Whonix https://www.whonix.org/blog Privacy and Anonymity OS Sat, 27 Jun 2015 11:54:32 +0000 en-US hourly 1 http://wordpress.org/?v=4.2.2 Why I prefer PGP/INLINE over PGP/MIME in Thunderbird/Enigmail https://www.whonix.org/blog/pgp-inline-vs-mime https://www.whonix.org/blog/pgp-inline-vs-mime#comments Thu, 25 Jun 2015 22:47:51 +0000 https://www.whonix.org/blog/?p=1636 Due to the recent Enigmail security issue, where e-mail drafts could end up unencrypted on IMAP servers. (You might wonder, no, Whonix was luckily not affected by this, because the version in Debian wheezy did not have that bug.) In

The post Why I prefer PGP/INLINE over PGP/MIME in Thunderbird/Enigmail appeared first on Whonix.

]]>
Due to the recent Enigmail security issue, where e-mail drafts could end up unencrypted on IMAP servers. (You might wonder, no, Whonix was luckily not affected by this, because the version in Debian wheezy did not have that bug.)

In the PGP/INLINE example I can be more assured, that the text was that it really converted to encrypted ciphertext before sending – because I can see it.

PGP INLINE

As opposed to PGP/MIME, where I need to trust more, that Enigmail won’t mess that up.

PGP MIME

Using option ‘Confirm, before sending’ set to ‘Always’, that I highly recommend to prevent messing up.

The post Why I prefer PGP/INLINE over PGP/MIME in Thunderbird/Enigmail appeared first on Whonix.

]]>
https://www.whonix.org/blog/pgp-inline-vs-mime/feed 0
Testers Wanted! Whonix 11 ( 11.0.0.3.0 ) – Release Candidate https://www.whonix.org/blog/testers-wanted-rc-11-0-0-3-0 https://www.whonix.org/blog/testers-wanted-rc-11-0-0-3-0#comments Wed, 17 Jun 2015 14:53:49 +0000 https://www.whonix.org/blog/?p=1621 The version number for this testers-only release is 11.0.0.3.0, which will become Whonix 11 the moment it’s blessed stable. Major changes are port of Whonix from being Debian wheezy (that is Debian oldstable) based to Debian jessie (that now is

The post Testers Wanted! Whonix 11 ( 11.0.0.3.0 ) – Release Candidate appeared first on Whonix.

]]>
The version number for this testers-only release is 11.0.0.3.0, which will become Whonix 11 the moment it’s blessed stable.

Major changes are port of Whonix from being Debian wheezy (that is Debian oldstable) based to Debian jessie (that now is Debian stable) based. And port from sysvinit to systemd among other enhancements, see changelog below.

Download link for Virtual Box images (.ova), kvm / qemu images and OpenPGP signatures (.asc):
http://mirror.whonix.de/11.0.0.3.0/

Upgrading Whonix 10 to Whonix 11:
https://www.whonix.org/wiki/Upgrading_Whonix_10_to_Whonix_11

If you want to build from source code, see:
https://www.whonix.org/wiki/Dev/Build_Documentation

Thanks to everyone who made this test release possible!

Forum Discussion:
https://www.whonix.org/forum/index.php/topic,1312

Changelog between Whonix 10.0.0.5.5 and Whonix 11.0.0.2.3:

https://www.whonix.org/blog/whonix-11-testers-wanted

Changelog between Whonix 11.0.0.2.3 and Whonix 11.0.0.3.0:

