[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Long Wiki Edits Thread


#7

Great edits, great work!

A few comments…


Yes, I think system requirements should be moved to https://www.whonix.org/wiki/System_Requirements with a new sub chapter “For Best Security” perhaps? On the security guide page there should just be a stub pointing that out perhaps. Or using wiki templates.


The non-perfection about the Security Guide wiki page now is, that it is partially structured into easy, moderate, difficult, and partially not?


The subject Other Anonymizing Networks over Tor (UDP Tunnels) is not so much on spot anymore.

Warning: you should be aware that VPNs by themselves are incapable of preventing intelligence agencies from monitoring your activities. A host of tools are already in long-term use which:

  • Attack and exploit VPN protocols;
  • Decrypt traffic;
  • Extract VPN metadata;
  • Extract router information;
  • Record full-take VPN collection for later analysis; and
  • Fingerprint users in the XKEYSCORE system.

For example Attack and exploit VPN protocols; could use a more on spot reference. Is there some claim in any of these documents that they are keep using some unknown cryptography bug to keep decrypting everyone’s OpenVPN traffic all the time or something similar?


#8

1) OK - I’ve shifted that information over to System Requirements.

Awaiting reviewer sign-off:

http://kkkkkkkkkk63ava6.onion/wiki/System_Requirements

Security guide “Qubes-Whonix Hardware Requirements” now just points to the above reference (also awaiting sign-off), that is:

== Qubes-Whonix Hardware Requirements ==
For Qubes-Whonix hardware requirements, see [[System_Requirements|here]].

2) The solution to easy/moderate/difficult/expert is I think to split off the General Hardening Checklist (and rename it to System Hardening Checklist) to a separate page by itself.

Then, when the Long Wiki Table of Contents is all shifted around, possibly there will just be a SECURITY section like so:

  • Computer Security Education
  • Security Guide
  • Advanced Security Guide
  • System Hardening Checklist

I don’t like “First Steps with Whonix” having this stuff in the mix. “First Steps with Whonix” should probably be changing passwords (non-Qubes-Whonix) and starting VM images, and updates/upgrades and maybe the desktop changes and bridges guides.

Then, logically the next section in order would be the SECURITY section as I outlined above IMO.

At that time (or sooner), we should probably just list the stubs/entries that are actually easy and moderate and put that it Security Guide only.

Things that are hard or expert are also put in the Advanced Security Guide only, as per your previous recommendation some time ago. There is stuff of all levels of complexity in both guides right now.

The top of each guide would state something like:

Complexity: The following issues are classified at the "easy" or "moderate" level.

Complexity: The following issues are classified at the "diffcult" or "expert" level.

Thoughts?

3) Agree, it’s a mess and should be merged. I’ll do that next + review references.

Again, perhaps this part in the Security Guide should just link to the VPNs and other anonymizing tunnels section e.g.

Please see section X and Y 

4) Other (unrelated)

BTW What is the security implication of IPv6 rollout in the Tor network i.e. almost 15% of Tor relays now supporting it according to that Tor ticket? Does it matter for Whonix? Does it matter for anonymous mobile modems re: assigning of additional and unique IPv6 IP addresses etc?


#9

Hammering the Long Wiki into shape will be many baby steps, but let’s start somewhere, and keep improving it as we go.

FIRST ISSUE

The more I think about it, the less need I see for the Computer Security Education entry at all in the long wiki.

1) Almost everything (or maybe 100%) in there can be collapsed into either the Security Guide or Advanced Security Guide.

2) There are only only a few entries that are firmly non-Whonix specific (but still very relevant to security) e.g. Firmware Trojans, Out-of-Band Management Features, Firware Updates, Libre Software/Hardware.

3) Stuff with steps in it:

  • Host Firewall
  • Disable TCP Timestamps
  • Disable ICMP Timestamps
  • Changing MAC Address

Really do NOT belong in a general computer security section, since it is really about making your Whonix installation as secure as possible for your circumstances.

They belong in the Security Guide, since they are assessed as either “easy” or “moderate” in complexity for normal users.

4) The general information noted at point 2 above (with shit loads of text) could just be lumped together under a General Computing Security stub in the Security Guide or Advanced Security Guide. Then, a key paragraph or two to describe the issue + a “click on the right to expand” instruction to hide the War and Peace details.

Conclusion

Benefits of getting rid of the Computer Security Education section and merging it:

  • Simplicity (we stop serious cross-referencing everywhere);
  • Steps with explicit steps don’t belong there to begin with;
  • One less entry for an overwhelmed newbie to Whonix to contend with (or miss reading in probability);
  • It doesn’t belong in a Get Whonix section (seems illogical); and
  • We replicate the style of other OSes that just have one or two major security guides in general.

SECOND ISSUE

Get Whonix

I think should be logically:

Download, Verify and Install Whonix

If the Computer Security Section entry disappears from there after merging, I’d recommend a more logical list of stub entries in the main index page as follows (2 versions to follow, which do you like):

VERSION 1

Download, Verify and Install Whonix

  • System Requirements [1]
  • Download Whonix [2]
  • VirtualBox Windows Installer [3]
  • VirtualBox Images (Windows, Mac, Linux) [4]
  • KVM Images (Linux) [5]
  • Qubes-Whonix Templates [6]
  • Download the Whonix Signing Key [7]
  • Verify and Install Non-Qubes-Whonix Images:
  • VirtualBox Windows Installer [8]
  • VirtualBox Images
    ** Windows [9]
    ** Mac [10]
    ** Linux on the Command Line [11]
    ** Linux using KGpg [12]
  • KVM Images (Linux)
    ** On the Command Line [13]
    ** Using KGPG [14]

[1] Removed from the General Information section

[2] The First Time User? stub is deleted from this area and the template text is merged to just sit above the table of available downloads

[3] The stubs reference these wiki entries with downloadable stuff: http://kkkkkkkkkk63ava6.onion/wiki/Windows#Landing

[4] http://kkkkkkkkkk63ava6.onion/wiki/VirtualBox#Landing

[5] http://kkkkkkkkkk63ava6.onion/wiki/KVM#Landing

[6] http://kkkkkkkkkk63ava6.onion/wiki/Qubes/Install#Landing

[7] Moved from the Non-Qubes-Whonix Specific section http://kkkkkkkkkk63ava6.onion/wiki/Whonix_Signing_Key

[8] Pointing to this reference http://kkkkkkkkkk63ava6.onion/wiki/Installer/Verify_the_Installer_using_the_command_line

[9] Move this entry from Non-Qubes-Whonix Specific http://kkkkkkkkkk63ava6.onion/wiki/Verify_the_virtual_machine_images_using_other_operating_systems

[10] Move this entry from Non-Qubes-Whonix Specific http://kkkkkkkkkk63ava6.onion/wiki/Verify_the_virtual_machine_images_using_other_operating_systems

[11] Move this entry from Non-Qubes-Whonix Specific http://kkkkkkkkkk63ava6.onion/wiki/Verify_the_virtual_machine_images_using_the_command_line

[12] Move this entry from Non-Qubes-Whonix Specific http://kkkkkkkkkk63ava6.onion/wiki/Verify_the_virtual_machine_images_using_Linux

[13] http://kkkkkkkkkk63ava6.onion/wiki/KVM/Verify_the_virtual_machine_images_using_the_command_line

[14] http://kkkkkkkkkk63ava6.onion/wiki/KVM/Verify_the_virtual_machine_images_using_Linux

Benefits:

  • It is more logical to have stand-alone instructions for sys requirements, download/verification and installation advice in one section;
  • Moves stuff buried in Non-Qubes-Whonix Specific section to the upfront area where it better suited;
  • Although there are landing pages appear for various platforms when users hit the “Download” entry in the download table (with verification etc. recs), it is currently nested. For newbies, this is not comforting when they are looking for advice quickly and see the huge Table of Contents we have currently; and
  • Clear demarcation based on OS, install method (manual or installer), choice of virtualizer, and verification method.

