Hello I am new to whonix and have been reading the documentation page to the best of my ability as I am also new to Linux. My question pertains to the following link:
How old are these instructions?? I had heard from a trusted source that there riseup email was compromised. I had a riseup account and one day logged in to find that all my emails had been deleted and figured that it must have been indeed compromised. I was totally unaware that riseup even offered a VPN until I read the above link. My question is does this test still work??
My second question is assuming I am using an open VPN that “claims” to not keep logs and takes anonymous payments via btc or giftcards so the only required info is an email that is only used for the purpose of this VPN this VPN is not riseup obviously. Every time I log into the VPN on my host which is Ubuntu I check for DNS leaks by going to ipleak sites which check for VPN DNS leaks and verify that the VPN is not leaking. Once that is verified then begin the gateway and workstation and begin browsing. Using that protocol my intention is to keep my ISP from learning of my tor usage and secondly to offer a second means of protection should tor my tor connection become deanonymized for any reason. Is this a safe way of using a VPN with whonix use?? Is there anyway I can further test the effectiveness of my set up in a similar way as the link above? Or is it pretty safe based on your knowledge. I seriously feel that that link is outdated as it even mentions securitykiss which I have heard along with Hidemyass keep logs and are definitely not safe VPNs to use. Sorry if my question is confusing.
Instructions are old. No one is setting there and keep checking every week if those are still working. If they not work, then they just not work. Nothing going to blow up.
If you don’t trust riseup, don’t use riseup. The TestVPN instructions are for testing VPNs. Not for production use. For production use, choose whatever provider you prefer. Those instructions only serve as example. Btw also distinguish between “your account compromised” vs “whole riseup provider compromised”.
Well as far riseup what I heard is they had a breach, I imagine that is why they deleted my emails. What VPN testing providers are trusted ones that you might recommend??
If your emails were deleted in the absence of any evidence that whole riseup was compromised, it is much more likely that just your account got compromised. Perhaps through (spear) fishing?
Whonix doesn’t recommend or recommend against any VPN providers. Whonix provides security by design, technology, compartmentalization, transparency. It’s not in the business of judging security by policy, trustworthiness of companies. For testing you can use any VPN provider. Even compromised ones should not be able to inflict any harm. There are not that many VPN providers “for testing”. The definition “for testing” here is, that they are providing free at least limited access to anyone without adding up too much hurdles. If you want to figure out trustworthy ones, that’s a different business.
Although it is a slightly different setup, I can confirm that I successfully use a VPN in conjunction with Whonix/TOR on occasion, and everything works as expected. The difference is that I am not hiding TOR from my ISP, but rather connecting as:
User -> TOR -> VPN -> Internet
…because some websites block all connections from TOR exit nodes, but not from VPNs. So to access those sites I use OpenVPN from within Whonix Workstation, and they see me as coming from the VPN IP address instead of TOR. The procedure for this is very simple, just invoking “openvpn --config” using the provider’s scripts. I am not using a permanent conf-type setup, since I alternate between using or not using the VPN.
To do it the other way around, User -> VPN -> TOR -> Internet, the connection has to be made from Gateway instead (or host), using different procedure. But it should work.