1. Surveillance Capabilities page → Fixed.
2. I’d suggest a mass find-replace for “Hidden Services” → “Onion Services”. That’s all over the wiki.
3. We should probably also rename the “Hidden Services” wiki page to “Onion Services”.
Then just have a first line on that page stating:
Onion services were previously known as (Tor) Hidden Services.
4. You want a “GPG Fingerprint” template of some description based on discussions with HulaHoop?
I’m not good with those {{{}}} templates If you tell me which other template one I can imitate, then I can do that for you.
Anyway, moving on…
That’s either mostly or fully done.
Edited pages on Login required - Whonix could use some rough review if nothing broke links or logically.
Onion Services - Whonix (and others) still contains the word “hidden” sometimes.
- hidden server
- hidden servers
- hidden webserver
- Hidden VoIP Mumble Server
- and others
/var/lib/tor/hidden_service
What about Tor config directives such as HiddenServiceDir
, Tor Project hasn’t made it possible to use Onion
instead?
The following page was deliberately not renamed.
It’s because it compares Tor onion services with other options.
That would be useful.
Which pages are using gpg verification instructions? Any (complete or incomplete list)? @HulaHoop
These are the most extensive / secure / sophisticated gpg verification instructions we have:
- referring to Whonix ™ Signing Key explaining to get the signing key from multiple sources and through the OpenPGP web of trust
- file name verification through
gpg --verify-options show-notations
(I haven’t seen this used elsewhere.) which is useful to spot downgrade or stale download attacks - Explaining
This key is not certified with a trusted signature!
message. - GPG signature timestamp verification
Other places lack one or multiple of this because it is a lot to type. And… Needless to say… All of the file verification state of the art is a complete usability mess, expecting unrealistic things from users, but that’s not our fault.
https://www.whonix.org/wiki/Template:Verify_the_virtual_machine_images_using_the_command_line is an example template.
{{Verify_the_virtual_machine_images_using_the_command_line
|download_signature_link=
|cd_directory=
|gpg_verify_cmd_gw=
|gpg_verify_cmd_ws=
|gpg_verify_success_gw=
|signature_notation_gw=
}}
Supported variables.
- download_signature_link
- cd_directory
- gpg_verify_cmd_gw
- gpg_verify_cmd_ws
- gpg_verify_success_gw
- signature_notation_gw
Verify Virtual Machine Images on the Command Line shows how the template can be used.
- Invisible Internet Project (I2P)
- Template:Tox - Whonix
- YaCy Decentralized Search Engine
- Freenet - Whonix
- Template:TPO Manual Install - Whonix
- Instant Messenger Chat
- Tor Browser Advanced Topics
- Nym Servers and Pseudonymous Emails
- KeePassXC Password Manager
(Search each of that page for fingerprint
to find the relevant part concerning gpg verification.)
If we want to create a template for all of these pages…
- which is the best version of these
- create a best version / refine it
- What are the similarities of each of this pages? Which text is repetitive or can be made repetitive?
- What are the differences of each of this pages?
- These need to be translated into wiki variables. Either do it as per instructions above or leave variablization to me.
- Differ will…? Instructions to get the key.
-
cd
command - key import command
- gpg fingerprint
- gpg import command
That’s all of them. Of course the deprecated doesn’t matter
In Tox’s case its a template
Thanks @TorJunkie!
Hi torjunkie
Have the general layout (about halfway done with content) I’m still a little shaky on the overall format. It should work itself out.
Intro
- Understanding leaks (basic overview)
- How leaks occur
- What info can be leaked
- Challenges preventing
Security In The Real World
- Threats
- Whonix security model
- Overview (detailed)
- Whonix vs.
- Past exploits (current content)
- Present day (meltdown ect.)
- Future (zero day)
#Whonix blocks info leaks. Important users know: What isn’t an info leak? User mistakes etc.
Close
OK - went through all those find-replace pages for “onion” and fixed multiple broken links/redirects or duplicate phrases.
Another minor (nit) change might be a mass find-replace for “a onion” → “an onion”
Not that I’m aware of i.e. all their Tor code still references things like HSDir and so on.
OK.
