There might be some questions.
Great, funny though, that i have to âProve youâre legit:â and solve a reCaptcha to visit via Tor.
Oh the Irony
Re: article. Let me give you a flavor of what others are saying about Whonix currently.
Hereâs some Whonix feedback below from one of the self-labelled âsecurity expertsâ at schneier.com who isnât happy unless they have some micro-kernel, data-diode, air-gapped, energy-shielded, 1950s typewriter with manual enigma encryption cogs built in to suit the tastes of .00001% of the population
ab praeceptis February 4, 2017 8:52 AM
Snakeoil - or slapstick? - served and spread inter alia by hacker news. âwhonixâ. Itâs said to be totally awsomely 3l1te super-special secure.
Letâs look at it. Its basically a debian based totally extremely terribly special secure thingy with a tor gateway and - how inhumanly smart! - a virtual machine thatâs also tor based.
As they explain, nobody and nothing can penetrate that 3l1t3 protection!
Well, OK, picky people might remark that debian is well known for occasionally utterly breaking security beyond idiocy. Others might have doubts about tor which actually doesnât have that great a track record but letâs not be too picky.
A propos âpickyâ:
- too little mentioning the superhuman capabilities of ssl/tls
- no mentioning of letâs encrypt. Sorry guys, but I canât take you seriously unless you use dual letâs encrypt certificates.
- No âawsomely 3l1t3 super secureâ golden sticker. This one is the show stopper for me. Ev-er-y-bloody-one who ever used totally superspecialsecure stuff from Symersky knows that the decisive ingredient is a golden sticker!
P.S. Iâm waiting for the day when cube and whonix put their brainpower ⢠together and create the super-giga-awsomely special-secure whonix thingy on top of cube thingy. Microsoft better get themselves lots of pampers; theyâll need them.
However, we have some decent counter-opinion:
Dirk Praet February 4, 2017 10:10 AM
@ ab praceptis
Iâm waiting for the day when cube and whonix put their brainpower ⢠together and create the super-giga-awsomely special-secure whonix thingy on top of cube thingy.
I suppose youâre just being sarcastic because Whonix has already been integrated in QubesOS. However imperfect, it is a combination that arguably is a tad less insecure than Windows 10 or other mainstream OSâes.
And the quick retort:
ab praeceptis February 4, 2017 11:44 AM
Dirk Praet
However imperfect, it is a combination that arguably is a tad less insecure than Windows 10 or other mainstream OSâes.
Well, their claim isnât to be a tad less insecure than windows.
Plus: Is it really? Frankly, I have doubts that combining two insecure items results in a more secure one.
Or, to be more frank: While virtualization can be one building block - if itâs well understood and well designed and done - the current âvirtualization is the messiah of securityâ believers are provably wrong in the vast majority of cases.
Throwing in debian doesnât help neither. Thatâs merely adding the lottery factor when and which maintainer utterly fucks up something critical. Thatâs not to say that redhat and others are secure nor that debian is shit, but if someone where serious (but insisting on linux) wouldnât he at least use something like alpine?
Iâll stop the list here but it should at least be mentioned that tor is not secure.
And it seems noteworthy that things donât come for free. tor, for instance, risks to carry a very ugly price tag, namely to basically put crosshairs plus a label âprobable suspect or even terrorist!â on its users. Because thatâs what lea types think when someone uses tor.
To keep the fbi (or the ever-evil fsb) away? It might be worthwhile to think about how those people take that. Hint: âWe must blast in his house at 11 pm with a swat team and make sure he doesnât move so much as touching his devicesâ (except for the professional teams who will calmly smile looking at the mirrored exit node port).
That whole stuff truly deserves a big fat golden sticker. Will look nice at the jail wall.
And the comeback:
Dirk Praet February 4, 2017 4:39 PM
@ ab praeceptis
Iâll stop the list here but it should at least be mentioned that tor is not secure.
Nobody says it is - at least not against resourceful state actors - and @Clive has dissected all of its many shortcomings on more than one occasion. Tor, TAILS, Whonix, SubgraphOS, CubesOS etc. serves two purposes:
- Provide out-of-the-box security hardening and enhanced anonimity that is prominently missing from mainstream consumer OSâes, thus offering some degree of protection against data harvesters, cyber criminals and even local LE.
- Give state actors a run for their money, making their work increasingly difficult as more and more ordinary ânothing to hideâ citizens become Tor and independent OS users whose private life and data are no longer a call to or a tap into Microsoft, Apple or Google away.
