s) and create fresh instances from the Whonix-Workstation TemplateVM.


#3

Ignore post above.

All fixed and waiting sign-off (around 9 or 10 edits).

God that VM Snapshots stuff was painful. Thought the SVN stuff would never end… :sweat_smile:

Just one more section in Security wiki and that’s finished off for editing. I note there are 253 templates in the wiki system that I’ll cast an eye over too.

Edit: Looks like IPv6 traffic in the Tor network will soon be the default (PreferIPv6 setting), but less than 15% of exit relays support it currently:

https://trac.torproject.org/projects/tor/ticket/21269

Thus, references throughout the wiki re: “Tor only currently supports IPv4” will need to be modified when you come across them.


#4

@Patrick @entr0py

If you don’t mind signing off on Security Guide updates, that would be great - so then it is finished & doesn’t need any more looking at.

OCD editors and all that :slight_smile:

Right now, we have the (old) “Introduction” version for Whonix-Workstation security doubled up in the approved/checked version of the guide, and it looks like shit.

I don’t think there is anything controversial in the edits.

1) Maybe you don’t like this entry (?). If so, tell me what you don’t like.

= Other Anonymizing Networks over Tor (UDP Tunnels) =

First read [https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN Tor Plus VPN or Proxy] section and the [[Whonix:General_disclaimer#Whonix_VPN_disclaimer|Whonix VPN disclaimer]].

‘’‘Warning:’’’ you should be aware that VPNs by themselves are incapable of preventing intelligence agencies from monitoring your activities. A [http://www.spiegel.de/media/media-35515.pdf host of tools] are already in long-term use which:

  • Attack and exploit VPN protocols;
  • Decrypt traffic;
  • Extract VPN metadata;
  • Extract router information;
  • Record full-take VPN collection for later analysis; and
  • Fingerprint users in the XKEYSCORE system.

Notably, the IPSec and PPTP protocols have already been completely subverted, with SSL and SSH also actively targeted for recovery of relevant data e.g. user names and passwords. In intelligence agency parlance: “Happy Dance!!” For further analysis of global adversary capabilities, see [http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html here].

‘’‘Risks of Tunneling Through Tor’’’

Please note: ‘’‘adding a second connection does not automatically add security, but will add significant complexity.’’’ It is ‘‘not’’ commonly accepted that a combination of Tor and a VPN will increase your security and anonymity. In fact, due to its complexity and the distinct possibility of misconfiguration, the risk may actually be increased. The Tor Project notes:https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

You can also route VPN/SSH services through Tor. That hides and secures your Internet activity from Tor exit nodes. Although you are exposed to VPN/SSH exit nodes, you at least get to choose them. If you're using VPN/SSHs in this way, you'll want to pay for them anonymously (cash in the mail [beware of your fingerprint and printer fingerprint], Liberty Reserve, well-laundered Bitcoin, etc).

However, you can’t readily do this without using virtual machines. And you’ll need to use TCP mode for the VPNs (to route through Tor). In our experience, establishing VPN connections through Tor is chancy, and requires much tweaking.

Even if you pay for them anonymously, you’re making a bottleneck where all your traffic goes – the VPN/SSH can build a profile of everything you do, and over time that will probably be really dangerous.

As well as the difficulty in anonymously paying for a VPN and the bottleneck with the provider, installation of secure tunneling software (OpenVPN, not PPTP/IPSec) also enlarges the attack surface of your system. Attackers could potentially use undiscovered software bugs for exploits. Other [[Tunnels/Introduction#Connecting_to_Tor_before_a_tunnel-link_.28proxy.2FVPN.2FSSH.29|downsides of this approach]] are:

  • Fingerprinting could be worsened in some configurations;
  • Tor hidden services (.onion) will be unavailable;
  • Various software installed in Whonix will not be able to take advantage of stream isolation;
  • The Tor Browser tab stream isolation feature will be non-functional;
  • Using a limited number of shared VPN IP addresses can reduce your anonymity set;
  • End-to-end correlation attacks are possible if you use the same operator/network in your connection chain; and
  • The VPN provider can discover if an additional anonymizing network is used in the tunneling chain (although the usefulness of the information is minimal).

