Whonix experimental for how long

Simple solution:

Qubes-like “Quick Guide” sections at the top of each relevant entry.

e.g. Create a sys-net DispVM in Qubes:

[dom0]: qvm-create -P <pool_name> --template service-dvm --class DispVM --label red disp-sys-net
[dom0]: qvm-prefs service-dvm virt_mode hvm
[dom0]: qvm-prefs disp-sys-net provides_network true
[dom0]: qvm-prefs net-disp netvm “”
[dom0]: qvm-pci
[dom0]: qvm-pci attach --persistent net-disp :
[dom0]: qvm-prefs disp-sys-net autostart true
[dom0]: qubes-prefs clockvm disp-sys-net

etc.

(No descriptions at all, just a label e.g. “sys-net DispVM Creation”, and commands. Advanced users and those in a hurry can just get it done.)

If someone was ambitious, simply do this for the most relevant sections of the main wiki e.g. security-related, updating etc. Create a new wiki page - “Whonix Pocket Reference” or “Whonix Cheatsheet”. Categorize the entries as relevant.

Then, put the maintainer tab up there with your name on it. Update it as things change, are deprecated, are updated/upgraded etc. Win a gold star from the Whonix team and end the forum debates on this easily solvable problem.

I estimate you could do most of the important wiki pages on the main ToC in one day’s work, maybe two.

There’s enough verbiage in this thread, that 5-10 pages could have been completed in the wiki with the same word count applied to this topic alone.

Lots of ideas and people come through the forums, but maybe 1/200 people actually contribute by hitting the edit button or submitting Whonix code.

3 Likes

The easy solution would be for community members to actually contribute to the project and not just complain in the forum. You have all these ideas (a lot of them good) but you keep on making excuses as to why you won’t contribute.

Are you going to actually help out? Or do like most critics and just stir the pot a little and leave?

Here is what it comes down to. Put up or shut up!

2 Likes

As already said by others: If you don’t like a specific wiki page, feel free to change it.

Where do you get the number from? Proxy before or after Tor is certainly not one of the common issues. Where do I get this from? My gut feeling. So I could be wrong. If it would be relevant for 80% of the common users there would probably more complains and the respective wiki page look more polished.
It is one of the inherent issues of such a project, that you don’t really know what the average user does or needs. Therefore you have to use common sense™, gut feeling … .

True.

Would be pointless. As soon as you use your usb device you increased your attack surface by introducing an additional point of persistence. Why did you do that? For convenience. It is always the same tradeoff. Use your favorite search engine with something like: usb malware hidden partition (or any kind of other USB exploit). Sure it would be not the average ransomware but more likely a targeted attack. Though there is always some kind of trickle down effect where the average bad guy starts to use such tools and not just the nation state attacker.
Tails was on the list of Zerodium so there is certainly a demand for such a thing. Whonix is not there yet, but if it gets used more and more it probably will.

There is certainly a higher risk the more data you have. But how did the forensics guy got to your location? Why and how did he send you some malware in the first place? If they exploited you once they likely can do it again since they expect you to hang around at certain places/websites. With Tails they will get your IP faster, connecting to a remote wifi will maybe slow them down but as @entr0py said in another thread: when they know your rough location or wifi you connect to then correlating your traffic + on/offline times etc starts.
If TheMan knocks on your door then because they already have something. The more FDE is used the more will forensics people work on getting you while the PC is running. If they get the PC with Tails or Whonix while it is running you probably lost.

True. So maybe it would be a wise decision to do that because:

If someone at the other f***s up neither Tails or Whonix can help you.

Take a look at todays Tails website :wink: Guess what they did. Increasing the attack surface?

It does, see my last post.

This is the good old attack surface vs virtualization discussion which has been going for years. My gut feeling (again) tells me the virtualization side sort of won. At least a certain project which initially was a proponent of “muh attack surface” started to introduce a hypervisor not too long ago. Hiding your hardware serials is going to be hard without virtualization. I really miss some kind of PC or SBC which shares exactly the same components and serial numbers :frowning:
If we say attack surface is only about lines of code then you are certainly right. You can come up with a gateway of maybe a few megabytes in size and also a workstation with just the browser for something like 300-400 mb (or maybe lower depending on the OS). Still way below what Tails has. You can also just use curl or wget for “surfing” and decrease your attack surface even more. However, now you maybe stick out of the crowd. Anonymity is hard. In the broader sense attack surface or lets says vulnerable people is also about certain tradeoffs like convenience. It is harder to debug such systems, make changes, maintenance over time … . Normal users are used to some kind of windows like gui … You can create a 99.9% secure™ system for 1% of the people or a 90% secure system for 90% of the people.

