[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Long Wiki Edits Thread

Added.

Something useful / security here https://wiki.alpinelinux.org/wiki/Alpine_Linux:Overview#Technical_overview ?

Added links.

Added.

Generally, I don’t want to add to deep analysis of (in)security of other Linux distributions. Reasons:

  • might get outdated
  • distracts developer time from other tasks
  • might get disputed and then needs to be debated, fixed

The reason for that wiki page, listing these distribution is to demonstrate that these were considered as base distribution for Whonix before. During the early years of TorBOX / Whonix there were people repeating the myth “Why don’t you build on top of OpenBSD which is the most secure operating system?” Since these things nowadays are documented, easy to find on google and good arguments made, nobody is ever making these suggestions. Asking good questions such as in case of FreeBSD helped to get rid of these suggestive / myths. Looks to me like reading these write-ups people give up on these distributions / suggestions.

Reason to expand these notes would only be if any distribution(s) would be seriously considered porting to.

1 Like

Not anything relevant to security.

1 Like

Also, on Alpine, I found this from a CLIP OS/ANSSI dev a while ago

Not sure if the situation has changed since though.

2 Likes

61 posts were split to a new topic: Host Operating System Selection Wiki Page Discussion

OK - JonDonym entry updated (as well as Logging into Captive Portals page).

Only GNUnet needs some love in that section, and it looks pretty good.

1 Like

Suggestions

If I was nitpicking the main whonix.org page, which I am:

1.

All activity in a virtual machine, all internet traffic through Tor® network

-> (change to)

All activity in a virtual machine, all internet traffic through the Tor® network

2.

Whonix is the best way to use Tor® and is strongest protection of your IP address.

->

Whonix is the best way to use Tor® and provides the strongest protection of your IP address.

3.

Different applications are routed through different paths through the Tor® network.

->

Distinct applications are routed through different paths in the Tor® network.

4.

AppArmor profiles to restrict the capabilities of commonly used, high-risk applications.

->

AppArmor profiles restrict the capabilities of commonly used, high-risk applications.

5.

anonymity, privacy and security settings pre-configuration

->

Anonymity, privacy and security settings pre-configuration

6.

Run Android Application using anbox.

->

Run Android Application using Anbox.

7.

Additional Security Hardening measures and user education through Whonix provide better protection from viruses.

->

Additional security hardening measures and user education through Whonix provide better protection from viruses.

8.

Visit any website including modern websites such as YouTube.

->

Visit any destination including modern websites such as YouTube.

9.

Whonix is the safest way to Onion Services .

->

Whonix is the safest way to host Onion Services.

10.

Whonix is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project .

-> (full stop move)

Whonix is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.

11.

Which improves security and privacy for everyone.

->

This improves security and privacy for everyone.

12.

Interested in becoming an investor? See Project Metrics .

-> (full stop move)

Interested in becoming an investor? See Project Metrics.

2 Likes

Excellent. Applied all changes. I really like all nitpick fixes!

(If anything wasn’t applied, then I make by mistake.)

The image associated with “Vibrant Community” seems to have gone AWOL on that page?

Also:

  • the “Warrant Canary” section should probably have a picture of a pretty yellow canary, instead of a tropical parrot. I’m sure @TNT_BOM_BOM could find a nice one.
  • the “Upcoming Security Enhancements” title is not centered, like every other one on the page. Not sure if easy to fix or not.
  • I realize that I missed this one: “Run Android Application using Anbox.” -> “Run Android applications using Anbox.”
1 Like

torjunkie via Whonix Forum:

The image associated with “Vibrant Community” seems to have gone AWOL on that page?

Strange. Works for me.

  • the “Upcoming Security Enhancements” title is not centered, like every other one on the page. Not sure if easy to fix or not.

It’s centered but maybe you can’t see that image next to it.

  • I realize that I missed this one: “Run Android Application using Anbox.” -> “Run Android applications using Anbox.”

Fixed.

@Patrick

Nothing controversial here awaiting approval, just a summary of the main article with a practical example for the reader:

http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=One_Time_Pad&stable=0&redirect=no

1 Like

It’s a really long article. And it’s not my strongest area of knowledge. There’s some people only waiting for any nit they can pick to proof the point they’d love to make.

Can anyone else help this article https://www.whonix.org/wiki/One_Time_Pad ?

//cc @HulaHoop

https://www.whonix.org/w/index.php?title=Wickr&oldid=56181&diff=cur - not sure it’s fully Open Source.

https://github.com/WickrInc/wickr-crypto-c is only crypto core. Wikipedia says it’s proprietary. Possibly only partial source code release.

1 Like

I don’t think AMD’s SP should be mentioned on https://www.whonix.org/wiki/Out-of-band_Management_Technology

It’s not similar to the ME and isn’t a security risk. It’s the opposite. The SP is a security feature used for TEEs.

None of those arguments make sense. Obviously the CPU is privileged. The SP is no different from the rest of the CPU. The SP specifically is not an issue. TEEs are important. Why are Intel SGX, ARM TrustZone, RISC-V MultiZone etc. not mentioned there too if you think it’s such an issue?

Everything has vulnerabilities. You cannot expect the SP to be any different.

Arguably too cumbersome for me to personally do/take interest in. I like the software tool better. However @torjunkie seems to have done a great job formatting the process from the paper in:

http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=One_Time_Pad&stable=0&redirect=no

Do you need permission from the paper author to quote him to release the edit or what’s the problem?

1 Like

HulaHoop via Whonix Forum:

Do you need permission from the paper author to quote him to release the edit or what’s the problem?

I didn’t notice yet it was based on a paper. Now I did.

Yes, requires permission for sure. Paper doesn’t say it’s under any
libre license. Therefore defaults to copyrighted. Severity: blocker.

Links to website http://users.telenet.be/d.rijmenants/ quote:

This website is created for educational purposes and its content and
images are protected by international copyright laws. If you would like
to use the content of this website, please ask first and permission will
usually be granted under the condition that full credits and a link to
this website are given.

Another problem is that I would need to learn a lot more about the
subject or verification of authority.

Could you please remove the copyrighted content? @torjunkie

I’d remove it but I don’t want the formatting to be lost. Therefore feel
free to backup for own use.

Contacted

Name: Whonix Dev
E-mail address: whonix-devel@whonix.org
Subject: Use of text from paper on OTP
Your message: Hi Dirk, I am contacting you for permission to quote from your paper on our wiki for manually encoding OTP messages. The Whonix project is an online anonymity distro based on Tor and Debian.
3 Likes

Thanks @HulaHoop - really appreciated :slight_smile:

1 Like

Issues with hardware recommendations for other operating systems maintained by others, i.e. Qubes. Related documentation:

Issue specifically:

https://www.whonix.org/w/index.php?title=Qubes-Whonix_Security&type=revision&diff=57179&oldid=56933

Qubes (used to? still has) issues with other graphic cards. Best would be to stay out of hardware recommendations for Qubes and leave that to Qubes.

Issue generally:

  • the information might get outdated
  • the information might get contested (such as above). Time consuming to reason about, providing references.
  • it’s overextending the scope of Whonix project

The best place for Qubes hardware recommendations should be Qubes places, i.e. probably mostly Qubes website. If information on that website is bad, contribute to it. And if that’s not an option, well, bad luck but still not good to do that task for Whonix to maintain.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]