Long Wiki Edits Thread

Bitcoin: Difference between revisions - Whonix

Have to be extra careful with this. Someone could be trying to emulate one of our most active wiki editors.

Is https://bitcoincore.org legitimate replacement https://bitcoin.org?

I don’t think its a “replacement”.

https://en.wikipedia.org/wiki/Bitcoin_Core

Bitcoin Core is free and open-source software that serves as a bitcoin node (the set of which form the bitcoin network) and provides a bitcoin wallet which fully verifies payments. It is considered to be bitcoin’s reference implementation[1] and is the most used implementation by a large margin.[2][ citation needed ] Initially, the software was published by Satoshi Nakamoto under the name “Bitcoin”, and later renamed to “Bitcoin Core” to distinguish it from the network.[3] For this reason, it is also known as the Satoshi client .[4] As of 2018, Bitcoin Core repositories are maintained by a team of maintainers, with Wladimir J. van der Laan leading the release process.[5]

1 Like

Alright, both Bitcoin - Wikipedia and GitHub - bitcoin/bitcoin: Bitcoin Core integration/staging tree link to https://bitcoincore.org/ so looks ok.

Migrated SecBrowser from Github/0brand for easy editing (not indexed). The bottom half of the page needs formatting work. Everything looks kinda smooshed together. I’ll work on moving content over to Tor Browser without Tor. Actually it may be better to keep this page as SecBrowser, depreciate Tor Browser without Tor, then move the current SecBrowser to a new #wiki/SecBrowser page.

1 Like

2 posts were split to a new topic: paxful (similar to localbitcoins)

A post was merged into an existing topic: gpg --recv-keys fails

Added warning to Git clone verify.

https://www.whonix.org/w/index.php?title=Template:Git_clone_verify&oldid=48757&diff=cur

1 Like

+1

PS Formatted your wiki stuff 0brand - I think it looks very nice :slight_smile: Also pride of place in the Secure and Anonymous Browsing section now.

(yes you are right re: canvas extraction, forgot about that)

Thanks tempest. I’ll try to get to it soon (got to sort out the release notes stuff first, as Whonix 15 is close…)

I haven’t touched the money stuff. Priorities are release notes, cleaning up remaining email area entries, then (gulp) I’m gonna edit the money entries (very messy IMO). Could be months away…

1 Like

Very close indeed. The testers releases for all platforms seem to work really well. Mabye even in 4 days or so but don’t quote me on that.

The shared draft:

Looks awesome!

I’ll have to work on: (before Qubes pull request)

  • SecBrowser landing page
  • “Sec” icon
  • Instruction to create a desktop starter
  • Deprecating Tor Browser without Tor
  • Move SecBrowser to its own page (with current Tor Browser without Tor images)
1 Like

Existing already. Just has to be enabled through usual Qubes VM settings.
https://github.com/Whonix/tb-starter/blob/master/usr/share/applications/secbrowser.desktop

Moved here just now SecBrowser™ has been deprecated!
Better than SecBrowser™ has been deprecated!

What is the status of Nym Servers and Pseudonymous Emails after the deprecation of Mixmaster: Tor Remailer? @HulaHoop

They are all pretty much dead at this point because the Nymserver design was only ever relevant to Mixmaster.

1 Like

Updated Verfying the Whonix images in Windows. I combined the entire verification process to one page including importing the Whonix singing key. The borders on several of the screenshots didn’t come out all that great. I’ll see about creating new ones.

I also removed the the Kleopatra tutorial since its a little confusing. It should be put aside at least until it can be rewritten imo. So the attribution to Tails could also be removed now?

https://whonix.org/w/index.php?title=Verify_the_virtual_machine_images_using_Windows&oldid=47676&diff=cur

1 Like

A post was split to a new topic: APT seccomp-BPF sandboxing

It could be moved to /Deprecated/Mixmaster.

Instead, we could keep the page, add a clear box on top that it is deprecated, and remove it from TOC and all other links.

If we move to /Deprecated/Mixmaster, do we leave a redirect or not? If we leave a redirect, we gain little besides a better page name?

If it matters we could also add __NOINDEX__ to prevent users hitting the page from search engines but I doubt that would help the internet at large. At least we’d be still documenting why it is deprecated and have introduction and user documentation ready in case some developer wants to revitalize it.

0brand via Whonix Forum:

Updated Verfying the Whonix images in Windows. I combined the entire verification process to one page including importing the Whonix singing key.

Awesome!

