Long Wiki Edits Thread

Hi torjunkie

Thanks for the positive feedback!

I know there were a few areas that needed attention and I was hoping you would lend your expertise. Thanks!

I’ll be starting on “Anonymity Operating System Comparison" shortly.

Does anyone remember the discussion to remove all references of NSA / FBI / etc. in the wiki? Where to find it?

That would apply to https://www.whonix.org/wiki/Security_in_Real_World now as well.

Whonix defeats this and other time attacks since it uses sdwdate which connects to a variety of servers (likely to be hosted on different hardware) at random intervals and extracts time stamps from the https headers.

Most importantly, it sets the time. Because by the description above, if it was that alone, it wouldn’t solve it.

Clock Skew Attack - With this type of attack, an adversary acquires the time stamp of a Hidden Service http header and measures the skew. (clock skewing)(w) The adversary compares the acquired time stamp to that of Tor relays or other publicly reachable web servers. If the time skew of the Hidden Service server matches any of the publicly reachable servers or Tor relays, it is very likely the Hidden Service is hosted on the same server. Whonix defeats this and other time attacks since it uses sdwdate which connects to a variety of servers (likely to be hosted on different hardware) at random intervals and extracts time stamps from the https headers. To be fair, when this attack was first described Whonix did not exits.

Can it be called an attack? Any better term?

Could you add https://trac.torproject.org/projects/tor/ticket/8751 (rewritten) as well please? (Clock also matters for client users, not only onion service hosts.)

There is another https://www.whonix.org/wiki/Dev/TimeSync#Clock_Correlation_Attack but more complex, perhaps it should be renamed?

It’s in this thread somewhere. The crux of it was we agreed (and did a find / replace) for all instances of those terms and replaced with “advanced adversaries (or adversary)”.

Pity that page was originally created with “Security in Real World” -> “Security in the Real World”.

Of interest, the v2 and v3 onion pages have the “Wiki” button defaulting to https://www.whonix.org/wiki/Documentation. Now, I remember there was a reason for this, but it seems strange to have “Download” and “News” buttons using the v2 and v3 addresses, but the “Wiki” and “Forum” buttons referring to clearnet addresses. I thought the wiki one used to default to the .onion address from memory (?).

It’s just odd.

1 Like

following each and every change to Whonix code

Please let me know if that works for you for Whonix changelog tracking purposes.

1 Like

Won’t be able most of that. More explanation:

v3 (prop 224) .onion for Whonix website

Could you please add that explanation to https://www.whonix.org/wiki/Forcing_.onion_on_Whonix.org so it is clear why this is even needed?

Btw: https://www.whonix.org/wiki/MediaWiki:Sidebar

1 Like

Can it be called an attack? Any better term?

How about clock skew manipulation?

1 Like

Hi Patrick

Thanks for the feedback!


I started on the edits. Will let you know when they are ready for review.

I have one question.

Instead of:

Also of note the NSA’s Tailored Access Operations which intercept routers, servers and other network hardware while being shipped to install covert implant firmware into them before they are delivered

Can it be change to:

Advanced adversaries can intercept routers, servers and other…

But without a reference i.e. footnote?

1 Like


Can it be called an attack? Any better term?

How about clock skew manipulation?

Neither an attack nor manipulation described. It’s “just” a corelation.

1 Like

Footnote should be okay.

Could you please also rewrite the two mentions of court order more neutrally?

Ah great you found that. Yes, that message is still on point.

“Targeted” or “Pointed” clock skew correlation?

1 Like

Hi 0brand, I’ve done some minor edits for readability only on your hard work. See what you think.

