Information
ID: 125
PHID: PHID-TASK-l2w7kss5m6htaqaecsfl
Author: Patrick
Status at Migration Time: resolved
Priority at Migration Time: Normal
Description
Short Task Description :
See Features, Advantages, Use Cases - Whonix then use your brain and restructure it in a usable way.
Details :
These pages are historically grown. When we started documenting this, we didnât know everything we know now. Knowing what we know now, we should restructure that knowledge so it can be easier understood by the user.
For example, Combining Tunnels with Tor has an âintroductionâ chapter, that is supposed to be read by all, proxy, VPN and SSH tunnel users.
And Combining Tunnels with Tor has a ârequired knowledgeâ chapter that applies to all of these.
Also for VPN related stuff, these two pages are theoretical and for the practical part, we tell users to see the VPN Tunnel Setup Examples page.
We also tell them for VPN related stuff âFail Closed Mechanismâ, but instead of explaining how to do this to them, we link to other pages.
For better usability, these 3 pages (tunnel Tor through X + tunnel X through Tor + TestVPN) should be split into 6. Like this:
Tunnel Tor through proxy (user â proxy â Tor)
Tunnel Tor through SSH (user â SSH â Tor)
Tunnel Tor through VPN (user â VPN â Tor)
Tunnel proxy/proxychains through Tor (user â Tor â proxy)
Tunnel SSH through Tor (user â Tor â SSH)
Tunnel VPN through Tor (user â Tor â VPN)
Knowledge that applies to multiple tunnel scenarios should be moved to wiki templates and these templates should then be used where required.
Comments
JasonJAyalaP
2015-11-29 20:28:54 UTC
Iâd like one page that briefly introduces two types of connections (tunnel before; tunnel after), with links to 6 pages for each configuration/setup.
Hereâs my rough draft of the intro page. Tell me if any technical details are wrong or unclear:
It is possible to combine Tor with tunnels and proxies such as VPN, Socks and SSH. Your traffic can be sent through both Tor and the second tunnel, in either order. However, this is an advanced topic and appropriate only for special cases. Adding a second connection does not automatically add security, but will add significant complexity. In fact, improper combination of Tor and another service may decrease your security and anonymity. For almost all users of Whonix, using Tor alone â without a VPN or proxy â is the right choice.
Connecting to a VPN or encrypted proxy before Tor
By first connecting to a VPN (or proxy) then connecting to Tor, your internet traffic will (1) pass through your ISP as encrypted VPN or proxy traffic; (2) exit your VPN server as encrypted Tor traffic; (3) enter to the Tor network; (4) exit the Tor network at a Tor exit node as normal internet traffic (encrypted or unencrypted).
Possible uses:
You must connect to your VPN or proxy to access the internet.
Your ISP blocks Tor and Tor bridges but doesnât block VPNs or proxies. Your ISP doesnât inspect VPN or proxy traffic for possible Tor connections.
Fear of de-anonymizing attacks against the Tor network; belief that your VPN is able to hide your identity in such case.
Warnings:
A VPN or proxy that knows your identity and/or location may be more willing and able to compromise your privacy than your ISP.
If your software configuration doesnât block all traffic when your connection to your VPN or proxy suddenly disconnects, your Tor traffic will go through your ISP without warning.
HTTP, HTTPS, and Socks proxies are much less likely to hide your Tor traffic than VPNs.
If the use of Tor is dangerous in your area, VPNs and proxies may not provide enough protection.
Configuring a VPN before Tor
Configuring a Proxy before Tor
Configuring SSH before Tor
Connecting to a VPN or encrypted proxy after Tor
By first connecting to Tor, then to a VPN or proxy, your internet traffic will (1) pass through your ISP as encrypted Tor traffic; (2) exit the Tor network at a Tor exit node as encrypted VPN or proxy traffic; (3) exit your VPN or proxy as normal internet traffic (encrypted or unencrypted).
Possible uses:
As one component of using a VPN or proxy anonymously for some specific reason.
You must use Tor, but need to connect to an internet server who bans Tor exit nodes.
Warnings:
Even though Tor will hide your IP address from your VPN or proxy, you can still be located with your payment method, usages logs, or other identifying information the service knows about you.
You will not be able to access Tor hidden services.
Configuring a VPN after Tor
Configuring a Proxy after Tor
Configuring SSH after Tor
Patrick
2015-11-29 21:02:33 UTC
Looks good overall. A general overview page sounds very good. Feel free to create [temporary] wiki pages. After youâre done we can simply move them where they really belong. [Just want to spare you from once writing the text using phabricator and one mediawiki markup.]
Since these introduction pages are often skipped by users, since they find the links elsewhere, these general info and warnings should be actually hosted in wiki templates. So these can be reused at the specific pages.
How to use wiki templates? Template:somepage. Add the text. Then import that template from a normal wiki page using {{tempalte-name}}. A random example:
Some minor technical points.
improper combination of Tor and another service may decrease your security and anonymity
I am certain, the âmayâ will generate inquiries. The âmayâ should be a link. Or a footnote linking to TorPlusVPN ¡ Wiki ¡ Legacy / Trac ¡ GitLab should be added after that sentence.
encrypted proxy
That combination of words is problematic. Please have a look here:
Whonix versus Proxies
If your software configuration doesnât block all traffic when your connection to your VPN or proxy suddenly disconnects, your Tor traffic will go through your ISP without warning.
Perhaps a footnote or something, that makes clear, that Whonix does not introduce this issue, the weâre only documenting this mess that we did not create. Would be pointless if users therefore concluded âI not use Whonix thenâ.
