I am wondering if it’s better to wait until the kicksecure.com domain is ready. It’s done but hidden behind http simple authentication. Otherwise that would confuse search engines.
Rewriting the whole wiki though to remove anonymity aspects and make it security only is a big effort and progress is slow unfortunately.
What I’d like to avoid is anyone confusing Whonix vs Kicksecure.
I think we should create a standalone page (full licensing) for this one, but with a focus on systemd sandboxing. The other stuff can be for the introduction i.e. sandbox escapes etc.
Users have to do all this then attempt to install GNUnet? Or the other way around? It needs a basic explanation upfront why this (chroot) is required (or not if optional and they want to take the risk).
What about if I want to run the latest version from the GNUnet website, see:
So we should show instructions for these as the example:
gnunet-0.14.1.tar.gz
gnunet-0.14.1.tar.gz.sig
I also presume all of this is happening in Whonix-WS, and just the installation steps in Whonix-WS-15 template VM in Qubes-Whonix (obviously we’d recommend a separate template and AppVM for this purpose).
You’re right. It was a brief brainstorm about an idea to make a more censorship robust notification system and it doesn’t belong on here, but on the permanent take-down threat ticket. As for the mmdebstrap steps below it, i have no idea how those got here (weren’t added by me I think) or how they help in installing the thing itself.
I was never able to get it to work and still don’t know why.
Not in news forums disadvantage: someone really digging through news wouldn’t find it. Otherwise burried since posts in news forums aren’t bumped for new replies. But perhaps is OK if this moves to documentation instead.
If in development forums advantage: the thread gets bumped, more visible.
Dev/Issues Tracker wiki entry could do with an update to show your preference in I assume this order:
GitLab
GitHub
Phabricator
Also, I see The Tor Project GitLab issues trackers all have an onion address, but the Whonix one doesn’t. It would be great to set that up if possible from your end for interested devs & advanced users who want to check out issues.
Using DispVMs for both the Whonix ™ Gateway and Workstation in Qubes R4 does not increase security without any corresponding privacy downside, for the following reasons: [17] [18] [19]
DispVMs are not amnesic. In practice this means traces of their activity can be left on storage or in memory, making them vulnerable to forensic operations. [20]
Using a DispVM for the Whonix-Gateway ™ results in non-persistent entry guards to the Tor network; behavior unlike the default configurations for Whonix ™, Tor, and the Tor Browser Bundle. Mathematically speaking, end-to-end correlation attacks are more likely to succeed when a user chooses many random entry and exit points in the Tor network, rather than semi-permanent entry guards which are only rotated every few months. [21] [22]