Long Wiki Edits Thread


Haven’t found any info on this in the Tor release notes. Will have to find a reference for this.


We have https://www.whonix.org/wiki/DoNot#Change_Settings_if_the_Consequences_are_Unknown but…

Should I apply the steps in this guide on the tor browser?

it doesn’t really specifically address that and explains this makes it more fingerprintable perhaps with a short footnote as explanation/reference with proof or authoritative source as backup of this claim?


Could you please review




The link to the Hidden Wiki is problematic. There is useful info on there but the fact it links to other illegal material might make us liable if we link to it directly.

I recommend pasting the contents of the email page to a pastebin (or alternative) then archiving that with archive.org/web then linking to that page instead while citing the source as the hidden wiki.



Best staying away from hidden wiki entirely.


Fixed (removed).


1. This ‘onion gaming’ stuff is too big (and looks out of place) on this page -> http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Onion_Services_Guides#Multiplayer_.onion_Games

Probably better to just create a standalone ‘Onion Gaming’ page and link to it. Also, presumably more gaming stuff will become available over time.

2. Let me know if there’s something that needs fixing up on the email page updates i.e. re: the service provider changes. Effectively, some just go out of existence quite regularly it seems.

(It would be nice to have all those VFEmail pics replaced with a working alternative in the Email entry, but I’ll leave that to @tempest)

3. The added info on Tor attacks on the Warning page is to try and tighten up info - i.e. a ton of other (historical) attacks are possible against the client, server and/or network.

Good for reader to know it ain’t just confirmation attacks they need to worry about if the ‘big boys’ take an interest. Even Tor doesn’t list this out anywhere in one place that I remember seeing…

(haven’t forgotten the Whonix 14 Release Updates TODO; putting off the dull stuff)

Plan from here ->

  1. finish finer edits down to anonymous email section
  2. tidy up/rejig that Mixmaster stuff
  3. start some heavy edits on the Money section (good info, but structure/expression is wanting in several places there)


New Electrum instructions are ready for review.



https://www.whonix.org/w/index.php?title=Warning&oldid=41607&diff=cur is huge. All self-written? @torjunkie I haven’t seen such a summary/overview before yet.

Could you please help to review https://www.whonix.org/w/index.php?title=Warning&oldid=41607&diff=cur @HulaHoop?

<ref>Some have already been addressed by The Tor Project.</ref>

Why make this a footnote? Which ones were addressed, and which ones not? Seems like an important information if we add this.

<ref>Explaining why browser plug-ins should generally be avoided or disabled in Tor Browser.</ref>

Slightly confusing. All disabled by default in Tor Browser.

Connections to peer-to-peer systems are exploited to retrieve the IP address of the client. For example, adversaries can retrieve the IP address of clients connecting over Tor with the BitTorrent protocol when they communicate with the torrent tracker. <ref>Torrent trackers retrieve information about peers who can share the requested resource, that is, IP address and listening port.</ref> While tracker lists can be retrieved anonymously over Tor, the actual P2P connection is not – meaning a MitM attack on this connection can redirect to a list that includes the IP address of a malicious torrent peer. This means the IP address of the client that originated the tracker request (over Tor) can be retrieved.

Doesn’t apply to Whonix.

Quote https://www.whonix.org/wiki/File_Sharing#Please_limit.21

Whonix will keep your IP address hidden while you use BitTorrent and other file sharing and P2P programs.

Since it doesn’t apply to Whonix, is it worth mentioning it on our Warning page? We could mention a short summary on attacks on Tor somewhere in Whonix wiki but the Warning page isn’t the right place?

Tor clients can be induced to adopt a malicious Tor guard (entry) node via: altering traffic capabilities of the target, blocking connections to legitimate entry nodes at the network level, and so on. This greatly assists end-to-end correlation and other attacks.

Reference required.

<ref>Note: This attack variant is no longer possible since directory servers now control the declaration of effective bandwidth.</ref>

Shouldn’t be a reference if this is no longer valid, too important to hide it in reference.

Cell Counting and Padding

Reference required.

Tor Cells Manipulation

Reference required.

Timing Attacks

Reference required.

Shaping Attacks

Reference required.


OK - tried to address most of that. I’m sure HulaHoop will pick up any BS claims made by researchers here.

All comes from the primary ‘Darknet’ reference. Have looked at a bunch of secondary refs which look pretty good. I should paraphrase / rephrase it a bit harder though :slight_smile:

@0brand nice work on Electrum pg



Restructure to get rid of numerous ‘do not’ points in succession)

Nice. I agree. I am wondering about the whole page title DoNot. It’s a negative. Does that make sense? Is that cool, fancy, helpful to get the message across? If you’re wondering the same, I’d be open to re-style it. But if I am wondering about non-issues it can also stay as is.


Yes, rephrase it from the negative to the positive would be good. Perhaps a redirect to a page which matches the title. For example, “Tips on Remaining Anonymous”


Electrum page:

Instead of

Note: Unless directed otherwise, the following instructions are run in Whonix-Workstation anon-whonix (Qubes-Whonix).

I’d move “anon-whonix” in the parenthesis:

Note: Unless directed otherwise, the following instructions are run in Whonix-Workstation (anon-whonix in Qubes-Whonix).

There’s a typo in footnote #1: sever instead of server.

Apart from that, looks perfect :+1:


In https://www.whonix.org/wiki/Other_Operating_Systems#Security_Comparison:_Whonix-Download-Workstation_vs._Whonix-Custom-Workstation

The Stream isolation in Tor Browser is no for Whonix Workstation. Should we update it to yes?


iry via Whonix Forum:

In https://www.whonix.org/wiki/Other_Operating_Systems#Security_Comparison:_Whonix-Download-Workstation_vs._Whonix-Custom-Workstation

The Stream isolation in Tor Browser is no for Whonix Workstation. Should we update it to yes?



I would say we should avoid making such a section entirely to avoid making inaccurate statements. Some of these attacks are purely theoretical and may not be effective in the real world. Hosting distances and datalink latency might make them useless in practice, also Tor network size and mixing in more traffic besides just TBB, also affects success rate. Also unless we have someone actively asking TPO for a review of the material and to keep abreast any mitigation developments, we risk harming the reputation of the software’s efficacy since the data will be outdated.

With that said, if you want to keep it, it better belongs in it’s own dedicated page instead of the warning page. I also agree about the comments Patrick made.


A dedicated page with dedicated maintainer would be ok. Then Whonix is
more like a third party host of information and we have limited duty to
review the contents.


These contents are inspiring for sure for some readers but seems non-essential for most users of the warning page. However, this goes more into the direction of a research project. It would a lot time to get knowledgeable enough to be capable to review and publish it for me.

As chapter License of the Warning page indicates, the Warning page was initially based on Tails Warning page. So any argument made by me just now could be turned against me. Such inconsistencies would be inherited from the fact that this was initially a fork of Tails documentation for completeness of Whonix documentation sake rather than a well thought through “what the user really needs” (which is an afterthought much later now).


I think @HulaHoop has a point here. the issue of online security is huge and perhaps it will be useful to separate the attacks we can mitigate from those we can’t.

Specifically, what’s missing for me is a more Whonix-centered threats page, and practical ways to address them, if any. For example:

  • Effect of sdwdate or whonixcheck on possible classification as a Whonix user vs. any other Tor users (by Guard?).
  • Workstation to gateway flow of info. For a careful user, the workstation is “what you do” while the gateway is “who you are”. The combination of both presents the biggest danger. But when the info from the workstation isn’t encrypted, gateway has both “who you are” and “what you do”. Is there a way to address that.


No problem. Just get rid of them.