You’re right. It was a brief brainstorm about an idea to make a more censorship robust notification system and it doesn’t belong on here, but on the permanent take-down threat ticket. As for the mmdebstrap steps below it, i have no idea how those got here (weren’t added by me I think) or how they help in installing the thing itself.
I was never able to get it to work and still don’t know why.
2 posts were merged into an existing topic: very hard to notice Phishing Scam - Firefox / Tor Browser URL not showing real Domain Name - Homograph attack (Punycode)
Could you review Difference between revisions of "Full Disk Encryption" - Whonix please? @HulaHoop
Should I move very hard to notice Phishing Scam - Firefox / Tor Browser URL not showing real Domain Name - Homograph attack (Punycode) from news to development forums? Same URL would remain functional.
Not in news forums disadvantage: someone really digging through news wouldn’t find it. Otherwise burried since posts in news forums aren’t bumped for new replies. But perhaps is OK if this moves to documentation instead.
If in development forums advantage: the thread gets bumped, more visible.
Good idea.
Dev/Issues Tracker wiki entry could do with an update to show your preference in I assume this order:
Also, I see The Tor Project GitLab issues trackers all have an onion address, but the Whonix one doesn’t. It would be great to set that up if possible from your end for interested devs & advanced users who want to check out issues.
Made a slight update.
The preference is:
Onions are available…
Current issue tracker:
http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/
Legacy issue tracker:
http://phabricator.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/
Primarily documented here:
https://www.whonix.org/wiki/Reporting_Bugs#Issue_Tracker
Dev/Issue Tracker - Whonix are just some notes.
Could you review Difference between revisions of "Full Disk Encryption" - Whonix please? @HulaHoop
I’m impressed by the contribution quality.
Yes. Impressive additions such as this Difference between revisions of "Malware and Firmware Trojans" - Whonix (confirmed)
Wiki getting a lot of praise due to contributions and professional English technical language. 
Could you review Difference between revisions of "Out-of-band Management Technology" - Whonix please? @HulaHoop
I see online that 2FA examples for Linux are primarily for SSH logins.
You have an example of KeePassXC on that wiki page, anything else that should be highlighted there as an example?
PS that STMAN guy on Twitter says he solved his advanced adversary problems by using a disp sys-whonix. You might want to point out that he is destroying his anonymity in the process i.e. lack of persistent Tor entry guards. Maybe quote this:
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Disposable_VM#Warnings
Using DispVMs for both the Whonix ™ Gateway and Workstation in Qubes R4 does not increase security without any corresponding privacy downside, for the following reasons: [17] [18] [19]
DispVMs are not amnesic. In practice this means traces of their activity can be left on storage or in memory, making them vulnerable to forensic operations. [20]
Using a DispVM for the Whonix-Gateway ™ results in non-persistent entry guards to the Tor network; behavior unlike the default configurations for Whonix ™, Tor, and the Tor Browser Bundle. Mathematically speaking, end-to-end correlation attacks are more likely to succeed when a user chooses many random entry and exit points in the Tor network, rather than semi-permanent entry guards which are only rotated every few months. [21] [22]
Answered on twitter just now.
Great work on the 2FA page!
Added 1 more sentence on the 2FA page.
2FA can also be useful for advanced users the have the capability to easily detect any phishing attempt. That is because even if the e-mail address used to sign-up for a (financial) service got hacked because of the e-mail service got hacked, attackers could still not login into the user’s accounts due to lack of 2FA.
Advanced users sometimes have the mindset “I know how to detect phishing therefore I am not in the target group of people who could benefit frrom 2FA” but then even their e-mail account could get hacked without their fault (malicious employee, database leak) and in this cases they’d be better off with 2FA protected logins for everything else. Then a simple password recovery request wouldn’t suffice to hack all of their logins.
Not sure that point was made on that page?
Not really. My best understanding of 2FA benefit is for web services. 2FA “strengthens any password” and makes a hacked e-mail address less painful.
Could you please review my minor by comparison title and description changes?
For Whonix 16, let’s please do a “staged rollout”, i.e. not post on too many announcement channels right on first day of release.
A post was split to a new topic: Kicksecure (not Whonix!): using /etc/hosts to block advertisements and trackers