[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Long Wiki Edits Thread

Other long term goals could be being more like https://simple.wikipedia.org and ELI5.


https://www.whonix.org/w/index.php?title=Template:Fail_Closed_Mechanism&oldid=28070&diff=cur

old

One of the key benefits of Whonix is that when a VPN connection fails, you will still have the protections provided by Tor.

new

One of the key benefits of Whonix is that when a VPN connection fails, protections are still afforded by the Tor process.

Do you think afforded is suitable here? And is better than provided?

Thanks for all that feedback & bulk sign-offs.

Yes, I agree with all your feedback above. I’ll fix all that up as per your directions, but am having a little break from editing, just for today. :sweat_smile:

That is really useful -> wiki/Special:WhatLinksHere/Template:Design_Introduction

I’ve been looking for something like that! Perfect.

Good luck with your live streaming thing tomorrow.

Cheers

2 Likes

1) License wiki entry -> (Already) Fixed

2) Template:Build_Documentation_apt-cache -> Fixed

3) Template:Control_Port_Filter_Python_Profile_Add -> Fixed

Added some text there (but check if it’s right, because I know nothing about the control port filter) :slight_smile:

4) Wiki Main Page -> Fixed.

E.g. semi-colon issue and changed text slightly re: what Tor protects from, since anyone with end-to-end netflow correlation attack ability can screw over Tor users. Before, the text read like Tor is a silver bullet.

5) Security Guide -> Fixed.

A million little things. Also noted deprecation of hardened Tor browser and the Alpha series picking up ASan and Selfrando protections after April release of Tor Browser

TO DO:

1) Remove extra text from Template:Design_Introduction and move to a wiki thread if you create one.

How about creating an extra entry under “Miscellaneous” on the main wiki page e.g. something like “Whonix Wiki Editing Guidelines” or similar? If you do that, I’ll separate purely stylistic issues from grammatical issues.

2) Try Tor Browser nightly for Whonix compatibility (I bet it doesn’t work, but we’ll see)

3) Attempt Foxy Proxy steps and follow up with the other forum thread users to check correctness for a Wiki entry

4) Test Whonix wiki back-up script

5) Edit Bridges wiki entry for simplicity since users keep posting about it in the forums (it can be improved, particularly the output re: what the torrc file should look like)

6) Add Micah Lee’s expose of Subgraph to the Subgraph OS comparisons page

7) Keeping on head-banging the second round of wiki templates.

The horror, the horror… :wink:

2 Likes

OK, working my way through the Bridges stuff.

1) Re: this in Bridges section ->

http://kkkkkkkkkk63ava6.onion/wiki/Bridges

  1. When Whonix starts for the first time, it won’t automatically connect to the public Tor network, which is beneficial for safety reasons. Users are guided by the Whonix Setup Wizard, which is automatically started.

Really?

I’m pretty sure this only applies to non-Qubes-Whonix (?). That is, Qubes with Whonix templates installed from the installer connects first time without any prompting from memory. But I might be wrong.

If that is the case, we should note this for users who risk being harmed if identified Tor use is bad in their country i.e. they MUST config torrc first before ever trying to connect to the Tor network or running Whonix templates/AppVMs.

2) Re: http://kkkkkkkkkk63ava6.onion/wiki/Bridges#Finding_a_bridge_and_choosing_the_right_protocol

I updated it to reflect The Tor Project’s preference for obfs4 (but obfs3 is still okay). Apparently the former works more often in various regions.

Another question, at this link we have in there ->

https://bridges.torproject.org/options

One of the check options at The Tor Project is something like:

Get an IPv6 compatible address?

I presume we should be noting that Whonix users should NOT check this option given various risks linked to IPv6 re: possible deanonymization?

I’m not even sure if it’s compatible with Whonix (I know Qubes doesn’t support it yet from memory).

1 Like

Bridges wiki entry -> Finished

Just need to check with you those 2 issues above i.e. IPv6 and truthfulness of Whonix not auto-connecting statement.

I think it’s much clearer now for the user.

1 Like

Haven’t read all your prior comments yet. Will do so soon and then react. For now, just one small thing…


old:

Without this option

new:

If this option is not set

I have been trying to avoid the word not as much as possible, as parsing this with human brains is hard and often confused. Do you think makes sense and things can be written without using not?

Right. Fixed it to:

Without this option set…

Also removed the fte line from the “complete torrc sample text” entry, since we don’t want to confuse users.

Agree that using “not” is sometimes confusing. It’s a bit difficult, like using double negatives in sentences to create a positive meaning e.g.