Re: GPG stuff - thanks @Patrick @HulaHoop - I’ll probably post a possible template back here first for content, then work out the variables stuff with your input if it’s problematic, since I haven’t really done that before.
Note to self - must also fix FAQ entry re: Tor connections as per Patrick’s suggestion & add sharing docs research re: embedded watermarking etc. risks which I forgot to do.
Hi Obrand - that looks like a pretty good structure.
From my editing experience I find that by first writing / fixing the content, this lends itself to the obvious structure that is needed afterwards, as well as obvious holes in material that need more references or other fixes.
I look forward to seeing it!
Wow, that were quite a few required fixes…
Done.
1. Fixed DoNot page so it has some structure (was a mess of bullet points before).
2. Re: Special:Log/newusers
I gather it is fair to assume that a large proportion of these accounts are bogus, soon-to-be-used-for-spam accounts if they have zero contribs and have never said squat in forums.
I wonder if Whonix should be proactive and auto-delete accounts, say older than 12 months, that have never been active in any shape or form for either wiki or forum contributions.
For instance, in that 1st page stretching back to late 2016, I see maybe 38/50 accounts that fall into that category.
3. Will try and sort out this gpg fingerprint page next (when I have some time).
I would think that many account where set up and forgotten about. It should also be considered that some forum members have accounts set up to email threads/posts from categories they are interested in i.e. Qubes-Whonix, KVM etc. Just because they are not active does not indicate they are not benefiting or being educated from forum posts. Is also should be considered some members have backup accounts. For example I recently used mine to post some comments in the “Why Facebook is Cancer” thread.
torjunkie:
2. Re: Special:Log/newusers
I gather it is fair to assume that a large proportion of these accounts are bogus, soon-to-be-used-for-spam accounts if they have zero contribs and have never said squat in forums.
I wonder if Whonix should be proactive and auto-delete accounts, say older than 12 months, that have never been active in any shape or form for either wiki or forum contributions.
For instance, in that 1st page stretching back to late 2016, I see maybe 38/50 accounts that fall into that category.
If they are bots, they managed to circumvent the registration process
spam protections but then failed to circumvent the spam posting protections.
Since registration spam protections haven’t been improved, it is fair to
assume they could create new accounts any time. Since it’s mostly
programs running, that failed, I think these are just database slug and
now inactive. Therefore I am not convinced the effort to get rid of
those would help to prevent future spam.
Related changes:
Could anyone help me to review it please?
TODO:
- Could anyone help me to create a template that exactly called
Open_/usr/local/etc/torrc.d/50_user.conf
please? To be more specific, the template should be used as{{Open_/usr/local/etc/torrc.d/50_user.conf}}
- Copy related content in template
Open_/etc/tor/torrc
to the new template. - Add content below in the 50_user.conf template:
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = Since Whonix 14, all user’s own Tor configurations should go to {{Code2|/usr/local/etc/torrc.d/50_user.conf}}, not anywhere else. Please be aware that Whonix will not modify the /usr/local/etc/torrc.d/50_user.conf once it is created, which means you are fully responsible for adding and removing configurations in it.
}}
My personal experience with editing Whonix Wiki is not perfect:
- I am not familiar enough with the Wikimedia syntax currently
- the account is usually logged out automatically after a certain period of time
- Working in Tor Browser makes every single redirection and loading time-consuming
- have to manually (search does not always get desired result) find the template in the special page (which is kind of hidden) and then modify it.
- have to click history to get a clean URL reference to the changes
Therefore, I would like to say thank you from my heart to everyone who has been contributing to the Wiki.
Thank you for the great effort and work!!
Hi iry
I can relate to that. I’m currently editing/rewriting Leak Protection and its taking a little longer than I originally had hoped. Its mostly monkey-see-monkey-do , I see the syntax used in other wiki pages to get a desired result, I do the same. Plus I’m not as experienced as most of the regular wiki contributors (whonix/anonymity wise) so I have to research to make sure the content is correct which takes even more time. Its something I am enjoying doing though. I will say I have a new found respect for past and present wiki editors. Its not easy.
Reviewed.
Created. I just put a “.” in there. Enter the text you like and I’ll edit it later on for wording.
I bursted out laughing when seeing this cause I can totally related to that.
Me, too!