Long Wiki Edits Thread

That’s a good point re: colon & instructions/steps.

I just made that decision on the fly. If it is a full stop/period in most computer tutorials (I’m sure you’ve read a million), then lets note to fix them all back in the ‘finer edits’ Round 2 of the wiki edits. In the meantime, I’ll just use periods instead of colons going forward.

Re - Template: Verifiable Pkgs Introduction

The Debian dpkg bug causing the installed size to be wrong by a factor of 8 has now been resolved. I footnoted that, but noted those steps are still deprecated because it is difficult to implement at this time prior to Debian Stretch etc.

Note, this editing led me to conclude ->

Do we need a Maintainer Required Warning Box template?

I know the status box template already exists, but I keep seeing the manual warning box repeated all throughout the verifiable builds templates I have been editing of late.

So the template could look something like this:

{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px|alt=verifiable builds warning icon]]
| text =
Warning:

A dedicated [[Contribute#Maintainer|maintainer]] is required.
}}

Yes, created empty https://www.whonix.org/wiki/Template:Maintainer_Required.

Template:Verify_the_Whonix_images

Changed the mbox “type =” from “critical” to “content”.

It was coming up with an error before saying “critical” is not an accepted field blah blah and not presenting properly (I think it was also based on a template “Main” that was deleted sometime in the recent past?). I’m sure you can fix it up if it’s something basic.

See mbox types here: Template:Mbox - MediaWiki

Do we need the {{ }} brackets around “Verify the virtual machine images using Linux”? It presents strangely.

Template:Verify_the_virtual_machine_images_using_Linux

There is strange formatting in this template that doesn’t present properly (broken links?) e.g.

({{{file_extension}}})

And

[[{{{download_signature_link}}}|Download Whonix Signature]]

And

{{{signature_notation_gw}}}

Not sure if they’re fixable, so I’ve left them for you to decide.

Template:Donate

Spelling error & and the internet tells me it is “deductible” not “deductable”

Original:

Donations are not tax-dedutable. If you would like to make a
tax-deductable donation, please get in contact so we can make that work for you.

Change →

Donations are not tax-deductible. If you would like to make a
tax-deductible donation, please get in contact so we can make that work for you.

So, I’ve done one editing round on the 236 templates. But I’ve missed a few earlier on I think e.g. build templates and some others, plus any new ones you’ve added lately.

So, I should probably go back and look through again (quickly) to cover those off and do some finer edits re: colons and a few other things, since that will be quick and easy. Here and there I’ll break up the boredom with general wiki page edits.

Once done, I propose to start editing the wiki entries in order as they appear in the ToC.

Note in the second round of template edits, I will focus on finer grammatical points already noted above, plus:

• Double quotation marks in most instances i.e. " " is better than ’ '. The grammar texts note that " " is more common and usually correct in most instances.
• Use American English i.e. simplified spelling etc.
• I think we should also standardize file path references in italics consistently e.g. this form:

Open /etc/apt/preferences.d/debian-pinning.pref in an editor with root rights.

There were some other points that I can’t remember right now, but it’ll come to me…

torjunkie:

Do we need the {{ }} brackets around “Verify the virtual machine images using Linux”? It presents strangely.

Yes. Please fix. I think the intention back then was to make that link
going to either VirtualBox or KVM verification instructions depending
from where the template is being referenced, i.e. from VirtualBox or KVM
wiki page. Please fix the easy or “perfect” way.

1) Re: above → Done.

(Additional edits are looking much better without pronouns and better stylistic formatting as we agreed further above.)

2) Also, shouldn’t the license page be:

Copyright (C) 2012 - 2017

?

If not, at a minimum there should be an additional space after the hyphen.

3) Template:FoxyProxy looks well out of date and messy.

It mentions 6 steps, but there are only 3 steps in there.

Do you want me to test FoxyProxy with Tor Browser 7.0a2 using Goldstein’s method of disabling sig verification and fix up the entry?