Perhaps most importantly, the Tor Project thinks this is a really poor plan:https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

Normally Tor switches frequently its path through the network. When you choose a permanent destination X, you give away this advantage, which may have serious repercussions for your anonymity.

On the upside, properly configured and secure tunneling software:

  • Allows connections to internet servers who ban Tor exit nodes;
  • There is additional protection against de-anonymizing attacks conducted against the Tor network;
  • The VPN provider won’t know who you are, but can find out that someone is connecting over Tor; and
  • The Tor exit relay is prevented from analyzing your communication with a VPN provider, since it will only see an encrypted connection.

If you still wish to pursue this option despite the significant risks, first review the Whonix [[Tunnels/Introduction#Comparison_Table|tunneling comparison table]] and read the associated footnotes.

A dedicated virtual machine is recommended for this activity, see: [[Multiple Whonix-Workstations]].

2) As previously noted, if you don’t want the sys requirements for Qubes (Qubes-Whonix) in the Security Guide, then just move it here -> http://kkkkkkkkkk63ava6.onion/wiki/System_Requirements or create a stub and I can cut and paste it in.

Technically, this IS a security issue, since crap hardware = crap security protection for Qubes. But, I do think it sits better next to the general Whonix system requirements.

== Qubes-Whonix Hardware Requirements ==
To determine compatibility of your hardware with Qubes, see [https://www.qubes-os.org/doc/system-requirements/ here]. Before purchasing any hardware specifically for Qubes, first check the [https://www.qubes-os.org/hcl/ hardware compatibility list] for suitable models.

For the best security, functionality and future compatibility with Qubes 4.X releases, ensure your system supports all of the following:

  • ‘’‘HVM:’’’ Intel VT-x or AMD-V technology is required for running HVM domains, such as Windows-based AppVMs;
  • ‘’‘IOMMU:’’’ Intel VT-d or AMD-Vi (IOMMU technology) is required for effective isolation of network VMs and PCI passthrough;
  • ‘’‘SLAT for Qubes 4.X:’’’ Second Level Address Translation is needed. Either Intel VT-x support for Extended Page Tables (EPT) or AMD-V support for Rapid Virtualization Indexing (RVI);
  • ‘’‘TPM (Optional):’’’ Trusted Platform Module with proper BIOS support (required for Anti Evil Maid);
  • ‘’‘An Intel Integrated Graphics Processing (IGP) unit:’’’ Nvidia GPUs may require troubleshooting and ATI GPUs have not been formally tested;
  • ‘’‘8 - 16 GB RAM:’’’ users report problems with the 4 GB minimum e.g. Disposable VM creation and running multiple VMs in parallel;
  • ‘’‘A non-USB keyboard or multiple USB controllers:’’’ to enable creation of a USB qube and prevent malicious compromise of dom0; and
  • ‘’‘A fast SSD:’’’ strongly recommended to ensure a responsive Qubes system.

Note: "Qubes can be installed on systems which do not meet the recommended requirements. Such systems will still offer significant security improvements over traditional operating systems, since things like GUI isolation and kernel protection do not require special hardware."https://www.qubes-os.org/doc/system-requirements/

3) The other edits were minor i.e. hardening checklist based on pre-existing entries in Whonix documentation, although that BIOS recommendation is not really ‘hardening’ (and I see in the wrong place) and could be deleted before approval.

4) VM snapshots was just editing for readability, I didn’t delete any of your key text. It was just a big blob of text before, and needed some restructuring.


#5

This template can’t be manually edited -> Template:Donate

Suggest you change this line:

You can also contribute your time instead by contributing to the project. 

To:

You can also contribute your time to assist in the development of the project.

Also, suggest you update this:

You can send checks or money orders to:

Not at the moment. Please ask if you want to donate that way.

To reflect your friend/colleague who was willing to act as a go-between. Paranoid users will never use electronic methods, but may be willing to send small amounts to Whonix in the mail e.g. $100 USD or less.

Suggest changing this line:

Donations are not tax-deducible: Whonix isn't a registered non-profit. If that matters to you, please get in contact. We may research creating a non-profit. 

