corridor, a Tor traffic whitelisting gateway, a clearnet leak tester

After making the second step, posting how to use corridor, a Tor traffic whitelisting gateway with Qubes-Whonix, I will hereby do the first step, posting a general announcement of an interesting third party project, corridor. Please forget about Whonix for a moment, and I will explain what the corridor project by default is doing.

corridor is a Tor traffic whitelisting gateway. It is a filtering gateway. Not a proxying gateway.

corridor can be used to check systems / programs that should cause only Tor traffic for leaks. corridor can log any clearnet, non-Tor traffic and will block it.

Ideally, corridor gets installed on a physically isolated device running Debian with two network adapters. Let’s call that corridor-Gateway. Then start Tails, TBB or Whonix behind such a corridor-Gateway. Should there be any accidental clearnet traffic (leaks), then corridor could log it and would block it.

Alternatively, corridor can be installed in a Debian based VM. Another VM could run Tails, TBB or Whonix-Gateway. These VMs would be configured to connect through corridor-Gateway.

In pure corridor, non-Whonix terms, let’s call these VMs corridor-Gateway and corridor-Workstation.

In a corridor like setup, it is up to the coridor-Workstation to run its own Tor client to establish connections. The corridor-Gateway will run its own, separate Tor client. For the simplicity of the design, corridor-Workstation does not have access to Tor’s ControlPort running on corridor-Gateway. Again, corridor-Gateway is not a proxying gateway, it is a filtering gateway. The main purpose of the Tor client running on corridor-Gateway is to know obtain the current list of Tor entry guards. corridor-Gateway’s firewall restricts all outgoing connections to Tor relays [or Tor bridges].

This is not necessarily more anonymous. It is an additional fail-save Tor traffic whitelisting firewall that would protect from accidental clearnet leaks (hypothetical clearnet leak bugs in TBB, Tails or Whonix). As corridor’s project description states, quote “it cannot prevent malware on a client computer from finding out your clearnet IP address”.

corridor is mostly useful for developers and auditors of TBB, Tails or Whonix, perhaps also for advanced users who would like to have an additional safety net.

Quote corridor readme:

“corridor is not a replacement for using a well-designed operating system on your client computers, like Qubes with TorVM/Whonix.”

corridor cannot sit between Whonix-Gateway and Whonix-Workstation. That would make no sense in combination with the Whonix design.

Credits: The author of corridor is rustybird. The author of fork of corridor for Debian is Patrick Schleizer.

If you like Whonix, please support it.

 

Posted in Uncategorized

Using corridor, a Tor traffic whitelisting gateway with Qubes-Whonix

corridor is a Tor traffic whitelisting gateway. It is a filtering gateway. Not a proxying gateway.

It can also be used as a BridgeFirewall.

This is not necessarily more anonymous. It is an additional fail-save Tor traffic whitelisting firewall that would protect from accidental clearnet leaks (hypothetical clearnet leak bugs in Whonix). As corridor’s project description states, quote “it cannot prevent malware on a client computer from finding out your clearnet IP address”. corridor is mostly useful for developers and auditors of Whonix, perhaps also for advanced users who would like to have an additional safety net. It cannot protect from hypothetical Qubes ProxyVM leak bugs either, a physically isolated, standalone corridor-Gateway would be better and could cover that.

It does not increase the tunnel length, i.e. it does not add more relays between you and the destination, if you are interested in that, see Tunnels/Introduction.

Credits: The author of corridor is rustybird. The author of fork of corridor for Debian which will be used in this instructions is Patrick Schleizer.

The full documentation for doing this can be found here:
https://www.whonix.org/wiki/Corridor

If you like Whonix, please support it.