I think also we can lose all references to the “hardened” Tor Browser since that will die very shortly.

4) Next Tor Browser release.

I understand that the next release (?) will have FF ESR 52 applied to the Alpha series of Tor Browser (but not the normal release series). So, with e10s applied and a lot of changes, this will no doubt screw with Whonix settings in some way, shape or form.

Have you tried the nighties from The Tor Project to check general compatibility?

https://people.torproject.org/~linus/builds/

I’m happy to also run a test in Whonix 13 if you like. The chances of this working like a dream I think are remote (see Tor Trac issues around ESR 52 - many, many bugs, patches, fixups and strange behaviours).

5) I realize bullet points are a grammatical nightmare of their own.

Technically the rules are:

a) Bullet points don’t need the first letter of the first word to be capitalized unless the bullet points comprise a full sentence e.g.

These are okay:

• multiple Whonix-Workstation TemplateVMs

Or

• Always check that the GPG timestamp makes sense.

b) But technically the following are NOT okay:

• Multiple Whonix-Workstation TemplateVMs

Or

• always check that the GPG timstamp makes sense

Or

• Always check that the GPG timestamp makes sense

c) The other accepted method is having bullet points finish with a semi-colon, a period for the last bullet point, and using a conjunction on the second-last bullet point e.g. “and” “or” “and/or”. This is the British English style, applies in certain industry standards etc. For example, these are okay:

• time-stamps;
• signature verification; and
• checking the signing key.

Or

• Make sure you download the Whonix-Workstation and Whonix-Gateway virtual images; and
• Verify the images after downloading them.

d) All of these same rules apply to numbered lists

e) Many websites ignore these rules e.g. the Qubes website that capitalizes the first word and doesn’t end the bullet points in a period. Probably because it looks better.

I think we should adopt the most commonly accepted method i.e. part a). Right now we have a mix of all of the above throughout the entire wiki…

2. If it’s copyright under my name, then yes, can be updated.

Yes, please fix.

3. Bigger changes to Template:FoxyProxy, i.e. method changes should be discussed in https://forums.whonix.org/t/new-version-of-tbb-no-longer-accepts-foxyproxy-plugin. Yes, please feel encouraged to work on that one.

As for disabling signature verification, we need to make sure what we are actually disabling. Installing foxyproxy from Debian repository (when apt-get already done signature verification) and then just force adding the add-on to Tor Browser would be fine. However, if we disable signature verification which then would result in no longer checking any signatures for addons installed from addons.mozilla.org, that’s not a great. Doing that temporary would be okay (if the add-on stays functional after installation).

Also GK (TBB dev) said it’s working for him.
https://lists.torproject.org/pipermail/tbb-dev/2017-February/000471.html

So this could require posting on tbb-dev again with a clear concise description of steps done, expected results, actual results. Should probably draft it and write then.

In that thread, talking past each other is so simple…

• this workaround doesn't work with the latest addon-manager version from Mozilla
• Not sure what you mean with "latest addon-manager version from Mozilla"

…so the text must be as explicit as possible, reusing exact terms, describing actions step by step (i.e. Tor Browser → Tools → Add-ons) and whatnot.

Well, as long as it exists it’s good to have a small chapter about it somewhere.

4. By all means, please test.

5. Yes, please fix.

Template:Build Documentation apt-cache: Difference between revisions - Whonix has a mistake. When “can be used” is written anywhere, I am quite certain, the meaning really is “it’s a possibility, you could do that”. Writing “is used” is certainly wrong. That sentence just explains a possible setup one could do.

On Template:Control Port Filter Python Profile Add - Whonix, should we describe what the mkdir and cp commands are actually doing?

Template:Design Introduction - Whonix is nice.

• once done, deserves an extra thread
• I only disagree with using <pre> for quotes. The issue with pre tags is, that it’s more suited for code that should be unmodified at all cost. pre does not do line breaks. It results in a page that must be scrolled horizontally. <blockquote> is for quotes. And if we don’t like that, we still need an alternative formatting for quotes.