OpenBSD fanboy #1 makes a comeback:
ab praeceptis February 4, 2017 5:18 PM
Dirk Praet, Elmer FUD
Sorry, no. Maybe many think your way because in the situation weâre in, it might seem that anything providing (or seeming to provide) any security is welcome.
When I see âdebian-basedâ I donât need to look any further. Nobody halfway knowledgable about security know that debian is certainly not the way to go. Why not build on, say OpenBSD? Those guys have a track record of being seriously concerned about security and knowing a thing or two about it. And donât you get me started on systemd; the day debian took that route they signed being utterly security ignorant.
Yada, yada, yadaâŚ
My view:
Ironically, many of the same posters (the place is infested with probable govt plants) often resort to some huge monolithic kernel as a host OS e.g. backdoored Windows for their daily computing lives or âsecureâ OSes with miniscule user bases e.g. OpenBSD. They often put in no effort to anonymize any of their activities if you follow the threads over there for some period of time.
Effectively, according to some of the âsecurity expertsâ unless itâs âpaper, paper, never dataâ you canât win and they are completely defeatist in their attitudes. This is the chump attitude seen at large in the population, and why we are currently stuffed.
Many of the âexpertsâ simply have no imagination:
- Yes, encryption will be broken, but quantum-resistant ciphers will one day be ubiquitous.
- Yes, Torâs model is currently broken with end-end correlation, but it will one day have effective padding and other measures to stymie this type of global adversary attack, just as quantum-resistant encryption is planned for Tor 3.X.
- Yes, no computer solution is perfectly secure, and it never will be. We need solutions that are easily adopted, ubiquitous and seriously hardened to protect the civilian population from the new police state. What we donât need is âItâs too hard!â or âItâs not perfect!â to derail our thinking.
- Yes, Torâs population is currently small as a percentage of all internet users, but the sheep need an awakening to start protecting themselves with adoption of these tools instead of every day drinking the proprietary and corporate kool-aid.
- Yes, the government can nail anybody actively targeted (who couldnât with a few billion?), but the golden age of surveillance will not last forever e.g. see the large shift to encryption, auditing, fuzzing, layering of protection, virtualization etc. world wide following disclosures of the last few years. The attack-defence shifts have been going on for decades already if you read Schneierâs informative articles.
- Yes, Intel and other major manufacturers of hardware are probably backdoored, but one day there will be fully opensource hardware available if even one billionaire donated 1% of their yearly revenue to a worthy cause, instead of buying another island in the Caribbean.
- Yes, Tor is in some ways a target painted on your forehead, but the paranoia is largely FUD spread by those with an agenda (the full take of all internet traffic and communications attributable to person X). Again, the solution is for its use to become mainstream e.g. like the Signal protocol has become with WhatsApp. Further, it does not stand to reason that Tor is fundamentally broken, otherwise:
â The illegal drug markets there wouldnât be doing such a roaring trade, nor would dealers on hidden services be able to offload pounds of drugs over years without being busted (note: I donât condone this behaviour, just pointing out the obvious fallacy in the argument with an example).
â Whistleblowers that have pwned the surveillance state (Snowden, Manning, Greenwald and others) using encryption, Tor and other tools would never have succeeded in the first place.
â Governments world-wide wouldnât be actively blocking Tor at the ISP level and public bridges and screwing with pluggable transports.
Etc. etc.
Thank you for reading that thread on hacker news and quoting notable stuff here. I donât think I could keep on re-reading to see whatâs news.
Does anyone have a hacker news account? If so, could you please throw in these links?
- re OpenBSD: Frequently Asked Questions - Whonix ⢠FAQ
- re Alpine: Dev/Operating System - Whonix
Sorry, that info was from this weekendâs Schneier.com thread, not the Hacker news article.
However, Schneierâs forum on the weekend focuses on security information that is currently in the news. So most probably they are ragging on Whonix since theyâve come across the article you originally linked.
The professed intelligentsia donât usually mention Whonix much.
Talk there normally revolves around incomprehensible gibberish reserved for computer engineers or cryptographers, interspersed with liberal doses of asinine political commentary and acts of intellectual masturbation, all while trying to bask in Bruceâs reflected glory. Some wouldnât deign to consider impartial facts about why OpenBSD might be (gasp) less-than-secure, since that is heretical.