In the process of fixing… we should recommend for host AND Whonix VMs right? So add to “Host Security” page of Basic Security Guide - seems like a nice fit there and Whonix-WS and Whonix-GW security pages for VM kernel I suppose.
Good job 0brand. You are getting some very solid contributions under your belt, and I for one welcome it! More please
we have Template:Open with root rights - Whonix but that is for Whonix only, not guaranteed to work outside of Whonix (actually fails in Qubes Debian templates since these don’t have kwrite installed by default)
/etc/apt/sources.list.d/debian.list
Whonix: correct
plain Debian hosts and Qubes Debian template: incorrect, it’s /etc/apt/sources.list
Maybe instructions shouldn’t be by Debian packages, Whonix packages, Tor packages, Fedora packages. Perhaps better instructions for:
Qubes dom0
Qubes-Whonix TemplateVMs
Qubes Debian TemplateVM
Qubes Fedora TemplateVM
Non-Qubes-Whonix
plain Debian hosts
Then each chapter could contain instructions to onionize it as much as possible.
As for future Whonix support timelines… To have something doable…
once a new stable Qubes version is released, shortly after, there might be a 1 month notice to upgrade to that newer version of Qubes if users wish to keep using Qubes-Whonix
once a new stable Qubes-Whonix version is released, shortly after, there might be a 1 month notice to upgrade Qubes-Whonix if users wish to keep using Qubes-Whonix
once a new stable Non-Qubes-Whonix, shortly after, there will be a 1 month notice to upgrade Whonix if users wish to keep using Whonix
once a new stable Debian is released, shortly after, there might be a 1 month notice to upgrade Debian, if users wish to keep using Whonix
<ref>This is to relieve Whonix developers from having to diagnose and support old-stable versions of Qubes/Debian/Whonix which results in a lot duplicate maintenance effort.</ref>
There is one TODO there i.e. non functional bridges config.
Also, there is one table in the FAQ wiki page saying “Ignore for now. Broken since shift” or similar (Tails vs Whonix comparison). Can we just get rid of that or update the links or whatever?
Based on technically capable 0brand not being able to get Flash working in Tor Browser by:
a) installing flash player (non-free) from Debian; or
b) manually installing it from Adobe
and Tor Project blocking all plug-ins by default (I gather some about:config changes etc maybe also needed?), then 90% of Whonix users are not going to be capable of this, if it is even possible at all?
Has anyone got Flash working in recent Tor Browser versions?
I recommend, based on Flash:
being phased out by most websites
also being a security nightmare
many other safe ways to access same media e.g. downloading tools etc.
plus that wiki page quoting 5 year old JonDos info that just doesn’t work.
That we deprecate all the Flash instructions and point any intrested users to deprecated section i.e. it’s their own problem to work it out.
Why work hard to help users shoot themselves in the foot and fail to learn proper (safe) practices? Waste of time.
The likely scenario would be a user installing Firefox in Whonix-Workstation then installing flash. Both of which are recommended against.
At current time there isn’t much that is useful in that chapter. Cleaning up that page is on my TODO but how useful will it be even after that is done? Can’t install any plugins in TBB.
Think it would be better to put our efforts into documentation that strengthens security /anonymity IMHO.
All the mega-size security guide, advanced security guide, and computer security education pages are deprecated since I split them all into separate pages.
So, the correct entry for that (updated & working) is now here:
Also, that Tor page which has a ton of information under “Advanced Topics” relating to guard fingerprinting -> all that should become it’s own Guard Fingerprinting wiki page IMO (too long to be in there).
