Whonix issues with TBB, Firefox, wine and strange messages

Hi,

Just wanted to report things that i struggle with now, system is totally up to date, and i really regret doing updates almost immediately i’m doing them. Few of things here could be taken as a security risk but this is only my preference to install this packages and yes, i know the implications of it.

Most of these things ran smoothly in whonix 0.5.6 and with some minor glitches in early resales of Whonix 7, now it’s UNBEARABLE.

  1. Manually update TBB

It’s fine, it’s pretty simple and it worked fine until my last update. Now TBB throws that it’s not connected to TOR, but checking ip on ip-check.org or any other site like this will give TOR node ip. And it’s not caused by not indexed node.

  1. On separate machine i install additional firefox (not iceweasel) from mozilla, i used it only for browsing certain websites and with conjunctions with proxies. I tend to throw it in to /opt/firefox/firefox directory and run with -no-remote option. It also worked fine until today … now FF opens but, guess what! It doesn’t work anymore, it doesn’t load any page. And, oh, iceweasel also doesn’t want to install now.

  2. For few things i’ve needed another VM with wine. So i ran simple sudo apt-get wine to get latest version, it’s pretty minor bug, but now wine changes working directory, it’s different than in previous versions of whonix. Which cause some of the .exe’s to fail.

  3. I don’t know what is causing this, but tor is Just-So-Unbearable-Slow, it goes to the point where you actually want to throw the pc out of the window because startpage.com is loading 3-4 minutes when two Whonix Workstations are opened. With one you may have a little luck and browse internet for few minutes like on normal bandwidth. I’ve assigned different octet number in /etc/network/interfaces … it did not helped.

  4. Arm is freakin’ crazy with his messages, half of them is written like you’ve just been #$@!@# in the ass by NSA and FBI. I honestly wonder when it will start to throw “Please, Tomas*, power off your Whonix Workstation, we see everything - and - yes, your Tor connection is out for 4 days so you just emailed this threats to B.O from your personal ip”

My favorite is about traffic manipulation - this only means poor network connectivity

But there are also ones about unencrypted protocol, there is one with Creating non-loopback interface and allowing to act as a proxy, which is caused by … by excluding node by country code.

There’s also problems with apt-get which is documented. There’s kgpg which is pretty useless and mostly throw errors at You.

All of this is written out of my head.
There’s a lot more, the fact is that every update is usually messing up whole system config. How can it be reliable? I know things i’ve mentioned here are mostly user-specific, but, god … all of them used to work just fine in previous versions now it’s mostly a nightmare and 2 days after every bigger update are spent on trying to repair the damage. Honestly, 0.5.6 had my full trust, it ran like a charm, i’ve felt secure in that environment. Now i don’t, everything seems like it’s glued together with some office tape, i know that 7 introduced a lot of new things and few upgrades in security area, but it seems like system i cannot trust anymore. And because we talk about anonymity trust is pretty much important.

*Tomas is not my real name : )

I think this is a general problem with Free Software projects. Linux distributions are just gluing together various software packages. Communication with original package creators is suboptimal. They are not subject to directives. It’s a giant collaborative effort based on voluntariness. I am surprised, it works at least as well as it does. In comparison to commercial operating systems such as Windows, the boss can orchestrate other programmers. Unfortunately, non-Free software is often compromised by default.

With Whonix as also just another Linux distribution, I cannot break out of that and provide something as if made from one piece.

2. On separate machine i install additional firefox (not iceweasel) from mozilla, i used it only for browsing certain websites and with conjunctions with proxies. I tend to throw it in to /opt/firefox/firefox directory and run with -no-remote option. It also worked fine until today ... now FF opens but, guess what! It doesn't work anymore, it doesn't load any page. And, oh, iceweasel also doesn't want to install now.
I don't think Whonix as a distribution can be blamed for this kind of issues. It's not made from one piece, so if Mozilla messes up, you can be unsatisfied with the experience as a whole, but I fear such issues won't be gone even in years.
3. For few things i've needed another VM with wine. So i ran simple sudo apt-get wine to get latest version, it's pretty minor bug, but now wine changes working directory, it's different than in previous versions of whonix. Which cause some of the .exe's to fail.
Whonix doesn't change any Wine settings. Whonix 0.5.6 was based on Debian stable. Whonix 7 on Debian testing. This was a suboptimal decision, but the best of the worse at that time. Many issues are related to Whonix being based on Debian testing. Whonix 8 will be based on Debian stable.
There's kgpg which is pretty useless and mostly throw errors at You.
Not sure about this, but in Whonix 8 it appears to work. (We're currently testing and probably final release soon.)
Now TBB throws that it's not connected to TOR
I can't reproduce this.

Generally, it’s better to create one topic per issue. So we can see who else is affected by this issue, what the cause might be, what a workaround could work, etc.

5. Arm is freakin' crazy with his messages, half of them is written like you've just been #$@!@# in the ass by NSA and FBI. I honestly wonder when it will start to throw "Please, Tomas*, power off your Whonix Workstation, we see everything - and - yes, your Tor connection is out for 4 days so you just emailed this threats to B.O from your personal ip"
This is again an issue related to not made from one piece. Whonix doesn't modify Arm. It only installs it, since it's useful as a Tor monitor and to quickly change Tor circuit.

