Long Wiki Edits Thread

Could you please add a chapter Tor Browser Hardened to Tor Browser Advanced Topics?

(Would have been useful as reference here: TOR BROWSER BUGGGG in whonix)

The relevant information is in the introduction to this entry here:

http://kkkkkkkkkk63ava6.onion/wiki/Tor_Browser/Advanced_Users#Introduction

The “hardened” Tor Browser has been deprecated and major features like Selfrando memory randomization are now part of the alpha series and planned for eventual mainline adoption. Consequently, The Tor Project recommends users seeking a higher security solution should default to the sandboxed Tor Browser: [25] [26]

While the Sandboxed Tor Browser is currently in an experimental state itself, we feel that it provides much better safeguards against exploitation than the features we shipped in the hardened series.

Do you still want a “Hardened Tor Browser” entry to point to this?

1 Like

Yes, I think that would be useful to have as reference. Perhaps not a separate headline, but an anchor and clickable link (for future copy and paste) (that leads to the sentence on hardened)?

OK. I added this anchor to just above the relevant text:

{{Anchor|Tor Browser Hardened}}

Presumably a clickable link will be available once that is signed off.

1 Like

OK - 66 edits and a ton of research later, the Computer Security Education entry is now ready for review.

Most of the TODO’s have now been addressed.

Painful would be an understatement. I might tackle some smaller entries before the Advanced Security Guide section.

Moving on.

1 Like

Great work on the computer security guide!


Edit wish high priority:
For legal reasons etc… Hard terrain… Not sure I am getting paranoid here, but we shouldn’t call any names. Especially no powerful ones. Especially no legitimate ones.

Could you please look through the wiki for…

  • intelligence agencies
  • NSA
  • etc.

And rewrite them in generic terms? Call them adversary?

We’re pro privacy. We don’t want wifi sniffers in hotspots and other criminals to illegally eavesdrop our communications.

We can still link to articles mentioning any names. Would be hard to find articles in pure generic terms. As for the articles, we are just using them as references proving a claim. Then calling names is a only a by-product and not the point.


Lower priority bonus wishlist: Research Windows / MacOS RAM dumps. During application crashes, they might create a dump of the whole RAM (sometimes called coredump).

http://www.networkworld.com/article/2164903/windows/windows-how-to-solve-windows-8-crashes-in-less-than-a-minute.html

If you could explain that a bit (using that source or any other that more focuses on the outrageous privacy issues) (similar to the existing bullet points). Mention a RAM dump could contain anything done during that session (rather random depending on how the RAM is wiped [if at at all] and depending if it was overwrite. And of course all currently existing contents in RAM. Probably swap is included as well. Including all disk encryption passwords, opened documents contents, other password and whatnot. Very likely would even make security attacks easier since it might exact states about ALSR, seeds, and whatnot.


To make reviews faster and safer, could you please split future edits into parts:

  • a) language fixes
  • b) moving chapters around without changes
  • c) new content

By split, I mean only doing either a), b) or c), and then waiting for the review. That would make reading the diff a lot easier to read.

Thanks.

Fixed the above for Computer Security Education. I’ll check others as I go along and replace with “adversary” or “adversaries”.

Sure. Will do. I’m hoping other entries won’t require the level of change that was seen in Computer Security Education and Tor Browser entries. :slight_smile:

No problem. Will look into it and add to Computer Security Education entry.

Cheers!

1 Like

Could you please review (and comment there is any comments) this upcoming blog post draft?

https://phabricator.whonix.org/T659#13258

Secure downloading of files is an difficult and under documented. Wget seems buggy. Curl is hard to use without running into a downgrade attack. Can you make head or tail of this https://phabricator.whonix.org/T673 ticket?

TODO:

  • search the wiki for torproject.org, where applicable add alternative download links to Tor Project’s onion for downloads from torproject.org to the wiki
  • port wget to curl everywhere
  • perhaps one sentence (a template) explaining why use such a complicated curl command with a link to a page that explains the curl vs downgrade attacks vs wget mess. Perhaps a new wiki page command line downloader?

Hi,

This LGTM.

A few minor nits:

1) Since normal (most) users don’t appreciate/know what localhost actually means, in the first line, localhost could have an imbedded link e.g. [http://whatismyipaddress.com/localhost localhost only] or [localhost - Wikipedia localhost only].

2) Second line, change “gateway” and “workstation” to “Whonix-Gateway” and “Whonix-Workstation”.

3) Do you need to define “external interface” here to be clear for normal users? That is, I presume it means “A connection to the WAN side of a router”. And not the LAN side.

Not sure I understand all the implications exactly, but I’ll have a crack (see below). Point out what’s wrong.

1) How about, a brief Wiki page somewhere like this:

Secure downloading of files is a complex subject and the potential security implications are poorly understood by most users.

Whonix users will frequently want to download files from the Internet in order to achieve desired aims. Unfortunately, resorting to the simple wget command is ill-advised, because it is [https://lists.gnu.org/archive/html/bug-wget/2012-07/msg00015.html buggy]. For example, if users do not force a request to use SSL encryption, wget can [curl - Is Strict Transport Security (HSTS) supported by libcurl? - Stack Overflow fail silently]. Even when SSL is enforced with a command line option, this can [HTTPS (SSL/TLS) Options (GNU Wget 1.21.1-dirty Manual) break interoperability with some sites] that use self-signed, expired or invalid certificates. Users could potentially ignore certificate verification warnings and proceed with downloads where the site’s authenticity is in question.

