A post was split to a new topic: set apt-get --no-install-recommends by default
Background:
Documented just now:
https://www.whonix.org/wiki/Malware_and_Firmware_Trojans#Malware_Audit
Hmm… maybe we should review that StartPage recommendation in a couple of wiki pages (my bold).
Startpage Acquired by System1, Privacy One Group - Still Safe?
Recently there has been lots of talk about Startpage being acquired (or at least partially acquired) by a US company called Privacy One Group, which is a division of System1, a “data science” company that specializes in targeted advertising.
…
With that being said, my general rule here at Restore Privacy is to only recommend products and services that I would personally trust and use myself. Therefore I will not be recommending Startpage as a private search engine due to some lingering concerns I have. These concerns include:
- The fact that System1 has acquired a stake in Startpage and is not disclosing the details.
- The history and business model of System1, which includes gathering “as much data as possible” and profiling users for targeted ads.
- The board of directors change at Surfboard Holding BV, to appoint the System1 co-founder and an outside investor.
- The nine-month delay in alerting the public to these changes, and then announcing it as a “most recent” change.
- The contradictory business models of System1 and a truly private search engine.
startpage has only 1 mention for Tor relay ban, that’s it? No special endorsement whatsoever. Also google cache is mentioned there. If we’re super strict at in that place then the user would have even less working options to view any websites that block Tor exists. At no time it’s implied that using such services improve privacy. Necessarily such workaround worsen privacy. Perhaps worth pointing that out and/or linking to * Unsubstantiated Conclusions?
We as a privacy by technology project should be careful and not get lost in endless debates on privacy by policy / legal / company valuation. Related:
- Criteria for Reviewing VPN Providers
- Distrusting Infrastructure
- Self-Hosting vs Third Party Hosting
- Server Privacy
- sdwdate Time Sources Criteria
- Local browser homepage for Tor Browser in Whonix - #101 by Patrick
I.e. which company bought which one, who are the people behind it.
It’s very complex. Often non-verifiable. Good arguments can be made for opposite viewpoints. I don’t think there can be a methodology that could be applied consistently.
Fair enough.
New wiki page:
backgrounds: Lots of people in Whonix telegram / matrix ask about Whonix KVM. Questions such as “Do I really need vibr0?” I don’t know enough about KVM to get into that.
//cc @HulaHoop
Yeah I prefer one place (here) to see all support topics and the answers are permanent and can be easily referred to in the future when the same questions pop up.
new wiki page:
Background: The impression for new users keep sticking that Whonix invented all the thousands of packages or things like apt
. Sometimes users discuss something in Whonix chat such as for example installation of packages also (not) available from Debian. Maybe not the best example. Or general security questions. In such cases I’d like to have a handy link to point out that more could be learnt my knowing it’s actually unspecific to Whonix.
Bug: The url is wiki/unspecific (to keep it easy to type) but the title should actually be Information Booster might be Available!
. (Suggestions welcome.)
Bug reported:
Upstream swift fix.
New wiki chapter:
Generic Bug Reproduction
You might be interested in this.
- Open Source Security Metrics
https://metrics.openssf.org/search?q=whonix
(Whonix scoring around 48-50%)
- ossf / scorecard
Release v2.0.0 · ossf/scorecard · GitHub
https://raw.githubusercontent.com/ossf/scorecard/main/cron/data/projects.csv
Result: github.com/Whonix/Whonix,criticality_score:0.482730
- google / oss-fuzz
GitHub - google/oss-fuzz: OSS-Fuzz - continuous fuzzing for open source software.
(Useful for Whonix?)
new wiki chapter:
VirtualBox Generic Bug Reproduction
sure will do
Edit: fixed from them, working fine from my side.
Thanks.
@Patrick I don’t think it is risky for us to publish Host Kernel Hardening while awaiting madaidan’s website changes - we have his permission on this forum after all.
Also, Since Tor’s sandbox feature seems perpetually broken/non-functional can/should we run Tor in a chroot jail, or at least provides wiki instructions to do so as an optional configuration?