VERSION 2

Download, Verify and Install Whonix

  • System Requirements [1]
  • Download, Verify and Install Whonix [2]
  • VirtualBox Windows Installer [3]
  • VirtualBox Images (Windows, Mac, Linux) [4]
  • KVM Images (Linux) [5]
  • Qubes-Whonix Templates [6]

[1] Removed from the General Information section

[2] The First Time User? stub is deleted from this area and the template text is merged to just sit above the table of available downloads

[3] The stubs reference these wiki entries with downloadable stuff and steps for verification and installation: http://kkkkkkkkkk63ava6.onion/wiki/Windows#Landing

[4] http://kkkkkkkkkk63ava6.onion/wiki/VirtualBox#Landing

[5] http://kkkkkkkkkk63ava6.onion/wiki/KVM#Landing

[6] http://kkkkkkkkkk63ava6.onion/wiki/Qubes/Install#Landing

Benefits:

  • Simpler than version 1; and
  • The landing sections already discuss verification and installation steps, so perhaps it doesn’t need to be explicitly outlined like in Version 1.

Downside:

  • Verification and installation steps are still nested; and
  • Shit buried in the Non-Qubes-Whonix Specific section is left right at the bottom of the wiki index page, where probably 95% of readers never get to.

Thoughts?


#10

My plan is to decide as little as possible on the documentation and
Whonix presentation issues. I am mostly responsible for the current
unorganized state of things. Don’t set a fox to keep the geese so to
speak. Therefore I would appreciate if the Whonix team (all people who
recently contributed to Whonix) would comment here.

Having said that, here is some input / previous reasoning.

The idea behind Computer Security Education was stuff that would be
useful prior installing Whonix. I mean, there are things that can/should
be done prior installation of Whonix, and things that can only be
applied after installation of Whonix. Also it might be useful to
distinguish between knowledge and actionable steps. Sure, we can
consider to reorganize/merge pages.

3) Stuff with steps in it:

  • Host Firewall * Disable TCP Timestamps * Disable ICMP Timestamps *
    Changing MAC Address

Really do NOT belong in a general computer security section, since it
is really about making your Whonix installation as secure as possible
for your circumstances.

Yes, that’s another possible way to sort it. Whonix specific vs
non-Whonix specific.

Disabling TCP/ICMP timestamps also makes a lot sense outside of Whonix
use cases. That’s why it’s disabled by default in Qubes. Reference:


#11

No problem. Your time should not be wasted on reviews i.e. you’re needed for the technical guts of Whonix.

Who is considered the go-to person in Whonix for documentation?

HulaHoop, Ego, entr0py, all of the above? Basically the place would benefit from someone like ADW overseeing it all, if they’d sign up for the task. BTW, that’s not me. I just want to exercise the fingers for a while and then sail off into the sunset. :slight_smile:

The phabricator task (long-standing) is to rework the information on the site. So it needs to be done at some stage. And that’s not going to happen without a fair bit of editing and reworking of the material’s ordering and presentation.


#12

2 posts were split to a new topic: Whonix Website Change Suggestions


#13

OK - here’s my second attempt awaiting sign-off in the wiki :slight_smile:

= Transporting UDP Tunnels over Tor =

‘’‘Tor Design’’’

According to the Tor Project:https://blog.torproject.org/blog/moving-tor-datagram-transport

Tor transports data over encrypted TLS tunnels between nodes, which is in turn carried by TCP.

The current Tor design does not support the transport of [https://trac.torproject.org/projects/tor/ticket/7830 UDP-based protocols] through exit nodes in the network, and this is unlikely to be supported in the near future due to incompatibility with cryptographic protocols in use and those planned.

The consequence is that UDP-based protocols and applications cannot be used to transmit UDP datagrams between guards and exit nodes in the default environment. Example UDP protocols / applications include:https://en.wikipedia.org/wiki/User_Datagram_Protocol

  • Domain Name System (DNS);
  • Simple Network Management Protocol (SNMP);
  • Routing Information Protocol (RIP);
  • Dynamic Host Configuration Protocol (DHCP); and
  • Voice and video traffic.