Posted in Qubes-Whonix News, Whonix New Features, Whonix Wiki Updates

combining Tor with a VPN or proxy can make you less anonymous

  • Tor avoids using more than one relay belonging to the same operator in the circuits it is building. Legitimate Tor relay operators adhere to Tor’s relay operator practices of announcing which relays belong to them by declaring this in the Tor relay family setting. Tor also avoids using Tor relays that are within the same network by not using relays within the same /16 subnet. [3] Tor however does not take into account your real external IP nor destination IP addresses. [4] In essence, you must avoid using the same network/operator as your first and last Tor relays since this would open up end-to-end correlation attacks.
  • Many tunnel providers use shared IP addresses which means that many users share the same external IP address. On one hand this is good since that is similar to Tor, where many users share the same Tor exit relays. On the other hand, this can in some situations lead to actually making you less safe.
  • It is possible to host Tor relays [any… bridges, entry, middle or exit] behind VPNs or tunnel-links. For example, there are VPN providers that support VPN port forwarding. This is an interesting way to contribute to Tor while not exposing oneself to too much legal risk. Therefore, there can be situation, where a VPN or other tunnel-link and a Tor relays could be hosted by the same operator, in the same network or even on the same IP.
  • In an economy with a deep labor division, ones are providing the service to host servers (VPS etc.). Others provide VPN and other tunnel-link services and rent such servers. It is common, that diverse customers run share the same IP address. This is another situation where a VPN or other tunnel-link and a Tor relays could be hosted by the same operator, in the same network or even on the same IP.
  • By adding arbitrary tunnel-links to your connection chain, you could unknowingly use the same operator/network twice in your connection chain.
    • scenario 1)
      • a) User uses VPN IP A on the host, thereby using it as it’s first relay.
        • b) User’s Tor client happens to pick a Tor exit relay running on VPN IP A.
        • Conditions a and b match at the same time. The user is now using the same IP as first and last proxy.
          • –> By using the VPN the user did not get more, but less secure.
    • different scenario 2)
      • a) User sets up a VPN inside Whonix-Workstation. Thereby that results in user -> Tor -> VPN -> internet. Using VPN IP A.
      • b) A Tor entry guard is being hosted on VPN IP A.
      • Conditions a and b match at the same time. The user is now using the same IP as first and last proxy.
        • –> By using the VPN the user did not get more, but less secure.
  • Choose your tunnel providers wisely.
    • Find out in which physical and legal jurisdiction and network their servers are located.
    • Perhaps avoid using VPN or SSH providers that support port forwarding.
    • Perhaps use only tunnel-link providers that are assigning private – as in not shared with others – unique – IP addresses, however it is not clear if this does more harm than gain as noted above.
    • Perhaps use tunnel-link providers that run their own servers rather than relying on shared infrastructure.
  • Perhaps manually pick your Tor relay[s]. Specifically your entry guard[s] or bridge[s]).
    • Tor documentation generally discourages tampering with Tor’s routing algorithm by manually choosing your relays, but since you are trying to be more clever by extending your Tor chain despite all information about the difficulty of this endeavor, perhaps it would make sense to pick your entry guard manually.
    • Using Bridges might be an alternative, but note the following quote. “Bridges are less reliable and tend to have lower performance than other entry points. If you live in a uncensored area, they are not necessarily more secure than entry guards. Source: bridge vs non-bridge users anonymity.

This is now documented here:
https://www.whonix.org/wiki/Tunnels/Introduction#Introduction

Posted in Whonix Important News, Whonix Misc News, Whonix Wiki Updates

Your MAC Address Randomization attempts are futile!

The following paper explains why.

Why MAC Address Randomization is not Enough:
An Analysis of Wi-Fi Network Discovery Mechanisms

The above interesting paper has been found by HulaHoop and added to Whonix MAC address documentation.

Posted in General Security News, Whonix Important News, Whonix Wiki Updates

Gathering Feedback of new Whonix Homepage Draft

We have been discussing a new Whonix homepage (old) and new Whonix download page (old) for a while now. The draft has been created by Ego and we are now be counseled by ura design, Elio Qoshi (@elioqoshi) (who has recently refined Whonix logo).

Please keep your feedback specific to the new Whonix homepage.

The new Whonix homepage draft can be found here:
http://egobits1.github.io
http://archive.is/1qxfJ )

Elio’s latest suggestion can be found here:
https://forums.whonix.org/t/new-qubes-website-new-whonix-website/1736/84
(We agreed to finish the visual changes before the text gets improved.)

The source code for the Whonix homepage draft can be found here:
https://github.com/EgoBits1/EgoBits1.github.io

Other than that, we are also considering to replace mediawiki.

Posted in Whonix Website News

Whonix logo has been refined

We are excited to reveal that our very own Whonix logo has been slightly refined, offering now better support for smaller screens and more mediums. We also have new profile image based on the logo for social media usage.

