There might be some questions.
Great, funny though, that i have to “Prove you’re legit:” and solve a reCaptcha to visit via Tor.
Oh the Irony
Re: article. Let me give you a flavor of what others are saying about Whonix currently.
Here’s some Whonix feedback below from one of the self-labelled “security experts” at schneier.com who isn’t happy unless they have some micro-kernel, data-diode, air-gapped, energy-shielded, 1950s typewriter with manual enigma encryption cogs built in to suit the tastes of .00001% of the population
ab praeceptis February 4, 2017 8:52 AM
Snakeoil - or slapstick? - served and spread inter alia by hacker news. “whonix”. It’s said to be totally awsomely 3l1te super-special secure.
Let’s look at it. Its basically a debian based totally extremely terribly special secure thingy with a tor gateway and - how inhumanly smart! - a virtual machine that’s also tor based.
As they explain, nobody and nothing can penetrate that 3l1t3 protection!
Well, OK, picky people might remark that debian is well known for occasionally utterly breaking security beyond idiocy. Others might have doubts about tor which actually doesn’t have that great a track record but let’s not be too picky.
A propos “picky”:
- too little mentioning the superhuman capabilities of ssl/tls
- no mentioning of let’s encrypt. Sorry guys, but I can’t take you seriously unless you use dual let’s encrypt certificates.
- No “awsomely 3l1t3 super secure” golden sticker. This one is the show stopper for me. Ev-er-y-bloody-one who ever used totally superspecialsecure stuff from Symersky knows that the decisive ingredient is a golden sticker!
P.S. I’m waiting for the day when cube and whonix put their brainpower ™ together and create the super-giga-awsomely special-secure whonix thingy on top of cube thingy. Microsoft better get themselves lots of pampers; they’ll need them.
However, we have some decent counter-opinion:
Dirk Praet February 4, 2017 10:10 AM
@ ab praceptis
I’m waiting for the day when cube and whonix put their brainpower ™ together and create the super-giga-awsomely special-secure whonix thingy on top of cube thingy.
I suppose you’re just being sarcastic because Whonix has already been integrated in QubesOS. However imperfect, it is a combination that arguably is a tad less insecure than Windows 10 or other mainstream OS’es.
And the quick retort:
ab praeceptis February 4, 2017 11:44 AM
However imperfect, it is a combination that arguably is a tad less insecure than Windows 10 or other mainstream OS’es.
Well, their claim isn’t to be a tad less insecure than windows.
Plus: Is it really? Frankly, I have doubts that combining two insecure items results in a more secure one.
Or, to be more frank: While virtualization can be one building block - if it’s well understood and well designed and done - the current “virtualization is the messiah of security” believers are provably wrong in the vast majority of cases.
Throwing in debian doesn’t help neither. That’s merely adding the lottery factor when and which maintainer utterly fucks up something critical. That’s not to say that redhat and others are secure nor that debian is shit, but if someone where serious (but insisting on linux) wouldn’t he at least use something like alpine?
I’ll stop the list here but it should at least be mentioned that tor is not secure.
And it seems noteworthy that things don’t come for free. tor, for instance, risks to carry a very ugly price tag, namely to basically put crosshairs plus a label “probable suspect or even terrorist!” on its users. Because that’s what lea types think when someone uses tor.
To keep the fbi (or the ever-evil fsb) away? It might be worthwhile to think about how those people take that. Hint: “We must blast in his house at 11 pm with a swat team and make sure he doesn’t move so much as touching his devices” (except for the professional teams who will calmly smile looking at the mirrored exit node port).
That whole stuff truly deserves a big fat golden sticker. Will look nice at the jail wall.
And the comeback:
Dirk Praet February 4, 2017 4:39 PM
@ ab praeceptis
I’ll stop the list here but it should at least be mentioned that tor is not secure.
Nobody says it is - at least not against resourceful state actors - and @Clive has dissected all of its many shortcomings on more than one occasion. Tor, TAILS, Whonix, SubgraphOS, CubesOS etc. serves two purposes:
- Provide out-of-the-box security hardening and enhanced anonimity that is prominently missing from mainstream consumer OS’es, thus offering some degree of protection against data harvesters, cyber criminals and even local LE.