‘’‘Transporting UDP Tunnels over Tor with a VPN’’’

A solution to this problem is to use a [https://en.wikipedia.org/wiki/Tunneling_protocol tunneling protocol]. In simple terms, this allows a user to access a foreign protocol or network service that the underlying (Tor) network does not support or provide directly.

The tested and working method in Whonix is to utilize a Virtual Private Network (VPN) with a trusted provider that does not block UDP traffic (User -> Tor -> VPN -> [Other Anonymizing Network] -> Internet). Some VPN protocols such as OpenVPN may use UDP while implementing reliable connections and error checking at the application level.Other VPN implementations may also be useful, but have not been researched yet.

Please first read the related VPN documentation and warnings:

  • [https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN Tor Plus VPN or Proxy];
  • [[Whonix:General_disclaimer#Whonix_VPN_disclaimer|Whonix VPN disclaimer]];
  • [[Tunnels/Connecting to Tor before a VPN| How to connect to Tor before a VPN (User -> Tor -> VPN -> Internet)]]; and
  • [[Tunnels/Introduction#Comparison_Table|Tunneling comparison table]].

Before following the instructions to [[Tunnel_UDP_over_Tor|tunnel UDP over Tor]].

The current [http://sec.cs.ucl.ac.uk/users/smurdoch/papers/tor11datagramcomparison.pdf Tor architecture] may cause negative performance impacts on user activities. This arises from high latency due to congestion in the network, queue length on nodes (mixing of traffic across multiple nodes), and TCP mechanisms which attempt to account for lost packets and hold delivery of future packets until a resend is complete.https://guardianproject.info/2012/12/10/voice-over-tor/

Understand that adding a second connection in the tunneling chain adds significant complexity. This potentially increases the security and anonymity risks to the user due to: misconfiguration, the increased attack surface of secure tunneling software, the difficulty in anonymously paying for VPN services, and potential bottlenecks with VPN providers. Depending on your configuration, you may also increase your fingerprinting risk, lose stream isolation of your activities, and have a permanent destination X in the Tor network.Also read the Tor Project warnings here: https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN.

‘’‘Whonix Recommendations’’’

Whonix recommends the use of [https://en.wikipedia.org/wiki/OpenVPN OpenVPN] as the most secure (SSL/TLS-based) protocol, rather than reliance upon IKE, L2TP/IPsec or PPTP. OpenVPN is considered extremely secure when used with encryption algorithms such as AES.IKE is being exploited by the NSA to decrypt IPSec traffic. IPsec configured with pre-shared keys is vulnerable to MITM attacks. PPTP is an obsolete method for VPN implementation with a host of security weaknesses. For further reading on intelligence agency capabilities against VPN protocols see: http://www.spiegel.de/media/media-35515.pdf

A dedicated virtual machine is recommended for this activity, see: [[Multiple Whonix-Workstations]].


#14

What do you think about the suggested homepage changes in this post? Long Wiki Edits Thread @Ego


#15

Good day,

Sure, can/will add those.

Have a nice day,

Ego


#16

The examples need some work.

  • Domain Name System (DNS);

Tor supports some types of DNS. There is more information and references on that topic here: https://www.whonix.org/wiki/Secondary_DNS_Resolver

  • Simple Network Management Protocol (SNMP);
  • Routing Information Protocol (RIP);
  • Dynamic Host Configuration Protocol (DHCP); and

Do users care to tunnel those over Tor?

  • Voice and video traffic.

This is a good example. Replaced with some using voice or video are using UDP since there are also applications using TCP. Perhaps we should link to https://www.whonix.org/wiki/VoIP?

That reminds me of https://www.whonix.org/wiki/VoIP. What do you think about the quality of that page? It has lots of nicely researched information, but I am not sure it will help as many users to actually use voip as possible.

What’s the use case to highlight?