No idea if this would work in Whonix configuration. (On a side note there is a lot of the Arch wiki we could rip off for security-related matters in our own wiki. TODO)
For security purposes, it may be desirable to run Tor in a chroot. The following script will create an appropriate chroot in /opt/torchroot:
~/torchroot-setup.sh
#!/bin/bash
export TORCHROOT=/opt/torchrootmkdir -p $TORCHROOT
mkdir -p $TORCHROOT/etc/tor
mkdir -p $TORCHROOT/dev
mkdir -p $TORCHROOT/usr/bin
mkdir -p $TORCHROOT/usr/lib
mkdir -p $TORCHROOT/usr/share/tor
mkdir -p $TORCHROOT/var/lib
mkdir -p $TORCHROOT/var/log/tor/ln -s /usr/lib $TORCHROOT/lib
cp /etc/hosts $TORCHROOT/etc/
cp /etc/host.conf $TORCHROOT/etc/
cp /etc/localtime $TORCHROOT/etc/
cp /etc/nsswitch.conf $TORCHROOT/etc/
cp /etc/resolv.conf $TORCHROOT/etc/cp /usr/bin/tor $TORCHROOT/usr/bin/
cp /usr/share/tor/geoip* $TORCHROOT/usr/share/tor/
cp /lib/libnss* /lib/libnsl* /lib/ld-linux-.so /lib/libresolv* /lib/libgcc_s.so* $TORCHROOT/usr/lib/
cp $(ldd /usr/bin/tor | awk ‘{print $3}’|grep --color=never “^/”) $TORCHROOT/usr/lib//var/log/tor/notices.log is only needed if you run hidden services
cp /var/log/tor/notices.log $TORCHROOT/var/log/tor/
cp -r /var/lib/tor $TORCHROOT/var/lib/
cp /etc/tor/torrc $TORCHROOT/etc/tor/chown tor:tor $TORCHROOT
chmod 700 $TORCHROOT
chown -R tor:tor $TORCHROOT/var/lib/tor
chown -R tor:tor $TORCHROOT/var/log/torsh -c “grep --color=never ^tor /etc/passwd > $TORCHROOT/etc/passwd”
sh -c “grep --color=never ^tor /etc/group > $TORCHROOT/etc/group”mknod -m 644 $TORCHROOT/dev/random c 1 8
mknod -m 644 $TORCHROOT/dev/urandom c 1 9
mknod -m 666 $TORCHROOT/dev/null c 1 3if [[ “$(uname -m)” == “x86_64” ]]; then
cp /usr/lib/ld-linux-x86-64.so* $TORCHROOT/usr/lib/.
ln -sr /usr/lib64 $TORCHROOT/lib64
ln -s $TORCHROOT/usr/lib ${TORCHROOT}/usr/lib64
fiAfter running the script as root, Tor can be launched in the chroot with the command:
chroot --userspec=tor:tor /opt/torchroot /usr/bin/tor
or, if you use systemd, overload the service:
/etc/systemd/system/tor.service.d/chroot.conf
[Service]
User=root
ExecStart=
ExecStart=/usr/bin/sh -c “chroot --userspec=tor:tor /opt/torchroot /usr/bin/tor -f /etc/tor/torrc”
KillSignal=SIGINT
That would be an exclusive permission (full terms and conditions unclear, perhaps revokeable…) which doesn’t extend to anyone who would want to fork that text. Would still be proprietary (copyrighed) as per copyright laws default. Proper Open Source projects, specifically bigger ones, don’t accept content/contributions without crystal clear licensing.
chroot is not a security feature.
related:
The tor
package by default already comes with:
/lib/systemd/system/tor@default.service
various systemd hardening/etc/apparmor.d/system_tor
an apparmor profile.
That is sandboxing. Potential enhancements should be contributed upstream.
A custom chroot solution would be weaker and more stability fragile.
Could you review Bitcoin: Difference between revisions - Whonix please? @HulaHoop
Rejected. We don’t add obscure altcoins to our wiki (which implies endorsement) just because they slapped on a buzzword (in this case “quantum”) on their website.
I have no idea what the qualifications of the people behind is or what their motives are.
For reference, was about this edit:
Bitcoin: Difference between revisions - Whonix