Hardware solutions could only provide censorship circumvention. Can not providing anonymity alone, due to protocol leaks, i.e. browser tracking / fingerprinting. Hiding IP alone isn’t enough nowadays.
So it would require a hardware device + “you must install this package on your device before you’re ready to go” solution. I don’t think that would Whonix simpler. Unfortunately.
I’ve got one small idea to help usability – as I’m setting up Whonix for my folks (where I don’t live) so I can then communicate with them anonymously and they can browse freely on sensitive subjects also!
This is it:
The update steps (apt-get) in konsole are a bit much for a windows-usually, 60-something technoklutz! How about including a one-click shortcut with a big nice ‘Update Whonix’ and icon on the Desktop, and instead of (only) giving scary unintelligible instructions to do those commands like WhonixCheck currently instructs, instead say: ‘Updates found! Click on ‘Download Updates’ on the Desktop to stay secure! (Advanced users: do .)’?
I’ve set a simple shortcut to a sh script just doing:
And all it does it gui-prompt for password after clicking on it once! Ease of use indeed will increase security for the mainstream, and anonymity for us ALL – the more people can use Tor and Whonix and encryption and all these tools, the better for all of us and the harder for those who want to take our rights away!
(Btw I’m new to linux too so probably aren’t using state-of-the-art syntax back there :P)
Anyway, thanks for everything you do with Whonix Patrick – it is a just amazing and essential tool for anonymous Internetting!
Btw, is there some ‘whonix suggestion box’ that one can submit simple but useful (anonymous) suggestions for improving the security/privacy/usability of Whonix for dev consideration?
I know thre’s the forum, the wiki and github, but I mean something that doesn’t require an account – just a ‘dropbox’ for sharing helpful suggestions with a simple text submit form and begrudging captcha if need be.
Cos I’ve got another one, and I’m sure I’d have more in the future as I get used to whonix! and that is, removing the maximize button in kde settings, so the user (e.g. your technoklutz folks), can’t accidentally maximize TBB and suddenly make their fingerprint INSANELY unique (cos ofc, it’s too hard to expect not to use JS when they browse! I will, but not having a maximize button by default will help retain anonymity – and power users can always manually resize a window anyway, or add the button back of course!)
Oh, me again, with another small friendly suggestion! You can also double click on titlebar to maximize too, not good for accidental use by a ‘mainstream’ non-technical user and they don’t realise they have a highly unique fingerprint for the rest of that browsing session! (which since this is a persistent vm, could be for a very long time, weeks even – longer, if they ‘save state’ when closing and whonix never needs to be restarted!) I think TBB resets window size when starting up (and probably with ‘New Identity’) but still…it can happen, and it’s an anonymity liability!
So: System Settings, Windows Behavior, Window Behavior, Titlebar Actions, Titlebar double-click: set it to nothing by default!
How are you posting as Guest? Its cool and I wanna do the same.
Whonix resolution is standard for all versions so it shouldn’t leak the host screen size. The resolution info leak should be fixed by TorProject devs by now.
Anonymous bug reporting is an interesting idea. Tails has it under a feature called WhisperBack. Maybe porting it over to Whonix won’t be hard.
Patrick can you create a cypherpunks account on phabricator for anonymous reporting like Tor trac? The new bugtracker is hidden for new comers. Some direct link on the homepage or forum can help them find it.
(I’m learning! probably sudo is not even needed for dist-upgrade but hey it’s improving.)
It means grandpa only has to double-click on it, be prompted for password by the nice friendly kde window, watch the terminal text zoom past and learn something, and just let it do its thing until it automatically closes off – but of course, you’d be able to make an even nicer GUI progress bar tool for updating that doesn’t even show the terminal!
when i first heared i thought that the whonix workstation runs inside the whonix gateway. its maybe not as flexible as other setups but its a simple one and it allows to ship as 1 file. nested vms can also have a security advantage if 2 different virtualization tools are bing used.
User friendliness should not be the goal, rather thorough documentation should be the goal. Whatever technology has the best documentation thrives. Example: Arch Linux is so well documented its becoming its own standard amongst the Linux community, Debian is another example, packing great documentation, its probably running most of the worlds servers, as well as being the foundation of almost every major linux distro! Projects that do not provide excellent documentation are the ones that fall off the map. Dont cater to user friendliness, rather make the user knowledgable of the technology with excellent documentation, then the technology is friendly to them.
A small recommendation: Add ‘Whonix Forums Search’ (v3) to TorBrowser’s search providers.
(For a user, it is as easy as navigating to forum, clicking search icon, and then clicking the green plus sign in the Tor Browser search bar, to add it as a provider.)
This has the obvious advantage of making it that much easier to find support (I know the landing page for torbrowser has a link to forum).
Also, this adds a layer of security, searching the v3 onion directly. Rather than possibly using google, or duckduckgo’s clearnet search.
As far as recommendations for 2019 (5 years from OP). . .
personally, I would like a lighter install, without KDE, and something more along the lines of a net install, with the ability to add packages at install time.
You could have your bare metal base version, and then your fully loaded user friendly version with all the defaults installed.
For the fully loaded version, here are a list of some of my installed packages:
Maybe on the whonix landing page in ToprBrowser, there could be a note or link to quickly and easily add Whonix Forum Search to list of browser search providers. I find it very useful for quickly finding solutions to Whonix problems.
Well, of course. I didn’t say they should all be added to the defaults. I was just giving some ideas about what I personally use.
Agreed. No need for 20 chat clients, most of which use XMPP (and therefore redundant)
It’s not good unless you know how to provide an anonymous phone number, that you can anonymous keep control of.
I think Tails packages Electrum, right? I think that should be included in Whonix as well. At least for BTC,
