Whonix amnesic?

Hi, i was wondering if whonix leaves no trace on the pc, in the same way as tails do.
I think that due the fact that it s run i a virtual machine, it will obviously leave traces.

Edit by Patrick:

  • changed title

No, see:

Tails is a livecd that runs in RAM, Whonix is not.

If you are concerned about hiding the content of your Whonix guests, I suggest running encrypted filesystems on host and storing the Whonix virtual machines there. This is not a silver bullet, yet it is an additional layer of privacy.

It’s not amnesic like Tails. Because of that I installed the whonix virtual box images inside a Veracrypt volume. I expected it to be slowed down by the encryption taking place, but no, it works fine!

Overhead from encryption isn’t that big. LUKS works fine even on old 32bit single core CPUs.

greenwhonix and patrick, wich sofware should we use on whonix to clean cookies? Bleachbit as root?

Tor Browser Essentials will deal with this.

patrick could you be more clear? I understand that you have too many question too answer, but whonix is a beatiful sistem and also complicated, especially for the beginners… For example now i don’t understand why you remind me about tor broswer, maybe are you tryng to tell me that it is not necessary to run bleachbit because tor broswer does not store cookies?
I don’t understand, really

Tor Browser deals with cookies as the Tor Browser wiki page says. No need for other cookie cleaners.

It is not possible. The main reason being the vm disk images must be stored somewhere. Storing these in an encrypted disk however is sufficient for me. That will be mounted to [font=courier]/mnt/vm[/font]

However I have been toying with the idea of a “physical isolated + amnesic” virtualized solution. In short it would involve two computers, a gateway, and a virtual machine host, both would boot from a USB stick each.

The Gateway, would be a ramdisk. I’d looked at HardenedGentooTG and considered merging that with something like tor-ramdisk. I would have to upload my HiddenService keys each time I rebooted the gateway, (probably from an encrypted USB stick).

The Workstation, would also be a ramdisk. I was thinking of using a Gentoo Hardned Custom Initramfs. I could use some of the features from here, eg SSP, BIND_NOW, RELRO, PIE. This is one of the downsides of using Debian as the host as it’s not easy to build with a hardened toolchain. You can’t control your USE flags either so things are built much larger than they need to be. Gentoo also supports Hardened uClibc and Hardnend musl. musl is the newest player, it aims to support only the ISO C99, IEEE 754, POSIX 2008 standard. Over the years glibc has let a lot of cruft and nonstandard functionality enter their implementation. More information about that can be found in the FAQ There’s a comparison here of the size of the binaries each produces.

This machine would ONLY have a very basic surface area, libvirtd kvm. I’d also use sVirt (Secure Virtualization). This would be helpful at preventing things such as the recent VENOM vulnerability, also discussed here.

The description mentioned here sounds like exactly what I am trying to achieve:

sVirt integrates SELinux with the Fedora virtualization stack to allow Mandatory Access Control (MAC) security be applied to guest virtual machines. Amongst other things, this prevents a security bug in the hypervisor from allowing guests to attack the host or one another.

This machine would boot, from ramdisk, with it’s own pre-compiled kernel for my hardware.

It would include libvirtd, busybox, SELinux + sVirt. I would use RBAC as well. Part of the reason for using RBAC would be so I could create a Special Role I’d mount my root as read-only, but allow for [font=courier]/mnt/httpd[/font] (cryptsetup mounted disk) to be read-write so that nginx can operate. A read-only webserver isn’t very fun.

As I’d be compiling my own kernel and individually going through the Grsecurity and PaX Configuration Options. While Whonix and TAILS are great for newbie users to get a secure platform, extra hardening does take effort and is very difficult to build into a one-size-fits-all product.

Ultimately as a HiddenService operator is aiming at 100% uptime they need to think about what is in their stack and how it can be used against them. I cannot see how it is possible to get that kind of security without compiling your own kernel, and system. The fact is zero-days exist and simply depending on Debian maintainers to patch/know about these before they are in the wild is not a given.

If you’re hosting a HiddenService you have to be prepared to have the machine physically secured too, such as a outer case that if opened cuts power. It would ideally be enclosed around the power socket and bolted to the wall, to thwart things such as this hotplug field kit. You could have a gyroscopic sensor attached to the case so if your adversary unbolt it, the power would be cut. Light sensors could be used as a secondary precaution. A nice idea for a little Arduino project.

This machine would be hosting a Hidden Service, and I think using hardened kernel sources is a really good idea, besides removing all the unrelated things you simply do not need from the kernel.

Some of the physical protections would be ideal at thwarting foreign USB devices There was a discussion about that here I think I should also look at TAILS’s memory erasure scripts and see if they can be ported to Gentoo.

As I plan on hosting a Hidden Service (which has to store the webserver files on an encrypted disk) I was thinking of passing the httpd root in with something like 9p_virtio, that way if the guest Workstation VM was compromised the encryption keys could not be extracted from RAM, not unless there also existed a virtual machine vulnerability that allowed one to look at the host’s memory. Eg like Cloudburst with CANVAS that couldn’t be mitigated by any of the other hardening mentioned above.

I’m thinking this could also be adapted to be a paranoid workstation. I could build a simply window manager tinywm looks to be the smallest. Alsa etc into my host’s ramdisk, and then use a regular Whonix Workstation (with KDE), or maybe build a terminal only build and use something sweet like i3wm because tiling window managers are superior :wink: