Long Wiki Edits Thread

Latest version of Ubuntu is 20.04 - so not sure this is still relevant?


If Ubuntu 14.04 has a screen resolution of 640x480 you may be able to get 1024x768 by simply by running xdiagnose and changing any setting under Debug. Marking them all or unmarking “Enable automatic crash reporting”, are reported to work. Reboot.

Also, is the rest of that page still okay for higher screen res in VirtualBox without VirtualBox guest additions? Or majorly outdated (and should be deprecated)?

1 Like

A post was split to a new topic: Security Risks of VirtualBox Shared Folders

OK - on the relevant wiki page I noted because it is unclear:

Bidirectional clipboard sharing is currently disabled by default in Whonix ™ VirtualBox VMs.

For Whonix-Gateway ™, one directional clipboard sharing from the host to Whonix-Gateway ™ is allowed.

If that is not right, please correct it.

BTW if bidirectional clipboard sharing is enabled by default (which would be a mistake IMO since it is easy for VirtualBox users to change that setting), we should add a pointer in the security guide to disable it (many won’t want convenience over security)

1 Like

It was user contributed a long time ago. I don’t test these things. I’d say can be left as is but perhaps a comment added about the untested / unmaintained nature of it. Not required to call it deprecated until we hear it’s broken or otherwise causing trouble. Good to keep because I haven’t seen this anywhere else on the internet.

1 Like

Good idea. Please add.

1 Like

Could you review https://www.whonix.org/w/index.php?title=Tor_Myths_and_Misconceptions&oldid=58589&diff=cur please? @HulaHoop

1 Like

So does Whonix enable clipboard sharing by default in VirtualBox (bidirectional?) - still not clear to me :slight_smile:

Also, can’t add this to the Data Collection Techniques page due to this error:

File not found

Firefox can’t find the file at http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=Data_Collection_Techniques&action=submit.

Check the file name for capitalization or other typing errors.
Check to see if the file was moved, renamed or deleted.

Maybe you’ll have better luck adding the below, or something needs fixing on the wiki…

= Redirect Tracking =

Mozilla succinctly describes this novel threat: https://blog.mozilla.org/security/2020/08/04/firefox-79-includes-protections-against-redirect-tracking/

When we browse the web we constantly navigate between websites; we might search for “best running shoes” on a search engine, click a result to read reviews, and finally click a link to buy a pair of shoes from an online store. In the past, each of these websites could embed resources from the same tracker, and the tracker could use its cookies to link all of these page visits to the same person. To protect your privacy ETP 1.0 blocks trackers from using cookies when they are embedded in a third party context, but still allows them to use cookies as a first party because blocking first party cookies causes websites to break. Redirect tracking takes advantage of this to circumvent third-party cookie blocking.

Redirect trackers work by forcing you to make an imperceptible and momentary stopover to their website as part of that journey. So instead of navigating directly from the review website to the retailer, you end up navigating to the redirect tracker first rather than to the retailer. This means that the tracker is loaded as a first party and therefore is allowed to store cookies. The redirect tracker associates tracking data with the identifiers they have stored in their first-party cookies and then forwards you to the retailer.

To illustrate the threat, consider somebody browsing an online website advertising computer hardware who decides to click a link to purchase a suitable laptop from a suitable retailer. The browser will quickly navigate to the relevant website and the hardware product page loads. Without realizing it, the customer may have been tracked via several steps:

  1. The website advertising the computer hardware had the appropriate URL to redirect to the specific retailer.
  2. An embedded redirect tracker intercepted the click and sent the customer to their website instead.
  3. The tracker saves the intended destination – the retailer’s URL – that the customer thought they were directly visiting.
  4. After the redirect tracker is loaded as a first party, it can access its cookies. This means information is stored about which website the customer came from and where they are headed, along with cookie identifers (allowing tracking across the Internet).
  5. The customer is automatically redirected to their original destination after the tracking data is saved.

Fortunately Firefox 79 partially addresses this behaviour via its Enhanced Tracking Protection. Every 24 hours any cookies and site data stored by known trackers are cleared, preventing trackers from building a long-term profile of user activity. However, temporary tracking is available within that 24 hour window and a host of unknown trackers may still pose a profiling threat. https://blog.mozilla.org/security/2020/08/04/firefox-79-includes-protections-against-redirect-tracking/

Also, all the Friday & Saturday edits are mine, so I think they safely improve a fair few things :wink:

1 Like

Re bidirectional clipboard sharing: “In Whonix ™, VirtualBox guest additions are installed by default.”


Tor bandwidth weighted capactiy != number of nodes. All are not weighted equally, obviously so for accuracy, this statement is should be omitted:

This is equivalent to more than 380 Tor exit relays at the peak of the attack

Actually reading more closely, I don’t understand the sslstrip attack nodes’ relevance to the misconception being addressed. These nodes weren’t proven to be government run. Also for this particular attack, a GPA Can mount this attack on connections without having to be an exit node. For any other type of attacker, the only way to place themselves between cryptocurrency users and their sites is to run a malicious node.

However classical correlation attacks on the Tor network would need malicious exits and entry guards to be used simultaneously to deanonymize. Perhaps Roger’s statement needs to be further clarified that the structure of the internet is somewhat centralized and so flows can be more effectively monitored at choke-points even from outside the Tor network. Nothing in practice though proves that Tor is completely defeated by them however.

1 Like

torjunkie via Whonix Forum:

So does Whonix enable clipboard sharing by default in VirtualBox (bidirectional?)

Whonix VirtualBox: bidirectional clipboard sharing by default

There was a long forum discussion on the subject. Perhaps you have more
luck finding it than I had.

1 Like

@BOssmank you realize your posts reek of spam about some random shitcoin? I restrained myself from banning you on sight since you don’t seem to be a bot and had a legit support question. I will give you a second chance after removing your ad posts.

1 Like

No man it was legit and that was the only way I could pay some one back. Now they will have 50 and some PI that’s not on market yet.



That was my guess because who else would bother to add over 20% of Tor exit bandwidth. Although on second thought, since they were common cryptocurrency thieves, it probably was some general malicious actors (government is already well funded/over-compensated).

That was nusenu’s calculation and he/she seems to know their stuff based on that long article published before The Tor Project addressed the issue.

Anyway, just take out what you don’t like, because readers should be aware of the capability of malicious actors i.e. the fact this could happen undetected for a time is of real concern in the current ecosystem setup.

IMO Tor really needs to start transitioning to a ‘known good’ / confirmable Tor exit family groups etc. because the current model is abused and has been for the longest time. Plus, only half of the network’s bandwidth is used on average, so they can afford to cut (potentially) dodgy, anonymous operators.


Adjusted the paragraph to be more focused on the government point. Edited and polished the FAQ further.


Interesting. Well I remember a Roger Dingledine quote. Don’t remember where it was. But was along “In the early days of Tor, people would e-mail be to get their relay listed. That scaled even worse than I expected.”

1 Like

On the “Why is Tor Slow?” page we state:

Some actors misuse the Tor network, either purposefully or due to a lack of knowledge. For instance, Tor is sometimes used to conduct DDoS attacks [archive]. By doing this, the Tor relays are the ones who actually suffer from the attack, instead of the intended target.

I don’t think that is right, as individuals gloat about conducting such attacks regularly using Tor as a cover.

I know we don’t condone any illegal behavior, but we shouldn’t state falsehoods in the wiki just because something is undesirable.

Whonix ™ Platform Goals

If there is any doubt, Whonix ™ was never designed to hide users who engage in criminal/unlawful acts.

This is true. I remember the days when low iq footsoldiers used to think that running DDoS tools like loic over Tor was a great idea. It just eats up exit bandwidth and was relatively useless then (in comparison to going over the clearnet) and even more so now because cloudflare essentially has unlimited bandwidth and built its business model around stopping loic.


Do you mind approving the main ToC edits (adds a few missing entries, cleans up a couple of titles, some micro-images makes things easier to find for the reader):


There’s a few outstanding edits awaiting approval in the Non-Qubes Whonix only & Appendix areas too.

Basically the main Whonix ToC is almost done, except for the last 3 entries in the Appendix and a couple of the Tunnel and Chaining Support chapters which still need a bit of a clean up.

1 Like

Actually, there are only unapproved changes from 14 & 15 August (see special:recentchanges) that are mine. (As well as today).

It’s weird that some of the approved changes in recent times do not seem to be reflected on the relevant pages (server caching issue or similar?).

For a (minor) example, when I look at the VirtualBox entry on the System Hardening Checklist, when logged in you can see the additions made (5 security points/tips instead of the old 3), but when logged out it’s not there.

Another example, the Debian Host Operating System Tips (Debian Tips) page. When logged in, the approved, clean version of the chapter appears (with no pending changes noted). However, when logged out, the messy page still appears with “Pending changes” option available from the drop-down box.

Time to do a server clean up or similar so relevant changes are reflected on the website?

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]