Thanks torjunkie, looks good, whining and ranting is great but contributing can be fun too I guess.

2 Likes

Of course it isn’t. The argument I am making is how a specific issue should be documented: in the scope of “Using a Proxy after Tor” page, the vast majority of users will be interested in doing that for the Tor Browser, and not for other applications (for example wget or curl or anything else).

If the page started with a clearly separate section just about that (in reality the case of Tor Browser is discussed in at least 3 different separate parts throughout the page), or better if there was a separate page just for “how to use proxy after Tor Browser”, it would solve the issue for 80% of users. And would be much shorter and simpler without sacrificing warnings or any important detail.
Why 80%? Yes, also a gut feeling. But I think you will agree with me that the Tor Browser is, by far, the most used application in Whonix?

The discussion about Whonix vs. Tails can go on forever. Since you see I spend time with Whonix you can understand that I don’t think it’s inferior. I do think the point of “workstation does not see the IP” is emphasized too much. When you have many people relying on Whonix, and naturally those people have reasons to use this non-trivial setup, Whonix-Gateway becomes a very valuable target to exploit. But again this is off-topic.

@pano It’s not that we don’t understand or even disagree with what you’re proposing. Please take 2 mins and glance at this thread from two years ago. splitting Whonix documentation into a short and long edition for better usability - #10 by entr0py. I even proposed an outline to streamline the docs. It never got done. Why? Because I didn’t do it. You know the saying… ideas are like assholes… I thought I had a good idea but why would I expect anyone else to do it? Every single person here is part-time, volunteer, and busy with a million things. If you have spare time to implement your ideas, we’ll welcome you!

This thread has grown to 3 topics:

  1. Whonix development status label
  2. Documentation
  3. Whonix vs Tails

I think it’s time to give @fish back his thread.

The Whonix vs Tails discussion is a good one to have. If I could, I would split this thread into multiple topics but it looks like individual posts are moving back and forth between topics. Here’s a new thread if you want to continue the discussion. Whonix and Tails Discussion. Feel free to copy/paste from this thread. Hint: Many wiki pages are born from just these types of discussions.

2 Likes

One can’t make everyone happy.

VPN / proxy / tunnel documentation is a complex beast indeed.

However, note on
Tor Browser Essentials we mention:

It is possible to combine Tor with tunnels like VPNs, proxies and SSH.
The traffic can be sent through both Tor and the second tunnel, in
either order. However, this is an advanced topic and appropriate only
for special cases. Adding a second connection does not automatically
improve security, but it will add significant complexity. The potential
positive or negative effects on anonymity are being controversially
debated. ( TorPlusVPN · Wiki · Legacy / Trac · GitLab )

The Whonix project remains technologically neutral in the anonymity
discussion. The improper combination of Tor and another service may
actually degrade a user’s security and anonymity. These configurations
are difficult to set up and should only be attempted by advanced users.
For the vast majority of Whonix users, using Tor in isolation without a
VPN or proxy is the correct choice.

It’s always been a minority of a minority using this. An even smaller
minority using it for the right reasons or having a good reason for
using it. Let alone before all of it was documented, using it in sane
ways, that is using a fail closed mechanism if their use case demands one.

We recently noticed that most users may need only censorship
circumvention by remote servers which is way easier reached and now
documented here:
Tor Browser Essentials

Please don’t use the VPN / proxy / tunnels documentation as a prime
example to discuss how Whonix documentation should be structured.

@torjunkie:
Qubes-like “Quick Guide” sections at the top of each relevant entry.

I like that.

What about this style?

Advanced users and those in a hurry can just get it done.)

I think perhaps better these should target beginner type users?

If someone was ambitious, simply do this for the most relevant
sections of the main wiki e.g. security-related, updating etc. Create a
new wiki page - “Whonix Pocket Reference” or “Whonix Cheatsheet”.
Categorize the entries as relevant.

What about this style?

Since I am a too technical person, I will most likely tend to the
community judgment on which style is easiest for beginners (on separate
page; or easy section on top of a page; or alternative suggested solution).

