Enumerating Whonix project infrastructure we care about and in what circumstances its trustworthiness would be necessary:
1) whonix.org
server related:
-
By design - Distrusting Infrastructure - there is as little interesting as possible on
whonix.org
. Although, some interesting things should not be received by any third parties. These are: -
IPs on the
whonix.org
server. (Related: IP Addresses and IP Addresses Logging
Policy) -
User names, e-mail addresses, hashed passwords.
However, even if whonix.org
server was under complete surveillance, that would not wreck the functionality of the Whonix software.
2) Whonix
software related:
- Users downloading Whonix images, not doing digital signature verification. These should not get compromised.
- Users downloading Whonix images, doing digital signature verification. These should not get compromised.
- Users upgrading Whonix using the package manager. These should not get compromised.
- Users downloading Whonix source code (doing or not doing digital signature verification). These should not get compromised.
- That is, in case there was some legal order to backdoor Whonix, and/or to sign backdoored Whonix and/or to turn over signing keys.
Priorities:
- Whonix software is much more important than
whonix.org
website.
Possible Solutions:
- A) Either make two sections in the canary. One for
whonix.org
server
and one for Whonix software. In case of a legal threat, drop one
section. That however, seems very experimental legal wise. - B) Exclude
whonix.org
server as long as Whonix software is free of
backdoors.
Canary re-wording consideration:
Change from
- No warrants have ever been served on the Whonix Project;
for example, to hand out the private signing keys or to introduce
backdoors.
to
Definition “artifact”: Whonix software, Whonix downloads, Whonix
source code
- The Whonix Project has never added any backdoor to any artifact.
- The Whonix Project has never turned over any signing key.
- The Whonix Project has never knowingly signed any artifact containing any backdoor.
- The Whonix Project has never weakened, compromised, or subverted any of its cryptography.