Now that Whonix is a decade old and widely respected, stable, and has an increasing user-base, one major issue is outstanding - an official security audit.
In light of recent security audits undertaken by OTF of OnionShare and the like, it is worth reaching out to see if they would consider Whonix as a suitable audit candidate.
The Whonix platform explicitly fits the bill of their Red Team Lab goals:
The Red Team Lab is one of several in-kind services offered by OTF. Through the Red Team Lab, OTF strives to accomplish the following:
To strengthen the security of open-source internet freedom software by providing auditing services. The lab offers third-party services focused on improving the software security of projects that advance OTF’s internet freedom goals. Audits ensure that the code, data, and people behind the tools have what they need to create a safer experience for people experiencing repressive information controls online.
To engage in public safety audits. This allows the lab to audit and reverse-engineer potential malicious apps deployed by governments or state-sponsored actors, which may be putting users at risk through a grave privacy and security overreach.
…
The lab will prioritize supporting the following projects:
Internet freedom efforts, tools, and software currently or previously supported by OTF
Efforts that fit within OTF’s remit, but for various reasons, may not be current or previous recipients of OTF funding
Projects the Lab seeks to support
Some examples of applications the Red Team Lab will review are the following:
An Internet freedom project seeking a security audit of their software
An Internet freedom project looking for short-term support for remediation of known vulnerabilities
An internet freedom project looking for a security architecture and design review in the early stages of a project from a trusted and capable third party
The ideal applicant is a software developer, project lead, systems administrator, or an information security technologist who can speak on behalf of a software project that has the ability to adequately respond to and maintain the lab’s output after the support is concluded.
In other words, Whonix would be a perfect candidate. Why not make contact?
Can this issue be revisited?
I started filling the form and although I can write everything, I feel this would be better written by someone with an overall knowledge of the project.
Describe your project in a few sentences.
GOOD SUMMARY NEEDED
What is the big challenge your project is trying to address or solve?
Insecurities in torifying applications via other methods, as tor is not enforce. Whonix enforces this because the only way to connect to the internet from the Workstation is through the Gateway. MORE THINGS HERE.
How is your project advancing free expression online directly or indirectly for those being repressed?
Providing a security by isolation software of a Workstation interacting solely with a Gateway that controls the connection to the Tor network. Anyone can use Tor Browser to surf on tyrannical regimes. MORE THINGS SHOULD BE INCLUDED HERE.
Who does your project help, who are the users, and how many of them are there?
Help users who use Qubes with Whonix as a qube that can be installed on the first boot. Also helps anyone that uses Tor. MORE THINGS SHOULD BE INCLUDED HERE.
How much will it cost in USD? If you are seeking support from one of our service partners, leave the amount blank or put in zero. If you are a service partner, put in your estimate and then update this with the actual later.
0?
What are the key objectives, outputs, or ideal scope of work you expect? A quick list is acceptable.
I expect malware that infects the Workstation to bypass the Gateway proxy.
What is the ideal timeline from start to finish?
3 months? IDK
Please provide links to any source code repositories, app stores where the app is found, or if not publically available, how you will make them available to service partners.
You mean maybe audit the RAM wipe feature only? That would be interesting. It’s a complex enough task to warrant it and would be a huge contribution that otherwise is unlikely to happen anytime soon. Also a more straight forward task for “hello”.
We’d need to add an extra chapter giving hints how to audit such a feature? Nothing new. Replicating the same method(s) the original cold boot attack authors described and performed in their paper.
Should wait until this feature hits stable? It’s not much tested yet. Not even by me.
Should wait for the future design to get implemented?