Head over to the Whonix blog or Whonix social media accounts to check it out:
https://www.whonix.org/blog/
https://www.facebook.com/Whonix/posts/1138354749540112
https://twitter.com/Whonix/status/7474134011319787521
https://facebook.com/sharer.php?u=https://www.whonix.org/wiki/Portal

For comparison:
– before: http://archive.is/JA7Wy
– after: http://archive.is/HNxVk

Before:

After:

Feel free to grab the source files if you want to try it out yourself:
https://www.whonix.org/wiki/Dev/Logo#Refinement_June_2016

The refinement was done by ura design, Elio Qoshi (@elioqoshi). I recommend Elio. The quality of his work, his rates, his responsiveness, community engagement and patience is exemplary. I am looking forward to upcoming projects with him.

Posted in Whonix Website News

Looking for firejail / seccomp maintainer for better security!

(repost)

firejail is a sandbox to restrict the application environment.

Please contribute. Task:

  • play around with firejail in Whoinx
  • see how it goes
  • report (and possibly fix) issues upstream in firejail
  • test the Tor Browser firejail profile, consider packaging it
  • maintain firejail profiles in Whonix

This is a volunteer position.

Whonix firejail / seccomp development discussion:
https://forums.whonix.org/t/firejail-seccomp-more-options-for-program-containment

Posted in Contribute, Whonix Development News

testing refined Whonix logo

There will be a more detailed announcement later.

Posted in Whonix Misc News

Qubes separate VPN-Gateway between anon-whonix and sys-whonix – Connecting to Tor before a VPN (User -> Tor -> VPN -> Internet)

This is now documented here:
https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Separate_VPN-Gateway

Recommended order of reading:

* 1) https://www.whonix.org/wiki/Tunnels/Introduction
* 2) https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN
* 3) https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Separate_VPN-Gateway

Posted in Qubes-Whonix News, Whonix New Features, Whonix Wiki Updates

Connecting to Lantern before Tor (User -> Lantern -> Tor -> Internet)

Lantern is a censorship circumvention tool, an alternative to Tor bridges.

Testers only! As an exercise and proof of concept, I quickly put together a documentation chapter for Connecting to Lantern before Tor (User -> Lantern -> Tor -> Internet). Qubes-Whonix only! Non-Qubes-Whonix is unsupported.

https://www.whonix.org/wiki/Lantern

At the moment these instructions have several limitations.

  • They install Lantern in a separate ProxyVM behind sys-whonix. The motivation behind this was better security. Lantern is not installable from Debian. It’s a package from the lantern website. In theory, Tor should not be compromised if Lantern was compromised. But if Lantern was compromised to begin with or more easily exploited than Tor, it is very much desirable to run Lantern in a separate ProxyVM for better isolation.
  • However, this is very impractical. Since Qubes does not support static IP addresses yet, the Tor config setting /etc/tor/torrc ‘Socks5Proxy 10.137.10.1:8788’ is not stable. When the Lantern ProxyVM gets its IP changed, connectivity breaks and /etc/tor/torrc in sys-whonix needs a manual update. Not great.
  • It would be a lot more usable to document how to run Lantern directly in sys-whonix (under user tunnel with TUNNEL_FIREWALL=true etc.) However, then we would have less isolation.
  • Does not autostart Lantern yet.
  • The footnotes on the wiki page contain several TODO items.
  • And more…
  • I probably won’t be able to become a maintainer of a fully featured Lantern-Gateway comparable to Whonix-Gateway using Tor. Help welcome.
  • Lantern seems to have connectivity issues on its own. Even for me in a non-censored area, it works for me in only 1 of 4 attempts. Often I needed to restart the VM and start fresh. Shutdown of Lantern does not seem to be clean. Often in the Lantern-Gateway VM – while no Whonix network is involved – I am unable to visit any websites from the automatically started lantern browser.

Déjà vu? This blog post is very similar to my last blog post Connecting to JonDonym before Tor (User -> JonDonym -> Tor -> Internet).

Posted in Qubes-Whonix News, Testers wanted!, Whonix Wiki Updates

Legal

Archives

Contribute

Would you like to contribute to the Whonix project?

Contributing can be as easy as sharing the blog over social media, volunteering, or making a monetary donation.

For more ideas on how to get involved see the "Contribute" and "Testers-Wanted" categories.

Thanks!

- Whonix Staff