The listening on localhost warning is related to the fact, that Tor is listening on Whonix-Gateway’s internal eth1 network interface, which is only available to Whonix-Workstation, not to the whole internet. The warning is useful for non-Whonix users. For Whonix users, who know the background of that message, it’s not of concern. Sure, it would be better to hide this message in Whonix. I am not aware, that Arm has a setting to hide this message. The developer of Arm is probably not a Whonix user, and if he were, he knew what this message is about and probably won’t get any ideas to add an option to disable these messages when running in Whonix. Also the developer of Arm is not obligated to take direction from Whonix developers. I cannot go to him and say “detect Whonix, if detected, hide this message”. Would be pretty simple then. What I or another contributor could do, is post a feature request against arm. Or to speed this up, provide a patch for arm that adds this feature. Since time is pretty limited, better spent on bigger issues, no one has worked on it yet.

In any case, if Whonix was compromised, you probably won’t ever find any leaks using Arm, since Arm is “only” a Tor controller, that shows what Tor is telling.

But there are also ones about unencrypted protocol,
Could be many things... To my knowledge, it's only noticing if one or another port gets traffic that is known for being a cleartext port. No traffic analayis. Could be you using a mail client not using https. Could be using e-mail client using https on non-standard non-https port. Could be Tor Browser instructed by a website to fetch something from an port, that usually is a non-encrypted port. If you understand what it's about, what's causing it, good for you. Otherwise no indication of any Whonix issues.
there is one with Creating non-loopback interface and allowing to act as a proxy, which is caused by ... by excluding node by country code.
If that is really the cause, it would be a bug in Tor or Arm, not Whonix.
My favorite is about traffic manipulation - this only means poor network connectivity
Traffic manipulation? Please elaborate.
4. I don't know what is causing this, but tor is Just-So-Unbearable-Slow, it goes to the point where you actually want to throw the pc out of the window because startpage.com is loading 3-4 minutes when two Whonix Workstations are opened. With one you may have a little luck and browse internet for few minutes like on normal bandwidth. I've assigned different octet number in /etc/network/interfaces ... it did not helped.
I'll see if I can reproduce this.
i've felt secure in that environment
Feelings are nice, but facts are better here.
but it seems like system i cannot trust anymore. And because we talk about anonymity trust is pretty much important.
The issues you're describing are inconvenience, but none of these issues are anonymity/privacy/security related. No one ever managed to run some command in Whonix-Workstation and then get to see it's own external IP address. No one ever reported remote code execution bugs introduced by Whonix (well, Debian suffers from them from time to time as any distribution, but that's what updates are for).

~Tomas.

If you are feeling neckbeard adventurous, download the latest RC.

If not wait a bit for Whonix 8.

Not ideal, I know.

First, thank you for respond. Your support on this forum is one of the things that keep this distro running.

Yes, most of these issues are either user-specific or debian/linux-specific, but fact is that in 0.5.6 non of them was existent. As You said - it’s probably caused by debian testing. For most of them i can find some workaround like with wine (Changing working directory, and throwing files where it can read them at spot), did not fine solution for FF in Whonix and also did not find solution for TBB throwing “Not connected” - will work on that.

The most important thing for me here is tor being extra slow, i’ll throw here few examples. And i just want to mark that this happened after fully updating system.

I’ve used openvpn on one of machines, it connected slowly, but in the end … it did. Now it’s impossible. i just get timeouts and no route to host.

With traffic manipulation message i cannot reproduce it now as it happens totally random. It’s clearly about poor network connectivity because before “traffic manipulation” happens you can see multiple warnings about lack of ability to connect to certain nodes. It just pure logic of arm, because you use up big amount of traffic on workstations and because of that connection is dropping therefore it looks for nodes that can connect to or it waits until you stop downloading, it could indicate network manipulation (node manipulation) but it only means that connection is slow.
Will try to post it here next time it happens.

I’m in a “pickle” with this connection issues, will try to make Linux-Whonix-Workstation and Windows-Workstation and check it there, because, as i said - all of this happened after update in workstation.

Sorry for double post.

I’ve just tested openvpn on Custom-Workstation using lubuntu (debian)
Everything works fine, it connects like it supposed to. Also, internet is not dying because of poor connectivity.
With wine there’s still working directory problem and workaround is exactly the same as in whonix-workstation.
Additional browser (FF/iceweasel) problem is also non-existant. The only thing i can conclude from that is some updates from debian testing messed up something in whonix.

I am honestly lost at this point, lubuntu workstation works perfectly, changing /etc/network/interfaces helps to the full extend of it.

… Sorry for spam

It worked for few minutes only, now it’s back to slow/breaking connection. It comes to this that i cannot download 1955kb package by apt. I don’t know anymore, it’s like whonix gateway is cutting half of the connections on workstation, it’s currently impossible to work on two VM opened at the same time, it’s impossible to connect to any VPN.

I’m really looking for reasons, what can it be? Before update everything was only “tor-slow” now it’s simply non-functional.

ARM is showing good download speed but this doesn’t stop workstations from slowing down

I can’t reproduce this with 7.7.8.6, so when Whonix 8 is released, this should be gone. I should test with Whonix 7 as well, but time is limited.

Windows host perhaps?

Antivirus software on host perhaps? I’ve seen some that are really good at cutting down download speed by a half. Wouldn’t wonder if they added some kind of Tor connection detection and interrupt those, because those are “bad”.

Personal firewall on the host perhaps?