Then describe it in 2 min and put it on the Wiki, why don’t you just add your “2min” explanation ?

That would be cool.

Then we’ll have 20% frustrated users. Not sure that would be more or
less than now and probably no way to know.

Was Whonix ever subject to an external security audit that was published?

No, related:

fish:

Saying not to rely on it for strong anonymity is surprising, is this
also the case for Tor in general according to your criteria?
Yes.

See:
https://forums.whonix.org/t/whonix-experimental-for-how-long

3 Likes

From that link:

This security bug was used to craft an exploit which was able to break the Subgraph OS security model.[7] Since Subgraph does not contain Nautilus in an Oz sandbox, [8] once the malicious script was executed, it would have enabled access to much of the user’s data; PGP keys, SSH keys, stored email, documents, password databases, MAC addresses and nearby Wi-Fi access points.

This sensitive information could be used by attackers to deanonymize the user. Whonix defeats this attack and others like it. Since Whonix-Workstation is isolated from the host and Whonix-Gateway, even if a malicious .desktop script is executed, no information can be gathered about the external IP address, hardware serials or sensitive user data.

External IP address or serials, MAC addresses, Wifi data - that’s understood. But I don’t see anything in Whonix-Workstation stopping this script from sending the other data stored locally, such as the PGP keys, SSH keys, stored email, documents, password databases etc.

Whonix does not filter the content of outgoing traffic. Please edit the page.

Very interesting read! It’s nice to see such activity on the forum! I encourage everyone with improvement suggestions to actually contribute, for example on the Wiki…

Done!

https://whonix.org/w/index.php?title=Security_in_Real_World&oldid=33705&diff=cur

//cc @torjunkie

2 Likes

@0brand! You stole pano’s first edit! :slight_smile:

2 Likes

Oops! Should I revert the edit? :stuck_out_tongue_winking_eye:

Just made another edit to that chapter.(I’m my own worst critic) I think it just needed to be clarified a little. The phrase ‘sensitive data’ or “sensitive info” can mean something different to each person.

I made sure readers understood the sensitive data that was referred to was external to Whonix-Workstation. Also added some info into footnote.

Let me know what you think

There is a LOT of interest in using VPN with Tor. You can see it in many forums. People are doing it left and right, whether it’s done for good reasons or with a fail safe mechanism is another question. Plus there are sites blocking Tor exit nodes, where you have to use something, We discussed it in a recent thread. And in some cases you better use the same IP from one login to another or the site gets crazy.

Another use is when you need UDP. In one word (this is my 2 seconds explanation, not 2 minutes), Whonix doc’s solution for that is “VPN”.

By the way, that page is also awful (thankfully it’s very short), the introduction section is just absurd. It refers to itself as if it’s a remote page, and then tries to clarify it with “this page below”. Just to make sure. Monthy Python kinda humor? I actually tried to edit it but it told me my IP will be logged (no) or I have to log in (to yet another account? different account for this forum and for editing wiki?), plus I couldn’t figure out how to edit the intro box. It’s elsewhere.

The first section should be:

The Tor software does not yet support UDP, [1] although Tor provides a DnsPort. This page details possible workarounds.

instead of:

The Tor software does not yet support UDP, [1] although Tor provides a DnsPort. If UDP is urgently required in Whonix, a limited workaround is provided. For the most secure method, see Tunnel UDP over Tor.
(This page below.)

There are other things that could be changed a the other sections.

1 Like

Your actual IP is not logged. It s referring to logging address 127.0.0.1(every user has that same IP)

Anonymous edits are welcome so no login is necessary. You can create a seperate Wiki account if you’d like.

You will find some of the content has its own template. This is done when its used in more than one place. Its more efficient when edits are needed. The only problem with this is it limits how it can be used. Yes, its a PITA.

To find this template:

After the edit button is hit you will see this at the very bottom of the page.

Templates used on this page: ← Click on this

(You will see a listing of all templates used on the page.)

This is the one you want) Template:Tor UDP (view source) (protected)

There is a problem. You don’t have permissions to edit that template. Thats one of the reasons to copy the wiki page to a text editor. When you are done let torjunkie know so the template can be unlock. Then you can push the edits for review. BTW the templates are locked due to idiots using them for spamming the wiki.

