I see. What about pasting the “free!” graphic from https://pixabay.com/illustrations/button-round-offer-blue-icon-1711968/ onto one of the download buttons on https://pixabay.com/images/search/download%20button/ ?
https://pixabay.com/vectors/button-download-symbol-icon-1187460/
You don’t have to bother if you are happy with what you have now, but this looks more aesthetic. All graphics on this site are libre/royalty free.
At time of writing, pixabay license is a non-freedom license.
https://web.archive.org/web/20200720164110/https://pixabay.com/service/license/
Don’t redistribute or sell someone else’s Pixabay images or videos on other stock or wallpaper platforms.
Not that I personally care to resell any image on any stock platform nor that I think this is important for Whonix. The issue is an ideological issue. It would make the website non-freedom.
any reason not to just use a standard html based button that says “Download Kicksecure” or whatever? i have to agree that it looks like those sketchy download buttons on sites that drag you to some type of spyware. haha.
tempest via Whonix Forum:
any reason not to just use a standard html based button that says “Download Kicksecure” or whatever?
I haven’t seen any.
These are all subjects which came up several times in Whonix chat:
Issues Beyond Licensing
Not bad. However some of these issues could actually be solved with licensing. But I wouldn’t know such a license would still be Free Software / Open Source certified by FSF / OSI.
The Cryptographic Autonomy License version 1.0 (CAL-1.0) seems an interesting license at first sight covering newer issues but I didn’t look into it yet much. Maybe there are others too which I am not aware of.
Interesting point. Please add to the page also.
Perhaps best to rename to:
Miscellaneous Threats to User Freedom
as a catch-all that doesn’t exclude licensing as a potential fix.
Alright, done.
Latest version of Ubuntu is 20.04 - so not sure this is still relevant?
If Ubuntu 14.04 has a screen resolution of 640x480 you may be able to get 1024x768 by simply by running xdiagnose and changing any setting under Debug. Marking them all or unmarking “Enable automatic crash reporting”, are reported to work. Reboot.
Also, is the rest of that page still okay for higher screen res in VirtualBox without VirtualBox guest additions? Or majorly outdated (and should be deprecated)?
OK - on the relevant wiki page I noted because it is unclear:
Bidirectional clipboard sharing is currently disabled by default in Whonix ™ VirtualBox VMs.
…
For Whonix-Gateway ™, one directional clipboard sharing from the host to Whonix-Gateway ™ is allowed.
If that is not right, please correct it.
BTW if bidirectional clipboard sharing is enabled by default (which would be a mistake IMO since it is easy for VirtualBox users to change that setting), we should add a pointer in the security guide to disable it (many won’t want convenience over security)
It was user contributed a long time ago. I don’t test these things. I’d say can be left as is but perhaps a comment added about the untested / unmaintained nature of it. Not required to call it deprecated until we hear it’s broken or otherwise causing trouble. Good to keep because I haven’t seen this anywhere else on the internet.
Good idea. Please add.
Could you review Tor Myths and Misconceptions: Difference between revisions - Whonix please? @HulaHoop
So does Whonix enable clipboard sharing by default in VirtualBox (bidirectional?) - still not clear to me 
Also, can’t add this to the Data Collection Techniques page due to this error:
File not found
Firefox can’t find the file at http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=Data_Collection_Techniques&action=submit.
Check the file name for capitalization or other typing errors. Check to see if the file was moved, renamed or deleted.
Maybe you’ll have better luck adding the below, or something needs fixing on the wiki…
= Redirect Tracking =
Mozilla succinctly describes this novel threat: Firefox 79 includes protections against redirect tracking - Mozilla Security Blog
When we browse the web we constantly navigate between websites; we might search for “best running shoes” on a search engine, click a result to read reviews, and finally click a link to buy a pair of shoes from an online store. In the past, each of these websites could embed resources from the same tracker, and the tracker could use its cookies to link all of these page visits to the same person. To protect your privacy ETP 1.0 blocks trackers from using cookies when they are embedded in a third party context, but still allows them to use cookies as a first party because blocking first party cookies causes websites to break. Redirect tracking takes advantage of this to circumvent third-party cookie blocking.Redirect trackers work by forcing you to make an imperceptible and momentary stopover to their website as part of that journey. So instead of navigating directly from the review website to the retailer, you end up navigating to the redirect tracker first rather than to the retailer. This means that the tracker is loaded as a first party and therefore is allowed to store cookies. The redirect tracker associates tracking data with the identifiers they have stored in their first-party cookies and then forwards you to the retailer.
To illustrate the threat, consider somebody browsing an online website advertising computer hardware who decides to click a link to purchase a suitable laptop from a suitable retailer. The browser will quickly navigate to the relevant website and the hardware product page loads. Without realizing it, the customer may have been tracked via several steps:
- The website advertising the computer hardware had the appropriate URL to redirect to the specific retailer.
- An embedded redirect tracker intercepted the click and sent the customer to their website instead.
- The tracker saves the intended destination – the retailer’s URL – that the customer thought they were directly visiting.
- After the redirect tracker is loaded as a first party, it can access its cookies. This means information is stored about which website the customer came from and where they are headed, along with cookie identifers (allowing tracking across the Internet).
- The customer is automatically redirected to their original destination after the tracking data is saved.
Fortunately Firefox 79 partially addresses this behaviour via its Enhanced Tracking Protection. Every 24 hours any cookies and site data stored by known trackers are cleared, preventing trackers from building a long-term profile of user activity. However, temporary tracking is available within that 24 hour window and a host of unknown trackers may still pose a profiling threat. Firefox 79 includes protections against redirect tracking - Mozilla Security Blog
Also, all the Friday & Saturday edits are mine, so I think they safely improve a fair few things 
Re bidirectional clipboard sharing: “In Whonix ™, VirtualBox guest additions are installed by default.”
Tor bandwidth weighted capactiy != number of nodes. All are not weighted equally, obviously so for accuracy, this statement is should be omitted:
This is equivalent to more than 380 Tor exit relays at the peak of the attack
EDIT:
Actually reading more closely, I don’t understand the sslstrip attack nodes’ relevance to the misconception being addressed. These nodes weren’t proven to be government run. Also for this particular attack, a GPA Can mount this attack on connections without having to be an exit node. For any other type of attacker, the only way to place themselves between cryptocurrency users and their sites is to run a malicious node.
However classical correlation attacks on the Tor network would need malicious exits and entry guards to be used simultaneously to deanonymize. Perhaps Roger’s statement needs to be further clarified that the structure of the internet is somewhat centralized and so flows can be more effectively monitored at choke-points even from outside the Tor network. Nothing in practice though proves that Tor is completely defeated by them however.