To:

Donations are not tax-deducible: Whonix isn't a registered non-profit organization. In the future we may research creating a non-profit legal structure and applying for recognition of tax-exempt status.

#6

Final Changes to Security Guide

1) Added a new section for safe Qubes operation:

=== Secure Qubes Operation ===

‘’‘Qubes-Whonix Only’’’

2) Updated the Disabling and Minimizing Hardware Risks section to reflect an additional Bluetooth entry:

3) Updated the USB entry as follows:

=== Create a USB Qube ===

‘’‘Qubes-Whonix Only’’’

4) Updated the AEM entry as follows:

=== Anti-Evil Maid ===

‘’‘Qubes-Whonix Only’’’

  • If you have a Trusted Platform Module, use [https://www.qubes-os.org/doc/anti-evil-maid/ AEM protection] to attest that only desired (trusted) components have been loaded and executed during the system boot. Unauthorized modifications to BIOS or the boot partition will be notified.

5) Changed the “Document Handling” entry to “File Handling”:

=== File Handling ===

‘’‘Qubes-Whonix-Only’’’

  • In File Manager, disable previews of files from untrusted sources. Change file preferences in the TemplateVM’s File Manager so future AppVMs inherit this feature;
  • Files received or downloaded from untrusted sources (the internet, via email etc.) should not be opened in a trusted VM. Instead, open them in a DisposableVM (right click); and
  • Untrusted PDFs should be opened in a DisposableVM or converted into a [https://github.com/QubesOS/qubes-app-linux-pdf-converter trusted (sanitized) PDF] to prevent exploitation of the PDF reader and potential infection of the VM.

Now, I REALLY think the ‘Security Guide’ is finished. :slight_smile:


#7

Great edits, great work!

A few comments…


Yes, I think system requirements should be moved to https://www.whonix.org/wiki/System_Requirements with a new sub chapter “For Best Security” perhaps? On the security guide page there should just be a stub pointing that out perhaps. Or using wiki templates.


The non-perfection about the Security Guide wiki page now is, that it is partially structured into easy, moderate, difficult, and partially not?


The subject Other Anonymizing Networks over Tor (UDP Tunnels) is not so much on spot anymore.

Warning: you should be aware that VPNs by themselves are incapable of preventing intelligence agencies from monitoring your activities. A host of tools are already in long-term use which:

  • Attack and exploit VPN protocols;
  • Decrypt traffic;
  • Extract VPN metadata;
  • Extract router information;
  • Record full-take VPN collection for later analysis; and
  • Fingerprint users in the XKEYSCORE system.

For example Attack and exploit VPN protocols; could use a more on spot reference. Is there some claim in any of these documents that they are keep using some unknown cryptography bug to keep decrypting everyone’s OpenVPN traffic all the time or something similar?


#8

1) OK - I’ve shifted that information over to System Requirements.

Awaiting reviewer sign-off:

http://kkkkkkkkkk63ava6.onion/wiki/System_Requirements

Security guide “Qubes-Whonix Hardware Requirements” now just points to the above reference (also awaiting sign-off), that is:

== Qubes-Whonix Hardware Requirements ==
For Qubes-Whonix hardware requirements, see [[System_Requirements|here]].

2) The solution to easy/moderate/difficult/expert is I think to split off the General Hardening Checklist (and rename it to System Hardening Checklist) to a separate page by itself.

Then, when the Long Wiki Table of Contents is all shifted around, possibly there will just be a SECURITY section like so:

  • Computer Security Education
  • Security Guide
  • Advanced Security Guide
  • System Hardening Checklist

I don’t like “First Steps with Whonix” having this stuff in the mix. “First Steps with Whonix” should probably be changing passwords (non-Qubes-Whonix) and starting VM images, and updates/upgrades and maybe the desktop changes and bridges guides.

Then, logically the next section in order would be the SECURITY section as I outlined above IMO.

At that time (or sooner), we should probably just list the stubs/entries that are actually easy and moderate and put that it Security Guide only.