1 Like

If I edit this template as I intended to, it will probably make no sense whatsoever when used in other pages. And it doesn’t make much sense in the way it is currently used here.

So, this template needs to be removed from this page altogether.

Yes, I appreciate the potential reusability of templates. But in many cases you need to be specific to be clear.
Now I also start to understand why the whole wiki is so cluttered and why it looks like something one submits to a compiler (the blocks inside blocks inside blocks) - using too many templates is probably part of the reason.

Again, nice principle, but when you force a structure over something that needs to be dynamic, problem.

I agree with you. In many cases the templates actually prevent wiki editors from making contributions because the edits would not make sense for all the pages concerned.

If the template needs to be removed from the chapter then you can do so. :wink:

After further consideration.

If you’re accessing Whonix.org you should assume the following (mass data collection by advanced adversaries).

You access Whonix by:

  • Whonix .onion hidden service ( no exit node IP is logged since users stay inside the Tor network. Your external real IP could not be logged)
  • Whonix.org using Tor ( the exit node IP from which the user logged in from could be logged)
  • Whonix.org over clearnet (your actual IP could be logged)
2 Likes

@Patrick I can appreciate the sentiments expressed by the main developer. If it’s not mature it just isn’t. But I still think the reasons for Whonix having experimental status need to be more clearly presented to (potential) users. What goals have not been met? Get rid of the many nonsense overambitious goals. Define the goals more clearly and not too many.

As I understand this is the main goal and Whonix does this well and reliably. Emphasize the strengths of Whonix as well as its weaknesses. Probably a sensible goal in the midterm would be to just make using Tor browser more secure and private in Whonix than doing so on the host. This is probably what most users do most in Whonix. Looks like it has already been met. :grinning:

With many warnings and without an adequate explanation of what Whonix does, doesn’t and should do an impression may be created that it is barely working or not at all. That doesn’t look like the case to me. If using Whonix gives you more security, privacy and anonymity than just using Tor browser (or other Tor software), then users should be made to understand this. Even if Whonix is not prefect. A condition of course also being a sufficient study and understanding of the documentation. Then users will have no doubt about whether switching to Whonix today is recommended and a good idea. Can this question be answered at this time?

@Pano It’s great to see the community has enthusiasm and to hear from you. But I disagree with a lot of what you say about the documentation. There are so many things to consider it’s impossible to make it short and simple. I appreciate every word of it, even if some of it isn’t applicable to my Whonix. Privacy is hard.

Other
I think the Whonix documentation is so rich that it should be of great interest to anyone curious about privacy. They don’t have to be a Whonix user or an aspiring one. Maybe start considering or promoting the wiki also as a standalone knowledge resource. The same may be said of the forum actually, it’s a bit more like a news resource.

Regarding rates of contribution it may be just the way the world is.

It’s not mine, what gives a thread its meaning is that everyone shares :slight_smile: I didn’t mean extra discussion is bad, better messy than empty.

The below would better fit in the closed Whonix and Tails Discussion
I don’t believe in Tails. The only thing it can do better than Whonix is forget everything locally. But when is that useful? If you’re using your own computer and want control over it, you use full disk encryption. Period. So Tails on your own computer brings nothing of benefit. Using someone else’s computer is firstly a security compromise and secondly a dying habit. Wireless networks are everywhere and most people have a network-capable device with them all the time. They’re getting cheaper, better, more common. Device sharing should therefore decline ever more. It may even become socially unacceptable, not fully without reason, mind my first point. Public computers for general use with unrestricted access are disappearing and the authorities certainly aren’t sorry about everyone being more traceable. They are also out of fashion which matters to the common user and there’s a hygiene problem. So why and when would you use Tails?

3 Likes

Thank you for your feedback. That’s OK you disagree.

I find it very useful to have things explained in a concise way and for the specific cases I require (for example, one hypervisor, one Whonix version), and I write such summaries for myself (you can see one I did in the “Tor Bridges Documentation” thread).

I do that because privacy is hard, not despite it being hard.

Actually, being able to explain something in a clear and easy-to-follow way is an indication for me, that I reached a good grasp of the subject.

Such summaries perhaps are too subjective, or tailored for my needs - everyone has different backgrounds. They probably will not benefit others to the same degree. I, for example, don’t need an explanation how to save a file or about the different ways it can be edited, but I do require more background and remarks in linux networking issues. Someone else will have other priorities.

3 Likes