Minor:

• should be moved elsewhere, since where the template is used it makes little sense - Login required - Whonix
• needs a better page name

Other long term goals could be being more like https://simple.wikipedia.org and ELI5.

old

One of the key benefits of Whonix is that when a VPN connection fails, you will still have the protections provided by Tor.

new

One of the key benefits of Whonix is that when a VPN connection fails, protections are still afforded by the Tor process.

Do you think afforded is suitable here? And is better than provided?

Thanks for all that feedback & bulk sign-offs.

Yes, I agree with all your feedback above. I’ll fix all that up as per your directions, but am having a little break from editing, just for today.

That is really useful -> wiki/Special:WhatLinksHere/Template:Design_Introduction

I’ve been looking for something like that! Perfect.

Good luck with your live streaming thing tomorrow.

Cheers

1) License wiki entry -> (Already) Fixed

2) Template:Build_Documentation_apt-cache -> Fixed

3) Template:Control_Port_Filter_Python_Profile_Add -> Fixed

Added some text there (but check if it’s right, because I know nothing about the control port filter)

4) Wiki Main Page -> Fixed.

E.g. semi-colon issue and changed text slightly re: what Tor protects from, since anyone with end-to-end netflow correlation attack ability can screw over Tor users. Before, the text read like Tor is a silver bullet.

5) Security Guide -> Fixed.

A million little things. Also noted deprecation of hardened Tor browser and the Alpha series picking up ASan and Selfrando protections after April release of Tor Browser

TO DO:

1) Remove extra text from Template:Design_Introduction and move to a wiki thread if you create one.

How about creating an extra entry under “Miscellaneous” on the main wiki page e.g. something like “Whonix Wiki Editing Guidelines” or similar? If you do that, I’ll separate purely stylistic issues from grammatical issues.

2) Try Tor Browser nightly for Whonix compatibility (I bet it doesn’t work, but we’ll see)

3) Attempt Foxy Proxy steps and follow up with the other forum thread users to check correctness for a Wiki entry

4) Test Whonix wiki back-up script

5) Edit Bridges wiki entry for simplicity since users keep posting about it in the forums (it can be improved, particularly the output re: what the torrc file should look like)

6) Add Micah Lee’s expose of Subgraph to the Subgraph OS comparisons page

7) Keeping on head-banging the second round of wiki templates.

The horror, the horror…

OK, working my way through the Bridges stuff.

1) Re: this in Bridges section →

http://kkkkkkkkkk63ava6.onion/wiki/Bridges

1. When Whonix starts for the first time, it won’t automatically connect to the public Tor network, which is beneficial for safety reasons. Users are guided by the Whonix Setup Wizard, which is automatically started.

Really?

I’m pretty sure this only applies to non-Qubes-Whonix (?). That is, Qubes with Whonix templates installed from the installer connects first time without any prompting from memory. But I might be wrong.

If that is the case, we should note this for users who risk being harmed if identified Tor use is bad in their country i.e. they MUST config torrc first before ever trying to connect to the Tor network or running Whonix templates/AppVMs.

2) Re: http://kkkkkkkkkk63ava6.onion/wiki/Bridges#Finding_a_bridge_and_choosing_the_right_protocol

I updated it to reflect The Tor Project’s preference for obfs4 (but obfs3 is still okay). Apparently the former works more often in various regions.

Another question, at this link we have in there →

https://bridges.torproject.org/options

One of the check options at The Tor Project is something like:

Get an IPv6 compatible address?

I presume we should be noting that Whonix users should NOT check this option given various risks linked to IPv6 re: possible deanonymization?

I’m not even sure if it’s compatible with Whonix (I know Qubes doesn’t support it yet from memory).

Bridges wiki entry -> Finished

Just need to check with you those 2 issues above i.e. IPv6 and truthfulness of Whonix not auto-connecting statement.