Things that are hard or expert are also put in the Advanced Security Guide only, as per your previous recommendation some time ago. There is stuff of all levels of complexity in both guides right now.

The top of each guide would state something like:

Complexity: The following issues are classified at the "easy" or "moderate" level.

Complexity: The following issues are classified at the "diffcult" or "expert" level.

Thoughts?

3) Agree, it’s a mess and should be merged. I’ll do that next + review references.

Again, perhaps this part in the Security Guide should just link to the VPNs and other anonymizing tunnels section e.g.

Please see section X and Y 

4) Other (unrelated)

BTW What is the security implication of IPv6 rollout in the Tor network i.e. almost 15% of Tor relays now supporting it according to that Tor ticket? Does it matter for Whonix? Does it matter for anonymous mobile modems re: assigning of additional and unique IPv6 IP addresses etc?


#9

Hammering the Long Wiki into shape will be many baby steps, but let’s start somewhere, and keep improving it as we go.

FIRST ISSUE

The more I think about it, the less need I see for the Computer Security Education entry at all in the long wiki.

1) Almost everything (or maybe 100%) in there can be collapsed into either the Security Guide or Advanced Security Guide.

2) There are only only a few entries that are firmly non-Whonix specific (but still very relevant to security) e.g. Firmware Trojans, Out-of-Band Management Features, Firware Updates, Libre Software/Hardware.

3) Stuff with steps in it:

  • Host Firewall
  • Disable TCP Timestamps
  • Disable ICMP Timestamps
  • Changing MAC Address

Really do NOT belong in a general computer security section, since it is really about making your Whonix installation as secure as possible for your circumstances.

They belong in the Security Guide, since they are assessed as either “easy” or “moderate” in complexity for normal users.

4) The general information noted at point 2 above (with shit loads of text) could just be lumped together under a General Computing Security stub in the Security Guide or Advanced Security Guide. Then, a key paragraph or two to describe the issue + a “click on the right to expand” instruction to hide the War and Peace details.

Conclusion

Benefits of getting rid of the Computer Security Education section and merging it:

  • Simplicity (we stop serious cross-referencing everywhere);
  • Steps with explicit steps don’t belong there to begin with;
  • One less entry for an overwhelmed newbie to Whonix to contend with (or miss reading in probability);
  • It doesn’t belong in a Get Whonix section (seems illogical); and
  • We replicate the style of other OSes that just have one or two major security guides in general.

SECOND ISSUE

Get Whonix

I think should be logically:

Download, Verify and Install Whonix

If the Computer Security Section entry disappears from there after merging, I’d recommend a more logical list of stub entries in the main index page as follows (2 versions to follow, which do you like):

VERSION 1

Download, Verify and Install Whonix

  • System Requirements [1]
  • Download Whonix [2]
  • VirtualBox Windows Installer [3]
  • VirtualBox Images (Windows, Mac, Linux) [4]
  • KVM Images (Linux) [5]
  • Qubes-Whonix Templates [6]
  • Download the Whonix Signing Key [7]
  • Verify and Install Non-Qubes-Whonix Images:
  • VirtualBox Windows Installer [8]
  • VirtualBox Images
    ** Windows [9]
    ** Mac [10]
    ** Linux on the Command Line [11]
    ** Linux using KGpg [12]
  • KVM Images (Linux)
    ** On the Command Line [13]
    ** Using KGPG [14]

[1] Removed from the General Information section

[2] The First Time User? stub is deleted from this area and the template text is merged to just sit above the table of available downloads

[3] The stubs reference these wiki entries with downloadable stuff: http://kkkkkkkkkk63ava6.onion/wiki/Windows#Landing

[4] http://kkkkkkkkkk63ava6.onion/wiki/VirtualBox#Landing

[5] http://kkkkkkkkkk63ava6.onion/wiki/KVM#Landing

[6] http://kkkkkkkkkk63ava6.onion/wiki/Qubes/Install#Landing

[7] Moved from the Non-Qubes-Whonix Specific section http://kkkkkkkkkk63ava6.onion/wiki/Whonix_Signing_Key

