Whonix Warrant Canary

Enumerating Whonix project infrastructure we care about and in what circumstances its trustworthiness would be necessary:

1) whonix.org server related:

However, even if whonix.org server was under complete surveillance, that would not wreck the functionality of the Whonix software.

2) Whonix software related:

  • Users downloading Whonix images, not doing digital signature verification. These should not get compromised.
  • Users downloading Whonix images, doing digital signature verification. These should not get compromised.
  • Users upgrading Whonix using the package manager. These should not get compromised.
  • Users downloading Whonix source code (doing or not doing digital signature verification). These should not get compromised.
  • That is, in case there was some legal order to backdoor Whonix, and/or to sign backdoored Whonix and/or to turn over signing keys.

Priorities:

  • Whonix software is much more important than whonix.org website.

Possible Solutions:

  • A) Either make two sections in the canary. One for whonix.org server
    and one for Whonix software. In case of a legal threat, drop one
    section. That however, seems very experimental legal wise.
  • B) Exclude whonix.org server as long as Whonix software is free of
    backdoors.

Canary re-wording consideration:

Change from

  1. No warrants have ever been served on the Whonix Project;
    for example, to hand out the private signing keys or to introduce
    backdoors.

to

Definition “artifact”: Whonix software, Whonix downloads, Whonix
source code

  • The Whonix Project has never added any backdoor to any artifact.
  • The Whonix Project has never turned over any signing key.
  • The Whonix Project has never knowingly signed any artifact containing any backdoor.
  • The Whonix Project has never weakened, compromised, or subverted any of its cryptography.
1 Like