To provide greater security when downloading, Whonix has implemented a scurl script. This invokes the usage of [Debian -- Error curl] with the following additional command line parameters:

  • –tlsv1.2 --proto =https to enforce strong encryption.
  • –remote-name to simplify naming conventions for downloaded files.

Scurl is not vulnerable to [tls - How does SSLstrip work? - Information Security Stack Exchange SSLstrip]. This is a man-in-the-middle attack which forces a user’s browser to communicate with the adversary in plain-text over HTTP (poisoning the download).

Unfortunately, scurl is mostly only available in Whonix and the command will generally not work in other distributions. To use scurl, simply run.

scurl {{https URL file location}}

In all cases, users should avoid downloading files over plain HTTP.

2) Suggested template (linking to the above):

‘’‘Warning:’‘’ Users should invoke the scurl or curl command to download files instead of using wget. To use it, run either.

scurl {{https URL file location}}

Or manually run.

curl --tlsv1.2 --proto =https --remote-name {{https URL file location}}

3) Once 1 & 2 is signed off and fixed up, I can manually search for wget instructions and replace with scurl in the first instance. I can also do the “adversary” find and replace stuff at the same time.

2 Likes

Looks great!

wishlist:

  • agency → adversary

Low priority bonus:
Perhaps we can also consider changing some page names. Like Desktop… I only used this because I had no better idea. If you have suggestions on renaming, please make them. It matters, because that influences search engines.

Also a little special attention would be great at page’s description= fields.

|description=Whonix Linux Desktop Tips and Tricks, RAM Adjusted Desktop Starter, Auto Login, Single vs Double Click, full-screen

Because that will likely become the sub text in search engine results. Also influences how the oneboxes in the forums will look like.

OK - great.

1) Do you want to create a scurl template and reference it here and I can fill it out as agreed.

2) Where should the “Safe downloads” wiki entry/page go? Any suggestions?

3) Once the above are done & reviewed, I’ll go through all the main documentation on the main page and search/replace:

  • all wget (change to scurl)
  • NSA, GCHQ, intelligence agencies, agency etc (all changed to adversary/adversaries)

The only exception to the above is things like “NSA Key” which are explicitly referenced as existing in Windows etc, which there is no good way of avoiding.

4) I checked out core dump stuff. Yes, it’s a problem since all the refs show that it can leak encryption keys, passwords etc.

The problem is that Linux is also vulnerable. According to some info I found, apparently even Debian, Arch Linux etc. have some systemd default set to dump shit like this, unless systemd changes are made to some config file / setting somewhere.

It of course begs the question, should Whonix be changing that systemd setting to prevent any potential leaking of critical information in event of one of the (rare) crashes?

Apparently advanced adversaries can try to enforce a crash, just to get their hands on core dump / kernel dump etc information.

5) I’ll keep description=fields on my list, but as a low priority until finishing off Advanced Security Guide and some other key entries.

Agree it is important.

6) Renaming entries. Yes, I agree many need some work. It will become clearer after a ton more editing is finished, because then we will be ready to rework where everything belongs.

I’m gonna suggest some things later on definitely, and see what you think. Especially that “General Information” section on the main page, which needs major merging work & shifting further down the page.

1 Like

Good question. Created for now:
Secure Command Line / Scurl

(Unless there are better suggestions for a page name.)

(low priority) Perhaps the chapters from Tor Browser Essentials could be converted into templates and reused on Secure Command Line / Scurl. I mean, that page could also discuss how to download using a browser.

Great!

They might do core dumps, but I doubt they are auto uploaded anywhere.

2 Likes

Template:Third Party Repository - Whonix - perhaps we could suggest using separate Whonix-Workstations?

Fixed.

Fixed.

Agree. Create a template, and I’ll fill it out for you.

Fixed.

My TODO (to keep track):

  • Fix extra template (above) when created
  • Finish coredump entry
  • Fix find and replace terms
  • Torproject downloads changed to .onion references
  • Start Advanced Security Guide

Lower priority:

  • Description Fields
  • Renaming/shifting entries around
1 Like

But do you have any sources on whether they send this stuff in bug reports automatically like Windows?

For debugging and dev purposes it would make sense but for anything that uploads this sensitive info its a privacy nightmare.

Added usage instructions to Template:Scurl - Whonix that explains how to pass the url as variable to the template.

1 Like

Could you please fill out description= in Secure Command Line / Scurl and add to Whonix Documentation?


research and document secure downloads using Tor Browser:
https://phabricator.whonix.org/T677

1 Like

Yes, you’re both right. I don’t see anything indicating core dumps ever go back to Debian HQ or similar in Linux. :slight_smile:

Still, it was a surprise to learn that it was turned on by default. I’d assumed that only debuggers would enable it with a setting, not Debian would decide for all of us in advance that dumping this information locally on the HDD/SDD would (somehow) be a good idea.

I mean, Linux crashes so rarely compared to that trumped up malware running on most desktops.