[8] Pointing to this reference http://kkkkkkkkkk63ava6.onion/wiki/Installer/Verify_the_Installer_using_the_command_line

[9] Move this entry from Non-Qubes-Whonix Specific http://kkkkkkkkkk63ava6.onion/wiki/Verify_the_virtual_machine_images_using_other_operating_systems

[10] Move this entry from Non-Qubes-Whonix Specific http://kkkkkkkkkk63ava6.onion/wiki/Verify_the_virtual_machine_images_using_other_operating_systems

[11] Move this entry from Non-Qubes-Whonix Specific http://kkkkkkkkkk63ava6.onion/wiki/Verify_the_virtual_machine_images_using_the_command_line

[12] Move this entry from Non-Qubes-Whonix Specific http://kkkkkkkkkk63ava6.onion/wiki/Verify_the_virtual_machine_images_using_Linux

[13] http://kkkkkkkkkk63ava6.onion/wiki/KVM/Verify_the_virtual_machine_images_using_the_command_line

[14] http://kkkkkkkkkk63ava6.onion/wiki/KVM/Verify_the_virtual_machine_images_using_Linux

Benefits:

  • It is more logical to have stand-alone instructions for sys requirements, download/verification and installation advice in one section;
  • Moves stuff buried in Non-Qubes-Whonix Specific section to the upfront area where it better suited;
  • Although there are landing pages appear for various platforms when users hit the “Download” entry in the download table (with verification etc. recs), it is currently nested. For newbies, this is not comforting when they are looking for advice quickly and see the huge Table of Contents we have currently; and
  • Clear demarcation based on OS, install method (manual or installer), choice of virtualizer, and verification method.

VERSION 2

Download, Verify and Install Whonix

  • System Requirements [1]
  • Download, Verify and Install Whonix [2]
  • VirtualBox Windows Installer [3]
  • VirtualBox Images (Windows, Mac, Linux) [4]
  • KVM Images (Linux) [5]
  • Qubes-Whonix Templates [6]

[1] Removed from the General Information section

[2] The First Time User? stub is deleted from this area and the template text is merged to just sit above the table of available downloads

[3] The stubs reference these wiki entries with downloadable stuff and steps for verification and installation: http://kkkkkkkkkk63ava6.onion/wiki/Windows#Landing

[4] http://kkkkkkkkkk63ava6.onion/wiki/VirtualBox#Landing

[5] http://kkkkkkkkkk63ava6.onion/wiki/KVM#Landing

[6] http://kkkkkkkkkk63ava6.onion/wiki/Qubes/Install#Landing

Benefits:

  • Simpler than version 1; and
  • The landing sections already discuss verification and installation steps, so perhaps it doesn’t need to be explicitly outlined like in Version 1.

Downside:

  • Verification and installation steps are still nested; and
  • Shit buried in the Non-Qubes-Whonix Specific section is left right at the bottom of the wiki index page, where probably 95% of readers never get to.

Thoughts?


#10

My plan is to decide as little as possible on the documentation and
Whonix presentation issues. I am mostly responsible for the current
unorganized state of things. Don’t set a fox to keep the geese so to
speak. Therefore I would appreciate if the Whonix team (all people who
recently contributed to Whonix) would comment here.

Having said that, here is some input / previous reasoning.

The idea behind Computer Security Education was stuff that would be
useful prior installing Whonix. I mean, there are things that can/should
be done prior installation of Whonix, and things that can only be
applied after installation of Whonix. Also it might be useful to
distinguish between knowledge and actionable steps. Sure, we can
consider to reorganize/merge pages.

3) Stuff with steps in it:

  • Host Firewall * Disable TCP Timestamps * Disable ICMP Timestamps *
    Changing MAC Address

Really do NOT belong in a general computer security section, since it
is really about making your Whonix installation as secure as possible
for your circumstances.

Yes, that’s another possible way to sort it. Whonix specific vs
non-Whonix specific.

Disabling TCP/ICMP timestamps also makes a lot sense outside of Whonix
use cases. That’s why it’s disabled by default in Qubes. Reference:


#11

No problem. Your time should not be wasted on reviews i.e. you’re needed for the technical guts of Whonix.

Who is considered the go-to person in Whonix for documentation?

HulaHoop, Ego, entr0py, all of the above? Basically the place would benefit from someone like ADW overseeing it all, if they’d sign up for the task. BTW, that’s not me. I just want to exercise the fingers for a while and then sail off into the sunset. :slight_smile:

The phabricator task (long-standing) is to rework the information on the site. So it needs to be done at some stage. And that’s not going to happen without a fair bit of editing and reworking of the material’s ordering and presentation.


#12

2 posts were split to a new topic: Whonix Website Change Suggestions


#13

OK - here’s my second attempt awaiting sign-off in the wiki :slight_smile:

= Transporting UDP Tunnels over Tor =

‘’‘Tor Design’’’

According to the Tor Project:https://blog.torproject.org/blog/moving-tor-datagram-transport

Tor transports data over encrypted TLS tunnels between nodes, which is in turn carried by TCP.

The current Tor design does not support the transport of [https://trac.torproject.org/projects/tor/ticket/7830 UDP-based protocols] through exit nodes in the network, and this is unlikely to be supported in the near future due to incompatibility with cryptographic protocols in use and those planned.

The consequence is that UDP-based protocols and applications cannot be used to transmit UDP datagrams between guards and exit nodes in the default environment. Example UDP protocols / applications include:https://en.wikipedia.org/wiki/User_Datagram_Protocol

  • Domain Name System (DNS);
  • Simple Network Management Protocol (SNMP);
  • Routing Information Protocol (RIP);
  • Dynamic Host Configuration Protocol (DHCP); and
  • Voice and video traffic.

‘’‘Transporting UDP Tunnels over Tor with a VPN’’’

A solution to this problem is to use a [https://en.wikipedia.org/wiki/Tunneling_protocol tunneling protocol]. In simple terms, this allows a user to access a foreign protocol or network service that the underlying (Tor) network does not support or provide directly.

The tested and working method in Whonix is to utilize a Virtual Private Network (VPN) with a trusted provider that does not block UDP traffic (User -> Tor -> VPN -> [Other Anonymizing Network] -> Internet). Some VPN protocols such as OpenVPN may use UDP while implementing reliable connections and error checking at the application level.Other VPN implementations may also be useful, but have not been researched yet.

Please first read the related VPN documentation and warnings:

  • [https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN Tor Plus VPN or Proxy];
  • [[Whonix:General_disclaimer#Whonix_VPN_disclaimer|Whonix VPN disclaimer]];
  • [[Tunnels/Connecting to Tor before a VPN| How to connect to Tor before a VPN (User -> Tor -> VPN -> Internet)]]; and
  • [[Tunnels/Introduction#Comparison_Table|Tunneling comparison table]].

Before following the instructions to [[Tunnel_UDP_over_Tor|tunnel UDP over Tor]].

The current [http://sec.cs.ucl.ac.uk/users/smurdoch/papers/tor11datagramcomparison.pdf Tor architecture] may cause negative performance impacts on user activities. This arises from high latency due to congestion in the network, queue length on nodes (mixing of traffic across multiple nodes), and TCP mechanisms which attempt to account for lost packets and hold delivery of future packets until a resend is complete.https://guardianproject.info/2012/12/10/voice-over-tor/

Understand that adding a second connection in the tunneling chain adds significant complexity. This potentially increases the security and anonymity risks to the user due to: misconfiguration, the increased attack surface of secure tunneling software, the difficulty in anonymously paying for VPN services, and potential bottlenecks with VPN providers. Depending on your configuration, you may also increase your fingerprinting risk, lose stream isolation of your activities, and have a permanent destination X in the Tor network.Also read the Tor Project warnings here: https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN.

‘’‘Whonix Recommendations’’’

Whonix recommends the use of [https://en.wikipedia.org/wiki/OpenVPN OpenVPN] as the most secure (SSL/TLS-based) protocol, rather than reliance upon IKE, L2TP/IPsec or PPTP. OpenVPN is considered extremely secure when used with encryption algorithms such as AES.IKE is being exploited by the NSA to decrypt IPSec traffic. IPsec configured with pre-shared keys is vulnerable to MITM attacks. PPTP is an obsolete method for VPN implementation with a host of security weaknesses. For further reading on intelligence agency capabilities against VPN protocols see: http://www.spiegel.de/media/media-35515.pdf

A dedicated virtual machine is recommended for this activity, see: [[Multiple Whonix-Workstations]].


