Long Wiki Edits Thread

we should have documentation about XMPP/Jabber , as we now include CoyIM by default in whonix.

once someone can write about it , then update here:

needs new screeshot:

as im having a problem with running whonixcheck, then one of you if possible can upgrade it.


I can do those as well, Qubes Split Tor Browser is something I’ve been wanting to have a go at for a while. :slight_smile:


What screenshot are you replacing?

1 Like

Could you review Router and Local Area Network Security: Difference between revisions - Whonix please? @HulaHoop

im not replacing the screenshot , i want someone to replace it.


We need to make a page about Mac Hosts similar to Windows Hosts.

Mac Hosts page can be filled from info here.

Not sure we gain much by importing other pages. We don’t really have anyone to maintain Microsoft Windows Hosts either. It exists now and has some info but no one really working on it actively (engage with community, capability to debate/clarify).

Coming to mind perhaps wanting to improve Apple's Operating Systems are Malware - GNU Project - Free Software Foundation would be @torjunkie. But I leave it to the volunteer to decide if that is a good/fun use of time.

1 Like

Hi Patrick

I agree pages could use an update (Qubes/Uninstall, new page Reinstall TemplateVM R4.0) I have a few thing to finish then I’ll start on this.

P.S Install whonix-gw-13 from backup to reproduce behavior from the following issue didn’t produce anything yet. Will try again.



Changes rejected. Reasons:

  • Factually incorrect. Implies properly implemented IPSec, TLS and SSH is vulnerable to MITM attack if router is infected and that is not true. These protocols are resilient in face of untrusted middle nodes across the internet.

  • Not directly relevant to Whonix. Whonix security does not depend on whether your router is safe or not - therefore does not deserve such depth. In many cases you don’t have a choice in the software your network uses because it is not your network if you are on the go.

  • Even with a safe router, you are still hosed if family members run untrusted devices with proprietary spyware like Windows or out-of-the-box Android ROMs.

  • Implies you can be safe from targeted attacks - practically impossible in face of the adversaries mentioned and therefore false.

  • A laundry list of NSA/GCHQ tooling when the phrase “software or hardware implants” will do.

I think this page should say off the shelf routers should not be considered trusted and leave it at that. This means deprecating these sections.

The whole router/Wifi hardening guide is kinda pointless considering this. FOSS firmware recommendations are welcome. Open Hardware DIY guides, even better.

Saving time, as the gnu page made with strict laws about what to include and from where.

Doing our own research will improve more for sure.

Hi Patrick

apt-get-update-plus should be documented in “Operating System Software Updates”. Yes?


1 Like


apt-get-update-plus should be documented in “Operating System Software Updates”. Yes?

Once there is a new build of Whonix, yes. (Otherwise we have a messy
state where not everyone can be reasonably expected to have it.)

1 Like

Added “Spawning DispVMs from other AppVMs” to Qubes/DispVM. This TODO is not complete. Creating Named Whonix DispVM Based on Whonix-Workstation complicates this a bit.

For example, if the name-dispvm is not running it is possible to use (Qubes secure copy) qvm-copy some-file to the named-dispvm even if it is not running or defaut_dispvm for that AppVM. The named-dispvm will start just like a normal VM to receive the file. This is not normal DispVM behavior?

Also of concern if the name-dispvms have to be shut down like a normal AppVM. Meaning the following does not apply.

A DispVM automatically shuts down when the first user-launched process is terminated

I’ll be working on documenting named-dispvm next. And finishing the TODOs.

Opps almost forgot.



8 posts were split to a new topic: SecureDrop Journalist Workstation based on Qubes-Whonix

Could you give this unpublished draft a revision please? @torjunkie

1 Like

Mostly fixed (plus associated qubes pages).


Tox - how to fix instructions.

  • So Tox can’t be downloaded simply as a package for Debian.

  • The GitHub instructions want you to build it from source for Debian (yeh, no thanks - too hard, too many steps).

  • That Opensuse guy stopped packaging it for Debian stretch (so that won’t work anymore).

But, I see there is a AppImage for qtox on the official download page: Download - Tox

Since this is a wonderful new thing e.g. see here:

I presume we can just fix the instructions to say:

  1. Download this thing into Whonix-Workstation (anon-whonix)

  2. Mark it as executable chmod a+x Some.Appimage

  3. Install fuse if necessary as a dependency

sudo apt-get install fuse

  1. Double-click on the file to run it.

While this will work, it’s not exactly safe i.e. downloading random thing from Internet and run compromised (?) AppImage without verification (how is verification done here, is it even possible?)

I think we just mark it as less-than-ideal security, but at least working instructions. Right now we have “current instructions don’t work”, which is pointless.

We can point advanced users to the GitHub build instructions to do it themselves.

Also, Retroshare is too large to be on the Chat page. Needs its own page, so I’ll go and split that off. Chat page should be general description (like the email one), with detailed stuff left to stand-alone pages.


apparmor page needs an update as there is no more apparmor-profiles-whonix


1 Like