A few style pointers as you wanted some feedback (my perspective only, feel free to ignore - your stuff is great):

  • Modern writing style is one space after a period, not two.
  • Spacing between paragraphs is I believe between four and ten points, but for ease to distinguish separate paragraphs in a wiki (considering we already have too much white space) & based on the current font size, one line break between paragraphs should suffice (meaning one clear line between paragraphs)
  • Try to avoid pronouns for greater clarity.
  • Generally avoid rhetorical questions and instead state something affirmatively.
  • Avoid run-on sentences.
  • Active rather than passive prose.
  • Avoid parentheses and rewrite sentences without them for better clarity.
  • Long sentences should be cut in half and rewritten.
  • Where possible, avoid progressive verb combinations (“ing” words) for more concise English. This also helps to avoid overuse of helping verbs e.g. am, is, was, were etc. It’s better to use the simple present, past or future tenses.
  • Convert the “negative” form of a sentence into the “positive” e.g. “which is protected and under the user’s control” not “which is unprotected and not under the user’s control”.
  • Avoid slang e.g. “geeks” and substitute with proper terms for more professional tone e.g. “enthusiasts”.
  • Dash & capitalization. I’m pretty sure if the sentence did not complete (form a complete sentence), there is no capitalization after the “-”.
  • Avoid e.g. i.e. - better to use “For example”, “That is” etc.
  • First letter of “Internet” is capitalized.
  • Break down larger paragraphs into smaller-sized chunks for readability.
  • Use sub-titling for areas to break down large chunks of text e.g. where I did it for Meltdown and Spectre for example.
  • Use [code] for tunnel configs and some other things to highlight the relevant text.

PS I break these rules all the time ha ha. Plus, I screw up my “which” with “that” constantly (damn [non]restrictive clauses!), usage of commas, plus a million other grammar rules; so take all this with a grain of salt.

PPS We make a good editing team! :slight_smile:


Since you said fingerprinting, I thought you were working on this page: https://www.whonix.org/wiki/Protocol-Leak-Protection_and_Fingerprinting-Protection That page has some obvious flaws.

Instead you were working on https://www.whonix.org/wiki/Security_in_Real_World. I must say for that page, I wasn’t too unhappy with it before. That page was supposed to show attacks we know that happened in the real world, i.e. deanonymization attacks used in the wild rather than theoretic. Making the point why Whonix works.

Perhaps the examples on that page could have been written more clearly. Or more examples where something went wrong outside of Whonix where Whonix was fine could be added since no one kept track with all the developments adding all the Whonix non-issues (but good show cases) there.

Security in Real World
Real World Examples that are Protected by using Whonix
Some real world examples that are protected by using Whonix:

Looks like we talked past each other. Somehow the above must have communicated something else.

Now the original purpose of that page isn’t served anymore. The content before these show case examples is so much that this is easily overlooked.

I wonder where the newly content created fits better. Some of the newly created content may fit better here (since quite comprehensive, technical, and non-actionable) perhaps in existing page(s) or new page(s)?

Hi torjunkie

Thank for the feedback and the help with “Leak Prevention” Security in the Real World. The edits look great!

I just copied the style pointers to a personal file to be used as a reference when I edit the wiki. Thanks so much!

Yes we do!!

1 Like

Hi Patrick

In the wiki TOC the page is referred to as “Leak Protection” and I misunderstood what content belonged in there . I’m not able to find where I referred to it as fingerprinting but if I did I apologize. Regardless I wasn’t referring to the page by its actual name so thats why the confusion.

This was my fault, I need to work on communicating better. I know its important that you’re given the information you need to make informed decisions and you can’t do that if contributers/helpers aren’t providing you with it (or incorrect information). Sorry, my bad.

I’ll do a little fine tuning on the current (actual) page. Could you clarify what you mean by something going wrong outside of Whonix where Whonix is fine. I will add content on that.

I think for now in “Design” . A good page to reference when answering forum questions.

Taking the time simply to find a home may be a waste of resources vs. intent on writing something specifically for a wiki page. If a place for the content is eventually found, I will be more than happy to relocate it.

Also from now on I will post (detailed) what I am doing so no miscommunication.


In the wiki TOC the page is referred to as “Leak Protection”

I see. Confirming that edit was a mistake by me most likely.


Could you clarify what you mean by something going wrong outside of Whonix where Whonix is fine.

  • Tor Browser on Debian: outside of Whonix
  • Icedove on Tails: outside of Whonix
  • Tor Browser in Whonix: in Whonix
1 Like

Hi Patrick



Just have to figure out where the newly created content fits best.

Still working on a name. It includes an attack (compromise whonix-ws) and clock skew correlation so trying to think of name that fits.


Do you think it would fit here?

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]