- Give state actors a run for their money, making their work increasingly difficult as more and more ordinary “nothing to hide” citizens become Tor and independent OS users whose private life and data are no longer a call to or a tap into Microsoft, Apple or Google away.
OpenBSD fanboy #1 makes a comeback:
ab praeceptis February 4, 2017 5:18 PM
Dirk Praet, Elmer FUD
Sorry, no. Maybe many think your way because in the situation we’re in, it might seem that anything providing (or seeming to provide) any security is welcome.
When I see “debian-based” I don’t need to look any further. Nobody halfway knowledgable about security know that debian is certainly not the way to go. Why not build on, say OpenBSD? Those guys have a track record of being seriously concerned about security and knowing a thing or two about it. And don’t you get me started on systemd; the day debian took that route they signed being utterly security ignorant.
Yada, yada, yada…
Ironically, many of the same posters (the place is infested with probable govt plants) often resort to some huge monolithic kernel as a host OS e.g. backdoored Windows for their daily computing lives or ‘secure’ OSes with miniscule user bases e.g. OpenBSD. They often put in no effort to anonymize any of their activities if you follow the threads over there for some period of time.
Effectively, according to some of the “security experts” unless it’s “paper, paper, never data” you can’t win and they are completely defeatist in their attitudes. This is the chump attitude seen at large in the population, and why we are currently stuffed.
Many of the “experts” simply have no imagination:
- Yes, encryption will be broken, but quantum-resistant ciphers will one day be ubiquitous.
- Yes, Tor’s model is currently broken with end-end correlation, but it will one day have effective padding and other measures to stymie this type of global adversary attack, just as quantum-resistant encryption is planned for Tor 3.X.
- Yes, no computer solution is perfectly secure, and it never will be. We need solutions that are easily adopted, ubiquitous and seriously hardened to protect the civilian population from the new police state. What we don’t need is “It’s too hard!” or “It’s not perfect!” to derail our thinking.
- Yes, Tor’s population is currently small as a percentage of all internet users, but the sheep need an awakening to start protecting themselves with adoption of these tools instead of every day drinking the proprietary and corporate kool-aid.
- Yes, the government can nail anybody actively targeted (who couldn’t with a few billion?), but the golden age of surveillance will not last forever e.g. see the large shift to encryption, auditing, fuzzing, layering of protection, virtualization etc. world wide following disclosures of the last few years. The attack-defence shifts have been going on for decades already if you read Schneier’s informative articles.
- Yes, Intel and other major manufacturers of hardware are probably backdoored, but one day there will be fully opensource hardware available if even one billionaire donated 1% of their yearly revenue to a worthy cause, instead of buying another island in the Caribbean.
- Yes, Tor is in some ways a target painted on your forehead, but the paranoia is largely FUD spread by those with an agenda (the full take of all internet traffic and communications attributable to person X). Again, the solution is for its use to become mainstream e.g. like the Signal protocol has become with WhatsApp. Further, it does not stand to reason that Tor is fundamentally broken, otherwise:
– The illegal drug markets there wouldn’t be doing such a roaring trade, nor would dealers on hidden services be able to offload pounds of drugs over years without being busted (note: I don’t condone this behaviour, just pointing out the obvious fallacy in the argument with an example).
– Whistleblowers that have pwned the surveillance state (Snowden, Manning, Greenwald and others) using encryption, Tor and other tools would never have succeeded in the first place.
– Governments world-wide wouldn’t be actively blocking Tor at the ISP level and public bridges and screwing with pluggable transports.
Thank you for reading that thread on hacker news and quoting notable stuff here. I don’t think I could keep on re-reading to see what’s news.
Does anyone have a hacker news account? If so, could you please throw in these links?
Sorry, that info was from this weekend’s Schneier.com thread, not the Hacker news article.
However, Schneier’s forum on the weekend focuses on security information that is currently in the news. So most probably they are ragging on Whonix since they’ve come across the article you originally linked.
The professed intelligentsia don’t usually mention Whonix much.
Talk there normally revolves around incomprehensible gibberish reserved for computer engineers or cryptographers, interspersed with liberal doses of asinine political commentary and acts of intellectual masturbation, all while trying to bask in Bruce’s reflected glory. Some wouldn’t deign to consider impartial facts about why OpenBSD might be (gasp) less-than-secure, since that is heretical.