It meets quality standards as in good enough for a call for accepting wiki changes. Could even go to a call for testers. Some nits.
https://www.whonix.org/wiki/Windows_Qubes_Start - I guess Qubes has no place in page URL?
Perhaps move to https://www.whonix.org/wiki/Windows_Testers_Only_Version during testing?
That would match
And…
Whonix Windows Installer - Testers Only Version would e a bit weird, long?
Whonix for Windows, macOS, Linux inside VirtualBox currently redirects to Whonix for Windows, macOS, Linux inside VirtualBox. Not sure about if we want a redirect or two pages a long and a short version?
The initial version of the quick start guide looks more like the full verification instruction version.
Pages such as:
where dumbed down. Hidden by default download table, hidden and expandable by default verification instructions. OpenPGP/gpg verification for most users just is not realistic. I am not sure it can still be improved on Whonix side. We already support https (decent server TLS support), onion download (few will understand that). New users will just a swamped by the page length and length of instructions, just give up and use hidemyass (seen) or something similar instead. It’s important that new/first time users of Whonix (already complicated enough due to split-VM design and run in VM by default, Linux based…) have a quick path and feeling of success quickly.
Specifically on the Windows platform, the idea of a Whonix Windows Installer is to dumb down even further. However, by requiring to learn gpg verification and install other software before Whonix
OpenPGP/gpg verification: If you have a better idea in mind or ever see a better solution implemented anywhere, please open a new forum thread about this.
Import the Intevation CA Certificate
- Trust GeoTrust
- import a new certificate
- root of trust: as secure as SSL
Install SignTools
- root of trust: as secure as SSL
Download and Verify GPG4win
- root of trust: as secure as SSL
instructions on whonix.org on gpg verification in the first place
Well, an adversary capable of changing download for targeted users in first place could also prevent these from learning about gpg in the first place from the same website. Only prior knowledge on gpg and verification through OpenPGP web of trust would prevent installation of maliciously modified downloads.
I guess what we’re doing is increasing the awareness about software verification generally and for the next download rather than securing the actual initial download?
And at no point, the user has any path to verify gpg4win through the The OpenPGP Web of Trust. Not sure if worth we’ll being the first ones (?) to point that out and document?
Intevation, the company that hosts GnuPG does not maintain a secure TLS site for gpg4win
.[3]
Well, if upstream is broken, there is little we can do.
gpg is a dinosaur, I am quite negative about it and would like to see it replaced with something of today’s knowledge on usability.
Machine
→ Close
→ Power Off
.
This is not good since this is a hard power off. Should only be used if Whonix hangs. Otherwise the usual shutdown mechanisms from inside the VM should be preferred.
Figure: Whonix user interface
Perhaps reduce size a bit? Looks much bigger than original on the actual screen? No new screenshot needed. Mediawiki allows somehow image resize, we are using that elsewhere in wiki somewhere.
Overall, amazing job on! Now have resurrected Whonix Windows Installer and better documentation. Yay!