Sure, can/will add those.
Have a nice day,
Sure, can/will add those.
Have a nice day,
The examples need some work.
- Domain Name System (DNS);
Tor supports some types of DNS. There is more information and references on that topic here: https://www.whonix.org/wiki/Secondary_DNS_Resolver
- Simple Network Management Protocol (SNMP);
- Routing Information Protocol (RIP);
- Dynamic Host Configuration Protocol (DHCP); and
Do users care to tunnel those over Tor?
- Voice and video traffic.
This is a good example. Replaced with
some using voice or video are using UDP since there are also applications using TCP. Perhaps we should link to https://www.whonix.org/wiki/VoIP?
That reminds me of https://www.whonix.org/wiki/VoIP. What do you think about the quality of that page? It has lots of nicely researched information, but I am not sure it will help as many users to actually use voip as possible.
What’s the use case to highlight?
I am not sure all of this is really getting clear for the user.
What seems to you to be the easiest to use already documented solution?
Wondering if any of the new instant messengers such as ricochet / unMessage are going to get voip and/or video support or if other applications similar to those are being worked on?
Thanks for that.
I changed that applications list part and linked in the VOIP section as follows:
The consequence is that UDP-based protocols and applications cannot be used to transmit UDP datagrams between guards and exit nodes in the default environment, for example, some [[VoIP]] or video applications.https://en.wikipedia.org/wiki/User_Datagram_Protocol
It’s a good Question re: use of UDP apps in general forced through the Tor network. I know little about networking, so wasn’t sure of other relevant applications or protocols that Whonix users would frequently want to use in this manner? I figured you experts would know.
Based on my quick read of the VOIP wiki entry, it looks like really bad advice to be forcing it over Tor anyway, given the voice recognition de-anonymization potential. A big fat warning probably needs to be at the top of that page, just like the wiki has for VPNs and other anonymizing networks in long chains.
It all seems to come back to peer-to-peer, metadata-less, hidden services-based instant messangers like Ricochet as being the gold standard for high-security comms in general.
Or perhaps something like I2P-bote, but I know very little about that, apart from what’s in the wiki. Tox looks promising too, but still too early in development to trust.
Re: reviewing the VoIP page
I’m happy to review the VoIP page next for editing, now that the Security Guide is done.
Although, I’ll probably finish off the rest of the templates, since I’ve already reviewed and edited the first 100 out of 233 (total) templates on the website i.e. Special:UncategorizedTemplates (except for the “Build Documentation” ones, since they look very painful and I’ve been procrastinating on those).
I also realize that translate tags should get added to every page on the website too right as per @Ego’s instructions? Looks pretty simple to do.
(Edit by Patrick: Ego -> @Ego)
Btw there is no need to fix https://www.whonix.org/wiki/Template:Infobox_OS/doc and a few similar pages that are not visible to users - it’s not our template. We just imported it from wikipedia. When it’s not user facing, not even developer facing, there is no need to spend time on it.
It should be properly explained indeed, so I am glad you can visit it with a fresh view.
Anyhow. Two people who know each other communicating via voice over Tor is still a use case where Whonix is still an ideal solution to have an encrypted/authenticated voice conversation that cannot be observed by third parties.
Let’s move that here:
whonix.org wiki translation / mediawiki extension translate - technical discussion
Can you please undo parts of this change? Please do not change any licensing texts.
There are organizations such as FSF out there who work with lawyers, fight in courts, etc. Since Whonix is Libre Software and not in the lawyerization business, we use their texts verbatim with the only exception of small changes as per their recommended best practices (i.e. to fill out gaps for name, copyright and year). If we were to change these texts, we would go into unchartered legal waters. Really not worth the risk.
Edit: wasn’t sure if backing out would undo all the changes, so I just edited the license stuff back to the original text.
It’s been a great wiki wide rephrasing and spell fixing so far!
There is only one mistake.
- [[ExoneraTor|ExoneraTor:]] a [https://exonerator.torproject.org/ Website] that Tells You Whether a Given IP Address is a Tor Relay
- [[ExoneraTor|ExoneraTor:]] a [https://exonerator.torproject.org/ Website Tool] to Check for Tor Relay IP Addresses
This seems like a bug. Meaning changed and got wrong.
Enter an IP address and date to find out whether that address was used as a Tor relay:
All of these really but especially the first one which is what makes this special.
I suggested VoIP to ricochet a while back with radio silence on that ticket. unMessage are interested in implementing this at some point. No other anonymous solutions for VoIP planned AFAIK.
If both users are communicating over anonymously created accounts and the VoIP streams are encrypted this shouldn’t be a risk.
Is there some overlap between these two chapters?
You’re right. I think the time sync related stuff should be moved out from the sec guide.
https://www.whonix.org/wiki/Security_Guide#Whonix_and_Debian_Packages causes some confusion. Missing torproject apt signing key. ( https://forums.whonix.org/t/gpg-error-when-onionizing-tor-project-updates )
https://www.whonix.org/wiki/Security_Guide#Whonix_and_Debian_Packages why onionize torproject repository in the workstation? Fixed to gateway.
Enabling torproject apt repository is now documented here, you might like to revision it: https://www.whonix.org/wiki/Security_Guide#Whonix_Updates
You changed the link text to
Increasing the Virtual Harddisk in documentation index. Should we therefore also move the page from
“Expanding Virtual Harddisk” sounds better?
Sorry for the absence. Been busy with a few things, but I hope to recommit to part-time editing again within the next few weeks!
Apologies for those errors. Normally I test beforehand. Good to see users haven’t reported anything else being wrong (yet).
1) Re: Tor Project key. As I’m away from my main machine, check the following is correct before I add it as a first step at the top of that entry ->
First, import and verify the Tor Project signing key (0x4E2C6E8793298290). In the Whonix-Gateway or the whonix-gw TemplateVM (Qubes), open a terminal and run:
gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290
Verify the fingerprint is correct:
gpg --fingerprint 0x4E2C6E8793298290
The output should show:
pub 4096R/93298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15
sub 4096R/D40814E0 2014-12-15
sub 4096R/C3C07136 2016-08-24
2) Yes, I’ll revise that apt repository entry when I have time in the coming weeks. I don’t like that information being in the checklist area, since that is supposed to be short and sweet (with links).
3) I don’t mind either terminology re: “Expanding the Virtual Harddisk” or “Increasing the Virtual Harddisk”. Whatever works for you.
BTW exciting to see the developer work ongoing re: anon connection wizard and other things. Good times.
Unless you have specific requests for other documentation needing urgent editing, I’ll recommit to finishing the uncategorized Whonix wiki templates and then move onto the Advanced Security Guide from there.
As a habit please include the full key fingeprint between “” for the recv-keys command. Example:
gpg --keyserver pool.sks-keyservers.net --recv-keys “EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290”
OK - that’s done and awaiting sign off.
I changed Patrick’s (Whonix Updates) text to a single bullet point in the checklist and moved (and edited) all his text to an additional entry in the security guide called -> “Tor Versioning”.
I also added the long key ID under the section re: onionizing Tor Project updates and checked it works correctly.