  • Two person who know each other talking to each other but obfuscating these fact by using Tor?
  • One person in a censored area calling someone in another area not necessarily using Tor?
  • (Due to voice recognition and stylometry there is no way for the caller to stay anonymous.)

I am not sure all of this is really getting clear for the user.

What seems to you to be the easiest to use already documented solution?

Wondering if any of the new instant messengers such as ricochet / unMessage are going to get voip and/or video support or if other applications similar to those are being worked on?

//cc @HulaHoop


#17

Thanks for that.

I changed that applications list part and linked in the VOIP section as follows:

The consequence is that UDP-based protocols and applications cannot be used to transmit UDP datagrams between guards and exit nodes in the default environment, for example, some [[VoIP]] or video applications.https://en.wikipedia.org/wiki/User_Datagram_Protocol

It’s a good Question re: use of UDP apps in general forced through the Tor network. I know little about networking, so wasn’t sure of other relevant applications or protocols that Whonix users would frequently want to use in this manner? I figured you experts would know.

Based on my quick read of the VOIP wiki entry, it looks like really bad advice to be forcing it over Tor anyway, given the voice recognition de-anonymization potential. A big fat warning probably needs to be at the top of that page, just like the wiki has for VPNs and other anonymizing networks in long chains.

It all seems to come back to peer-to-peer, metadata-less, hidden services-based instant messangers like Ricochet as being the gold standard for high-security comms in general.

Or perhaps something like I2P-bote, but I know very little about that, apart from what’s in the wiki. Tox looks promising too, but still too early in development to trust.

Re: reviewing the VoIP page

I’m happy to review the VoIP page next for editing, now that the Security Guide is done.

Although, I’ll probably finish off the rest of the templates, since I’ve already reviewed and edited the first 100 out of 233 (total) templates on the website i.e. Special:UncategorizedTemplates (except for the “Build Documentation” ones, since they look very painful and I’ve been procrastinating on those). :wink:

I also realize that translate tags should get added to every page on the website too right as per @Ego’s instructions? Looks pretty simple to do.

(Edit by Patrick: Ego -> @Ego)


whonix.org wiki translation / mediawiki extension translate - technical discussion
#18

Btw there is no need to fix https://www.whonix.org/wiki/Template:Infobox_OS/doc and a few similar pages that are not visible to users - it’s not our template. We just imported it from wikipedia. When it’s not user facing, not even developer facing, there is no need to spend time on it.


#19

It should be properly explained indeed, so I am glad you can visit it with a fresh view.

Anyhow. Two people who know each other communicating via voice over Tor is still a use case where Whonix is still an ideal solution to have an encrypted/authenticated voice conversation that cannot be observed by third parties.


#20

Let’s move that here:
whonix.org wiki translation / mediawiki extension translate - technical discussion


#21

Can you please undo parts of this change? Please do not change any licensing texts.

There are organizations such as FSF out there who work with lawyers, fight in courts, etc. Since Whonix is Libre Software and not in the lawyerization business, we use their texts verbatim with the only exception of small changes as per their recommended best practices (i.e. to fill out gaps for name, copyright and year). If we were to change these texts, we would go into unchartered legal waters. Really not worth the risk.

https://www.whonix.org/w/index.php?title=Documentation&oldid=28036&diff=cur


#22

No problem.

Edit: wasn’t sure if backing out would undo all the changes, so I just edited the license stuff back to the original text.


#23

It’s been a great wiki wide rephrasing and spell fixing so far!


#24

There is only one mistake.

Old

New

This seems like a bug. Meaning changed and got wrong.


#25

Quote https://exonerator.torproject.org/

Enter an IP address and date to find out whether that address was used as a Tor relay:


#26

All of these really but especially the first one which is what makes this special.

I suggested VoIP to ricochet a while back with radio silence on that ticket. unMessage are interested in implementing this at some point. No other anonymous solutions for VoIP planned AFAIK.

If both users are communicating over anonymously created accounts and the VoIP streams are encrypted this shouldn’t be a risk.