[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Should Whonix host be fully torified by default?

What are the pros and cons of either?

1 Like

Fully torified would mean routing all traffic over Tor which would result in Tor over Tor when using a Whonix VM. Something that isn’t wanted.

Routing only some traffic over Tor (e.g. apt) would be good in my opinion as it anonymizes the host instead of just the VMs.

No torification cons:

  • An attacker could see what packages you have installed and have better idea of what exploits to use as apt isn’t torified.

  • User might use the network on the host and do something like visit a website, potentially deanonymizing them.

  • User might install other software and will be deanonymized if that software phones home.

  • ISP or anyone else monitoring the network can analyse all untorified traffic.

No torification pros:

  • Faster speeds for the host.

  • No extra configuration required.

  • No need for troubleshooting Tor on the host.

1 Like

Please assume we can sort that out using OneVM or so.

We’ll probably would have to add optional clearnet access on demand too even if we went fully torified by default.

Should Whonix host be fully torified by default? is more of a theoretic very long term vision question for now.

1 Like

Interesting. I haven’t heard of using OneVM before. Would the VM be using the host’s Tor client?

Would it be better to use full torification with both VMs and add exceptions for the VMs if that is possible?

That would be useful for captive portals. It could be added as a custom boot parameter like clearnet=on. Maybe there could be a window at start-up with options. Similar to Tails.

Edit: looking at the wiki page, it seems that OneVM would be using the host’s Tor client.

1 Like

I am of the opposite opinion. See my topic here:

http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/suggestion-remove-or-disable-tor-and-all-whonix-network-related-packages-and-settings-in-whonix-desktop/7384/8

The way I understand it, Whonix Host is “merely” a hardened debian with installed and configured KVM Whonix-Gateway/Workstation VMs with virt-manager.

But network shouldnot be torified.

Reasons:

  • May be installed anywhere anyhow, providing debian hardened security + Whonix VM for Tor activities
  • Do not connect to Tor by default unless the user wants it -> avoiding dangerous situations for the user, ensuring ubiquity
  • Torifiying the Host does not seem useful as Tor is already provided by the Whonix VMs.

This being said maybe torifying the network connections could be chosen by the user, not bye default

2 Likes

Yes.

Some very outdated bits here: https://www.whonix.org/wiki/OneVM

Should we go for torification by default, yes.

Yes.

1 Like

That sounds like a good middle ground. It could be added to the anon connection wizard or as a boot option.

It doesn’t seem too hard to setup. It doesn’t seem as secure as the ordinary way though.

1 Like

What about the cases users need to use different gateway / tor configuration?

For example, today users can use another Gateway when using onionshare. Another disadvantage will be the lack of snapshots that makes it easier to recover from mistakes in configurations.

In general I agree with @onion_knight’s view. Whonix host as a hardened debian / pre-installed Whonix, Tor connections only within the VMs.

1 Like

cant we as well separate Tor in whonix host connection from Tor in GW ?

GW has its own connection and whonix host has its own connection. so torrifying the host wont lead to TorOverTor nor oneVM connection.

TNT_BOM_BOM via Whonix Forum:

cant we as well separate Tor in whonix host connection from Tor in GW ?

GW has its own connection and whonix host has its own connection. so torrifying the host wont lead to TorOverTor nor oneVM connection.

That it’s the state of things anyhow. Whonix-Host and Whonix-Gateway
running separate Tor. A lot easier to implement than Whonix-Host using
Tor running inside Whonix-Gateway.

1 Like