#14

What do you think about the suggested homepage changes in this post? Long Wiki Edits Thread @Ego


#15

Good day,

Sure, can/will add those.

Have a nice day,

Ego


#16

The examples need some work.

  • Domain Name System (DNS);

Tor supports some types of DNS. There is more information and references on that topic here: https://www.whonix.org/wiki/Secondary_DNS_Resolver

  • Simple Network Management Protocol (SNMP);
  • Routing Information Protocol (RIP);
  • Dynamic Host Configuration Protocol (DHCP); and

Do users care to tunnel those over Tor?

  • Voice and video traffic.

This is a good example. Replaced with some using voice or video are using UDP since there are also applications using TCP. Perhaps we should link to https://www.whonix.org/wiki/VoIP?

That reminds me of https://www.whonix.org/wiki/VoIP. What do you think about the quality of that page? It has lots of nicely researched information, but I am not sure it will help as many users to actually use voip as possible.

What’s the use case to highlight?

  • Two person who know each other talking to each other but obfuscating these fact by using Tor?
  • One person in a censored area calling someone in another area not necessarily using Tor?
  • (Due to voice recognition and stylometry there is no way for the caller to stay anonymous.)

I am not sure all of this is really getting clear for the user.

What seems to you to be the easiest to use already documented solution?

Wondering if any of the new instant messengers such as ricochet / unMessage are going to get voip and/or video support or if other applications similar to those are being worked on?

//cc @HulaHoop


#17

Thanks for that.

I changed that applications list part and linked in the VOIP section as follows:

The consequence is that UDP-based protocols and applications cannot be used to transmit UDP datagrams between guards and exit nodes in the default environment, for example, some [[VoIP]] or video applications.https://en.wikipedia.org/wiki/User_Datagram_Protocol

It’s a good Question re: use of UDP apps in general forced through the Tor network. I know little about networking, so wasn’t sure of other relevant applications or protocols that Whonix users would frequently want to use in this manner? I figured you experts would know.

Based on my quick read of the VOIP wiki entry, it looks like really bad advice to be forcing it over Tor anyway, given the voice recognition de-anonymization potential. A big fat warning probably needs to be at the top of that page, just like the wiki has for VPNs and other anonymizing networks in long chains.

It all seems to come back to peer-to-peer, metadata-less, hidden services-based instant messangers like Ricochet as being the gold standard for high-security comms in general.

Or perhaps something like I2P-bote, but I know very little about that, apart from what’s in the wiki. Tox looks promising too, but still too early in development to trust.

Re: reviewing the VoIP page

I’m happy to review the VoIP page next for editing, now that the Security Guide is done.

Although, I’ll probably finish off the rest of the templates, since I’ve already reviewed and edited the first 100 out of 233 (total) templates on the website i.e. Special:UncategorizedTemplates (except for the “Build Documentation” ones, since they look very painful and I’ve been procrastinating on those). :wink:

I also realize that translate tags should get added to every page on the website too right as per @Ego’s instructions? Looks pretty simple to do.

(Edit by Patrick: Ego -> @Ego)


whonix.org wiki translation / mediawiki extension translate - technical discussion
#18

Btw there is no need to fix https://www.whonix.org/wiki/Template:Infobox_OS/doc and a few similar pages that are not visible to users - it’s not our template. We just imported it from wikipedia. When it’s not user facing, not even developer facing, there is no need to spend time on it.


#19

It should be properly explained indeed, so I am glad you can visit it with a fresh view.

Anyhow. Two people who know each other communicating via voice over Tor is still a use case where Whonix is still an ideal solution to have an encrypted/authenticated voice conversation that cannot be observed by third parties.


#20

Let’s move that here:
whonix.org wiki translation / mediawiki extension translate - technical discussion