Major features (onion service v3, denial of service):
Add onion service introduction denial of service defenses. Intro points can now rate-limit client introduction requests, using parameters that can be sent by the service within the ESTABLISH_INTRO cell. If the cell extension for this is not used, the intro point will honor the consensus parameters. Closes ticket 30924.
Connecting to Tor before a VPN (User → Tor → VPN → Internet) Issue can be far too hard to solve than calling it a documentation issue. Split to separate forum thread. I guess this forum thread is for actionable wiki edits only that don’t need too difficult research/testing.
i wasn’t sure if this was something that simply required an update in the docs or troubleshooting. i will experiment with it more over the next few days.
That is far too much detail for the Whonix ™ and Tor Limitations page: that page should [1] dispel user misconceptions, too high exceptions, too risky reliance. Explaining that in terms which sound understandable, conceivable (not being discarded as “conspiracy theory”).
For example:
OCSP (from user point of view: whatever that is), Retroactive availability, medium effort.
That’s not something:
users can/should remember when reading that page
actionable
[1]
That is more interesting for researchers / developers.
My problem with that is that reviewing this would take away development time for more impactful things such as various security hardening recently. If I’d accept it on faith without review it would make the project look stupid if there were major discrepancies.
It would fit better in Internet Corporations and Privacy Concerns or Data Collection Techniques? That pages don’t have to be as thoroughly reviewed as maintained by torjunkie. What the https://www.whonix.org/wiki/Template:Maintainer is supposed to communicate is, that that page is the main responsibility of that maintainer. Therefore it does not have to be as thoroughly reviewed. It is more similar to a blog account on blogger.com such as somename.blogger.com. blogger.com isn’t the publisher. sommename is. blogger.com is just a platform.
Originally was:
To oversimplify it: Whonix is just a collection of configuration files and scripts.
Now over time changed to:
In simple terms, Whonix ™ is just a collection of configuration files and scripts.
Not sure that is very same meaning intended to community. Oversimplify is a valid word in dictionary.
“Whonix is just a collection of configuration files and scripts.” It’s not. There are too many configuration files and scripts. Realistically (almost) nobody will replicate all or most of what Whonix does one by one with configuration files and scripts. It would be silly to call Whonix "a collection of configuration files and scripts` and I have not seen that claim. Years ago Whonix became a Linux distribution. But for the sake of making that point it is useful to view it that way “Whonix is just a collection of configuration files and scripts.” The point I am trying to convene is that by adding more and more pre-configuration for anonymity/privacy/security and package selection it is still Debian based and while there are some bugs nothing major is breaking and nothing is deliberately freedom restricted.
Do we document somewhere “if you don’t have physical security (untrusted visitors) for your computer (hardware backdoor), then you’re considered compromised, software cannot help you”? If not, could you add this please?
If you are using a terminal-only Whonix-Gateway ™, click HERE for instructions.
HERE is a clickable button.
Could you please check/adjust the wording/style? When this matured, I can create a wiki template so this can be more easily used throughout the whole wiki.
Reading thru whonix. org/wiki/KVM, there’s the note:
„Read and apply the [Pre-Installation Security Advice](whonix. org/wiki/Pre_Install_Advice)“ which leads to an outdated page, which links to another page, but the Pre-Installation isn’t there either. As you’ve already covered here that some pages are outdated, a new guide from tempest would come in handy and/or update the wiki here.
Where I can imagine an own wiki page from tempest would be a good thing, as he walks thru all necessary steps from scratch to finish - maybe especially for new users.