I also removed the the Kleopatra tutorial since its a little confusing. It should be put aside at least until it can be rewritten imo.

Tails has also given up on Kleopatra.

So the attribution to Tails could also be removed now?

Yes, since we are not using any contents from Tails on that page
anymore. All content on that page is original and not from Tails.

Tails has a nice text on OpenPGP here.

source:

Copyright:

 Copyright (C) Amnesia <amnesia at boum dot org>

License:

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.
         
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
      
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to:

    Free Software Foundation, Inc. 
    51 Franklin St, Fifth Floor
    Boston, MA 02110-1301, USA.

On Debian GNU/Linux systems, the complete text of the GNU General Public
License can be found in the /usr/share/common-licenses' directory.

The complete text of the GNU General Public License can also be found online on gnu.org <https://www.gnu.org/licenses/gpl.html>, in {{project_name}} virtual machine images in /usr/share/common-licenses/GPL-3 file or on Github <https://github.com/{{project_name_short}}/{{project_name_short}}/blob/master/GPLv3>.

Authenticate the signing key through the OpenPGP Web of Trust

Authenticating our signing key through the OpenPGP Web of Trust is the only way that you can be protected in case our website is compromised or if you are a victim of a man-in-the-middle attack. However, it is complicated to do and it might not be possible for everyone because it relies on trust relationships between individuals.

Read more about authenticating the Tails signing key through the OpenPGP Web of Trust.

The verification techniques that we present (browser extension, BitTorrent, or OpenPGP verification) all rely on some information being securely downloaded using HTTPS from our website:

  • The checksum for the Firefox extension
  • The Torrent file for BitTorrent
  • The Tails signing key for OpenPGP verification

It is possible that you could download malicious information if our website is compromised or if you are a victim of a man-in-the-middle attack.

OpenPGP verification is the only technique that protects you if our website is compromised or if you are a victim of a man-in-the-middle attack. But, for that you need to authenticate the Tails signing key through the OpenPGP Web of Trust.

If you are verifying an image from inside Tails, for example, to do a manual upgrade, then you already have the Tails signing key. You can trust this signing key as much as you already trust your Tails installation since this signing key is included in your Tails installation.

One of the inherent problems of standard HTTPS is that the trust put in a website is defined by certificate authorities: a hierarchical and closed set of companies and governmental institutions approved by your web browser vendor. This model of trust has long been criticized and proved several times to be vulnerable to attacks as explained on our warning page.

We believe that, instead, users should be given the final say when trusting a website, and that designation of trust should be done on the basis of human interactions.

The OpenPGP Web of Trust is a decentralized trust model based on OpenPGP keys that can help with solving this problem. Let’s see this with an example:

  1. You are friends with Alice and you really trust her way of making sure that OpenPGP keys actually belong to their owners.
  2. Alice met Bob, a Tails developer, in a conference and certified Bob’s key as actually belonging to Bob.
  3. Bob is a Tails developer who directly owns the Tails signing key. So, Bob has certified the Tails signing key as actually belonging to Tails.

In this scenario, you found, through Alice and Bob, a path to trust the Tails signing key without the need to rely on certificate authorities.

If you are on Debian, Ubuntu, or Linux Mint, you can install the debian-keyring package which contains the OpenPGP keys of all Debian developers. Some Debian developers have certified the Tails signing key and you can use these certifications to build a trust path. This technique is explained in detail in our instructions on installing Tails from Debian, Ubuntu, or Linux Mint using the command line.

Relying on the Web of Trust requires both caution and intelligent supervision by the users. The technical details are outside of the scope of this document.

Since the Web of Trust is based on actual human relationships and real-life interactions, it is best to get in touch with people knowledgeable about OpenPGP and build trust relationships in order to find your own trust path to the Tails signing key.

For example, you can start by contacting a local Linux User Group, an organization offering Tails training, or other Tails enthusiasts near you and exchange about their OpenPGP practices.

After you build a trust path, you can certify the Tails signing key by signing it with your own key to get rid of some warnings during the verification process.

Something that could be imported / rewritten for Whonix wiki?

Definitely. This is something that is not very well understood by beginners an more experienced users alike. With all that is happening with GPG sks servers this will be something that more users will be interested in as time goes on. Will do after I finish up SecBrowser. Would like to submit the Qubes PR soon.

Also, pushed some new images to the new verifying Whonix images in Windows. These PNGs have better defined borders.

https://whonix.org/w/index.php?title=Verify_the_virtual_machine_images_using_Windows&diff=49179&oldid=49172

1 Like