I think it’s much clearer now for the user.

Haven’t read all your prior comments yet. Will do so soon and then react. For now, just one small thing…

old:

Without this option

new:

If this option is not set

I have been trying to avoid the word not as much as possible, as parsing this with human brains is hard and often confused. Do you think makes sense and things can be written without using not?

Right. Fixed it to:

Without this option set…

Also removed the fte line from the “complete torrc sample text” entry, since we don’t want to confuse users.

Agree that using “not” is sometimes confusing. It’s a bit difficult, like using double negatives in sentences to create a positive meaning e.g.

“There is no way you can do nothing about this”

However, in this instance writing only “Without this option” (without stating the setting of the variable) is subtly vague i.e. does it mean:

a) Tor (in general) without the option?
b) The user not setting the option?

Thus, I added “set”.

I can add this stylistic stuff to the wiki editing guide when there is a wiki entry available (can I add those myself to the main wiki Table of Contents, or only those with approval power?).

@HulaHoop @Patrick

Re: Template:FoxyProxy → Tested the instructions using the add-on install method.

Everything is working with 7.0a2 hardened Tor Browser. I double-checked about:config & xpinstall.signatures.required is set to true, so everything is fine.

I also checked a website that normally blocks all Tor IPs and startpage proxies → worked like a dream! Nice job.

Since this works, I didn’t bother with trying to install it form the Debian repos. I don’t think it’s worth noting in the template (edit-wise), unless the add-on steps break in the future (?). If you think otherwise, I can trial the Debian repo install method to see if it works/breaks, then add steps to the template.

The only problem is an AppArmor conflict. Ironically the proxy still works, but FYI the message is:

apparmor=“DENIED” operation=“open” profile=“/home/**/tor-browser*/Browser/firefox” name=“/run/user/1000/dconf/user” pid=XXXX comm=“firefox” requested_mask=“rwc” denied_mask=“rwc” fsuid=1000 ouid=1000

x 17 or so messages

So, I guess we can warn users that AppArmor MAY cause conflicts, but it appears to be working at the moment.

I’ll tidy up that FoxyProxy template for readability and note that it DOES work fine with 7.0a2.

http://kkkkkkkkkk63ava6.onion/wiki/Template:FoxyProxy → Fixed

I used pre instead of blockquote for The Tor Project warning around add-ons, since the blockquote text is “supersized” for some reason and looks like shit.

One request: You’ve been already mostly doing this, but still… Please don’t mix language fix changes with general modifications (like adding new information) into the same edit. That makes review much harder since that may confuse the wiki diff. If it’s multiple edits, than that works better.

Re: foxyproxy

The potential fingerprinting harm to user anonymity depends on how many others are running Tor Browser in conjunction with FoxyProxy. This figure is likely to be negligible in size. Further, if Tor Browser is configured to use a non-Tor exit node, the user is placed within a very small subset of all Tor users. This applies to configurations such as Tor Browser and I2P, or Tor Browser and a socks5 webproxy.

Right.

From Combining Tunnels with Tor

When using a browser, worsens web fingerprint. It is unknown how anonymous it is to use user -> (proxy/VPN/SSH ->) Tor -> Proxy/VPN/SSH -> Tor Browser -> website. How many people show up with a proxy, VPN or SSH IP using Tor Browser? This setup is so special that probably only very few people are doing it. For this reason, recommend against. On the other hand, due to browser fingerprinting, it can’t be recommend using any browser other than Tor Browser either. ^[17]

Perhaps that should be turned into a template? And added to the foxyproxy template? Because if we mention fingerprinting issues with Tor Browser if foxyproxy gets installed, some users falsely conclude it would be a good idea to use Firefox instead then. Could extend the foxyproxy template with this information? “However, if you must, still use Tor Browser, using Firefox would be even worse.”

TOC editing is fine. However, we had to disable new page creation because that was being abused by automated spam bots.

Just now created empty page:
Documentation Guidelines