“There is no way you can do nothing about this” :slight_smile:

However, in this instance writing only “Without this option” (without stating the setting of the variable) is subtly vague i.e. does it mean:

a) Tor (in general) without the option?
b) The user not setting the option?

Thus, I added “set”.

I can add this stylistic stuff to the wiki editing guide when there is a wiki entry available (can I add those myself to the main wiki Table of Contents, or only those with approval power?).

1 Like

@HulaHoop @Patrick

Re: Template:FoxyProxy -> Tested the instructions using the add-on install method.

Everything is working with 7.0a2 hardened Tor Browser. I double-checked about:config & xpinstall.signatures.required is set to true, so everything is fine.

I also checked a website that normally blocks all Tor IPs and startpage proxies -> worked like a dream! Nice job.

Since this works, I didn’t bother with trying to install it form the Debian repos. I don’t think it’s worth noting in the template (edit-wise), unless the add-on steps break in the future (?). If you think otherwise, I can trial the Debian repo install method to see if it works/breaks, then add steps to the template.

The only problem is an AppArmor conflict. Ironically the proxy still works, but FYI the message is:

apparmor=“DENIED” operation=“open” profile="/home/**/tor-browser*/Browser/firefox" name="/run/user/1000/dconf/user" pid=XXXX comm=“firefox” requested_mask=“rwc” denied_mask=“rwc” fsuid=1000 ouid=1000

x 17 or so messages

So, I guess we can warn users that AppArmor MAY cause conflicts, but it appears to be working at the moment.

I’ll tidy up that FoxyProxy template for readability and note that it DOES work fine with 7.0a2.

2 Likes

http://kkkkkkkkkk63ava6.onion/wiki/Template:FoxyProxy -> Fixed

I used pre instead of blockquote for The Tor Project warning around add-ons, since the blockquote text is “supersized” for some reason and looks like shit.

1 Like

One request: You’ve been already mostly doing this, but still… Please don’t mix language fix changes with general modifications (like adding new information) into the same edit. That makes review much harder since that may confuse the wiki diff. If it’s multiple edits, than that works better.


Re: foxyproxy

The potential fingerprinting harm to user anonymity depends on how many others are running Tor Browser in conjunction with FoxyProxy. This figure is likely to be negligible in size. Further, if Tor Browser is configured to use a non-Tor exit node, the user is placed within a very small subset of all Tor users. This applies to configurations such as Tor Browser and I2P, or Tor Browser and a socks5 webproxy.

Right.

From https://www.whonix.org/wiki/Tunnels/Introduction#Connecting_to_Tor_before_a_tunnel-link_.28proxy.2FVPN.2FSSH.29

When using a browser, worsens web fingerprint. It is unknown how anonymous it is to use user -> (proxy/VPN/SSH ->) Tor -> Proxy/VPN/SSH -> Tor Browser -> website. How many people show up with a proxy, VPN or SSH IP using Tor Browser? This setup is so special that probably only very few people are doing it. For this reason, recommend against. On the other hand, due to browser fingerprinting, it can’t be recommend using any browser other than Tor Browser either. [17]

Perhaps that should be turned into a template? And added to the foxyproxy template? Because if we mention fingerprinting issues with Tor Browser if foxyproxy gets installed, some users falsely conclude it would be a good idea to use Firefox instead then. Could extend the foxyproxy template with this information? “However, if you must, still use Tor Browser, using Firefox would be even worse.”


TOC editing is fine. However, we had to disable new page creation because that was being abused by automated spam bots.

Just now created empty page:
https://www.whonix.org/wiki/Dev/Documentation_Guidelines

1 Like

re foxyproxy AppArmor:

Yes. Looks harmless. Could you please post this in the Whonix AppArmor sub forum or create a phabricator ticket for this so it can be tracked and fixed for Whonix 14?

re license template:

Just now created https://www.whonix.org/wiki/Template:License_Amnesia.

Used here: https://www.whonix.org/wiki/Bridges#License

The formatting looks awful. We cannot use <pre> tags, since these don’t support variables. Blockquote would be the proper tag.

blockquotes really need to be fixed… Created a separate thread for it:
https://forums.whonix.org/t/fixing-wiki-blockquote-font-size

Note, not all pages may use the Template:License_Amnesia. Only the pages that were originally forked from the Tails documentation.


Yes, Whonix remotely recent versions of Whonix… This is implemented for a long time now… Whonix does not automatically connect to the public Tor network. Whonix generates no networking traffic before Tor networking gets enabled. Only if users chose so in anon-connection-wizard (or manually enable Tor in torrc). That was the whole point of anon-connection-wizard btw. And the actual bridge wizard was never implemented, just a stub. However, iry is now working on that.