Configuring a Proxy before Tor
âbeforeâ is ambiguous because traffic flows in two directions. So many got this wrong.
By first connecting to Tor, then to a VPN or proxy
We should keep the current wordings in this style.
Connecting to a tunnel-link (proxy/VPN/SSH) before Tor
Connecting to a proxy before Tor
And also keep the connection schemes.
(User â proxy/VPN/SSH â Tor â Internet)
To make sure no one can misunderstand. This has always been a source for major confusion.
JasonJAyalaP
2015-11-30 01:15:15 UTC
Patrick
2015-11-30 02:36:49 UTC
JasonJAyalaP
2015-12-01 01:14:03 UTC
https://www.whonix.org/wiki/Configure_VPN_before_Tor
A made the âVPN before Torâ page. The last part (configure whonix-gateway) was copy and pasted from the original page. Iâll revisit those instructions once all the pages are in place.
I like the page heirarchy idea. Is that how you want it? Maybe âTunnelsâ instead?
Tunnels/Introduction
Tunnels/VPN_Before_Tor
Tunnels/SSH_After_Tor
or
Tunnel/VPN/Before_Tor
Tunnel/SSH/After_Tor
?
Patrick
2015-12-01 15:17:37 UTC
The before and after is ambiguous.
It all comes down to oneâs perspective. i.e. am I talking about the
tunnel-link being âbehindâ Tor and therefore before it reaches my
internet destination (User â x â Tor â Internet)? Or, am I talking
about the tunnel-link being âbehindâ Tor before the data reaches me?
(User â Tor â X â Internet)
Thatâs why it was changed to.
Connecting to a tunnel-link (proxy/VPN/SSH) before Tor
Connecting to a VPN before Tor
Connecting to Tor before a tunnel-link
Connecting to Tor before a VPN
When âbeforeâ is coupled with âconnectingâ, it makes it rather obvious
that one is speaking from the mindset of the [User] connecting to
before [i.e. connecting to X first, and then connecting to] Y.
Hierarchy proposal:
Tunnels/Connecting_to_a_VPN_before_Tor
Tunnels/Connecting to_Tor_before_a_VPN
JasonJAyalaP
2015-12-03 23:27:19 UTC
Patrick
2015-12-04 02:14:18 UTC
JasonJAyalaP
2015-12-09 00:06:14 UTC
Patrick
2015-12-09 00:03:19 UTC
JasonJAyalaP
2015-12-09 00:12:13 UTC
EDIT: Oh wait, I see. The riseup example is about connecting to a VPN, before or after.
Original:
The rise-up example on VPN/Examples is about Tor_before_a_VPN, and itâs longer than most of the individual tunnel pages. When we have one or multiple proxy_before_Tor example(s), youâd rather have them on the same long page as the rise-up Tor_before_a_VPN example than on âproxy_before_Tor/Examplesâ ?
JasonJAyalaP
2015-12-09 00:20:55 UTC
JasonJAyalaP
2015-12-09 00:28:15 UTC
Patrick
2015-12-09 02:09:21 UTC
JasonJAyalaP (Jason J. Ayala P.):
(Whatâs the markup to change
the page title display?).
One method would be to add
__NOTITLE__
at the very top. That magic word is hidden in the final html output and
will suppress the title.
Patrick
2015-12-09 02:19:03 UTC
If we want a title replacement, we should perhaps do that using html.
Just now created a template:
{{{title}}}
usage:
{{Title|
title=Connecting to a VPN before Tor
}}
Usage example:
Connecting to a VPN before Tor
Patrick
2015-12-09 03:07:26 UTC
Do you have a rough list of editorial changes?
Comparison Table should be included in the introduction.
We also need SEO descriptions for all pages. (Most Whonix pages have them. See for comparison.)
{{#seo:
|description=Whonix Documentation. Crash Course in Anonymity and Security on the Internet.
}}
Shouldnât we somehow optically separate <references />
as done by other pages? (On other pages they have their own chapter.) It doesnât have to be its own chapter, but just writing them at the page end without and optical separation seems wrong.
Looks good overall.
Once that is sorted out, and [anchor] links and Features, Advantages, Use Cases - Whonix is working⌠We move Combining Tunnels with Tor to https://www.whonix.org/wiki/Deprecated/Using_Tunnels_with_Whonix . Then this ticket can be closed.
We still wouldnât have actionable, usable pages one can read and apply from top to bottom, but still a huge improvement over the previous mess.
JasonJAyalaP
2015-12-12 02:38:21 UTC
I added {{Title| and #seo to each page. (But some pages are showing the NOTITLE effect, some arenât.)
I copy-pasted the comparison table to the intro page.
I donât have a list of editorial judgements. Most were very minor. I think biggest was splitting out the details of âCombining Tunnels with Tor â to different pages (one point went to the introduction warnings, one point went to proxy pages⌠I think. Stuff like that).
optically separate ? I donât understand.
I linked âFeatures, Advantages, Use Cases - Whonix â to the new pages
JasonJAyalaP
2015-12-12 02:49:08 UTC
I did a visual scan for anchor links in all 6 sub-pages, but only needed to correct one link.
This link is very odd though
Connecting to Tor before a Proxy
What exactly is âread firstâ ? And is the #introduction link susposed to be the info about fixing tor browser (and does it still have the bug?).
Patrick
2015-12-12 02:54:40 UTC
Patrick
2015-12-12 02:57:58 UTC
JasonJAyalaP
2015-12-12 19:22:22 UTC
Patrick
2015-12-12 19:24:02 UTC
Patrick
2015-12-12 19:29:24 UTC