What do you mean by IPv6? None of that is mentioned on the bridges page.

And to perhaps preemptively answer a question :slight_smile: : yes, neither IPv6, nor IPv6 nor any traffic is generated by Whonix before enabling Tor.

1 Like

Yes, really. :slight_smile:

Both, Qubes-Whonix and Non-Qubes-Whonix.

All Qubes-Whonix versions were using the anon-connection-wizard.

IPv6 bridges can sadly not be used in Whonix yet. Ticket:
https://phabricator.whonix.org/T509
At the moment they would just fail closed.
Yes, good observation, please document that.

1 Like

Was kinda working my way up from bottom to top. I should have reacted to all points that require an reaction. Should I have missed to reply to some point, please copy/paste or reference it. :slight_smile:

Finally added you here, @torjunkie :
https://www.whonix.org/wiki/Authorship#Current_Maintainers

Please feel free to edit that one (your entry and generally).

(And that page would perhaps be cleaner if it was similar to https://www.qubes-os.org/team/.)

Done.

Thanks for all that info & various signoffs. :slight_smile:

Let me list my follow up items, since bits and pieces are done.

TO DO (updated):

1) Note IPv6 tor bridges are currently incompatible with Whonix in Bridges documentation i.e. shouldn’t be selected by the user

2) Finish documentation_guidelines entry & remove text from the template I edited the other day (Template: Design_Introduction) re: grammar and stylistic issues

3) Add text to FoxyProxy template re: “Using FF is even worse” around fingerprinting issues.

Also consider whether this text should be turned into a template (fingerprinting one)

4) Off topic: Test Nightly Tor Browser (ESR 52) for Whonix compatibility

5) Off topic: test wiki backup script and updates thereof

6) Finish second round of wiki template edits (1/2 done now)

No problem - totally understand re: diffs for sign off. I’ll be sure to separate just language edits versus additional sections in the future. I had noticed that before.

BTW I understand (and I know you know) there are a host of privacy issues with IPv6, so hopefully you will take your time re: implementing Whonix ticket T509? :wink:

E.g. ->

Etc.

I’ll get onto these issues tomorrow.

1 Like

Sweet! Thanks, I’ll see if I can live up to that.

Let me add on my list:

7) Edit Maintainers list to mimic Qubes Team webpage.

1 Like

I am trying to fix all it's -> its errors. Once that is done… Should I mass replace (automated, easy) all it's to it is then?

Right. Yes, I recommend removing contractions where possible for clarity and a more professional style. I’ve added that to the documentation guidelines.

1) Bridges IPv6 note -> Fixed

2) https://www.whonix.org/wiki/Dev/Documentation_Guidelines -> Finished

3) Foxy Proxy (other browsers fingerprinting risk) -> Fixed.

Edited the text here: https://www.whonix.org/wiki/Tunnels/Introduction#Connecting_to_Tor_before_a_tunnel-link_.28proxy.2FVPN.2FSSH.29 and here: https://www.whonix.org/wiki/Template:FoxyProxy to read as follows:

When using a browser, connecting to Tor before a tunnel link worsens the web fingerprint. The anonymity effects of using the configuration: User -> (Proxy / VPN / SSH ->) Tor -> Proxy / VPN / SSH -> Tor Browser -> Website are unknown. How many people are likely to use a proxy, VPN or SSH IP in this manner? This setup is so specialized that probably very few are doing it, reducing the user pool to a small subset. Due to potential fingerprinting harm, it is recommended against. If proceeding despite the risk, the tunnel configuration should not be combined with any browser other than Tor Browser (e.g. Firefox, Chrome), due to an even greater browser fingerprinting risk.

So that it can be turned into a template as you suggested, and inserted into both entries accordingly.

BTW Blockquote now looks nice since fortasse fixed the text size!

1 Like

4) Latest nightly build.

Tested the latest version I could find on the Tor servers. It is from 2 weeks ago (3rd April) -> but it is still running 45.8 ESR. Hmm… I thought it was the 52 ESR version that was meant to be in Linus’ folder by this late stage.

Anyway, that nightly seems to work fine.

Couldn’t find a binary anywhere else for the 52 version. I’m not up for building anything, so we can just see how the Alpha series goes when it is released in a few days time. I think it will be based on 52.1

The stable will still be based on 45.9, so it shouldn’t bork for the majority of users I suppose.

PS I see you’ve been very busy with “find” & “replace” functions :smile:

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]