– tb-starter: Made path to Tor Browser configurable by tb_home_folder variable. Renamed variable home_folder to tb_home_folder to synchronize it with tb-updater. – https://phabricator.whonix.org/T338
– anon-meta-packages: added dependency on ‘gir1.2-gtk-3.0′ to ‘anon-workstation-default-applications’ because ‘mat’ misses it – http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788099 – https://www.whonix.org/forum/index.php/topic,1287.0.html
upstream bug report: mat missed dependency gir1.2-gtk-3.0 – http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788099
– genmkfile: cleanup debian.tar.xz (jessie support)
– tb-updater: output: improved message in case hash verification failed – https://github.com/Whonix/tb-updater/commit/285cb5c0ed3bb77c1f9d6a4c3e01a62b1fc7a650
– msgcollector: progress bar initial value fix for Debian jessie – https://github.com/Whonix/msgcollector/commit/bc26aee153a5a939a621ac198b11a445e2b74a38
– grub-enable-apparmor: backwards compatiblity fix with Whonix 10, restore original /etc/default/grub – https://github.com/Whonix/grub-enable-apparmor/commit/b99978709575365b99bebf4ca3bda129890f7d97
– rads: backwards compatiblity fix with Whonix <= 10.x: https://github.com/Whonix/rads/commit/cf0267514e6f2e472466ce30aaa4b6f3d807fb65
– whonixcheck: fixed Tor Config Check Result issue that was caused by the Tor upgrade; improved output for Tor Config Check Result – https://www.whonix.org/forum/index.php/topic,1295 – https://github.com/Whonix/whonixcheck/commit/bf55af20a5856d8a024a7eb821f5d54692dc5b15
– whonix-legacy: anon-gw-first-run-notice has been deprecated, merged into whonix-setup-wizard, therefore get rid of “/etc/xdg/autostart/gateway_first_run_notice.desktop”; Get rid of “/etc/grub.d/30_apparmor.cfg”, because that file has been moved from /etc/grub.d/30_apparmor.cfg to /etc/default/grub.d/30_apparmor.cfg since the path has changed since release of jessie. – https://github.com/Whonix/whonix-legacy/commit/9b50b5c33acee1a260acae2c1abccbef8f47663f
– vbox-disable-timesync: Do not try to (re-)start the service after package install/upgrade, because it could fail if kernel was upgraded, which would make the whole postinst script fail. – https://github.com/Whonix/vbox-disable-timesync/commit/f18af1107cedfc50ef06b054d1463835376e0415
– whonixcheck 2.2.1-1 / Whonix 10: stable fix, no longer run test check_tor_config, because it false positively detects an issue since the Tor upgrade – https://www.whonix.org/forum/index.php/topic,1295.0.html – https://github.com/Whonix/whonixcheck/commit/44b8921a214799b2d3e17281b2f4b0ee04643295
– debian-systemd mailing list: cannot extend network-manager unit file by using network-manager.service.d – https://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2015-June/007613.html
– control-port-filter-python: added apparmor profile
documentation: Improved gpg import instructions. Key fingerprint is now checked before importing the key for better security. – https://www.whonix.org/wiki/Template:Build_Documentation_Get_Source_Code#Get_the_Signing_Key – https://www.whonix.org/wiki/Whonix_Signing_Key#Download_the_key
– msgcollector: increased MinimumSize so first line of gpg output is not needlessy line broken into two – https://www.whonix.org/forum/index.php/topic,261.150.html
– rads: silence by default when disabled – https://github.com/Whonix/rads/commit/270db5b186417dc38d938f014bd8006aeaf6cdc0
– repository: updated repository as per 11.0.0.3.0
– build script: added grub-screen-resolution and grub-output-verbose as weak recommended packages – https://phabricator.whonix.org/T354

The post Testers Wanted! Whonix 11 ( 11.0.0.3.0 ) – Release Candidate appeared first on Whonix.

]]>
https://www.whonix.org/blog/testers-wanted-rc-11-0-0-3-0/feed 0
Testers Wanted! Upgrading Whonix 10 to Whonix 11 ( 11.0.0.2.9 ) https://www.whonix.org/blog/testers-upgrade-10-to-11 https://www.whonix.org/blog/testers-upgrade-10-to-11#comments Mon, 15 Jun 2015 04:11:46 +0000 https://www.whonix.org/blog/?p=1615 Instructions for upgrading Whonix 10 to Whonix 11 are ready. A few more steps are required than the usual steps for upgrading. Check out the instructions: https://www.whonix.org/wiki/Upgrading_Whonix_10_to_Whonix_11 Please test and report back. Forum discussion: https://www.whonix.org/forum/index.php/topic,1304

The post Testers Wanted! Upgrading Whonix 10 to Whonix 11 ( 11.0.0.2.9 ) appeared first on Whonix.

]]>
Instructions for upgrading Whonix 10 to Whonix 11 are ready. A few more steps are required than the usual steps for upgrading.

Check out the instructions:
https://www.whonix.org/wiki/Upgrading_Whonix_10_to_Whonix_11

Please test and report back.

Forum discussion:
https://www.whonix.org/forum/index.php/topic,1304

The post Testers Wanted! Upgrading Whonix 10 to Whonix 11 ( 11.0.0.2.9 ) appeared first on Whonix.

]]>
https://www.whonix.org/blog/testers-upgrade-10-to-11/feed 0
Testers Wanted! Whonix 11 ( 11.0.0.2.3 ) https://www.whonix.org/blog/whonix-11-testers-wanted https://www.whonix.org/blog/whonix-11-testers-wanted#comments Fri, 05 Jun 2015 16:26:35 +0000 https://www.whonix.org/blog/?p=1597 The version number for this testers-only release is 11.0.0.2.3, which will become Whonix 11 the moment it’s blessed stable. Major changes are port of Whonix from being Debian wheezy (that is Debian oldstable) based to Debian jessie (that now is

The post Testers Wanted! Whonix 11 ( 11.0.0.2.3 ) appeared first on Whonix.

]]>
The version number for this testers-only release is 11.0.0.2.3, which will become Whonix 11 the moment it’s blessed stable.

Major changes are port of Whonix from being Debian wheezy (that is Debian oldstable) based to Debian jessie (that now is Debian stable) based. And port from sysvinit to systemd among other enhancements, see changelog below.

Download link for Virtual Box images (.ova), kvm / qemu images and OpenPGP signatures (.asc):
http://mirror.whonix.de/11.0.0.2.3/

Upgrading Whonix 10 to Whonix 11:
https://www.whonix.org/wiki/Upgrading_Whonix_10_to_Whonix_11

If you want to build from source code, see:
https://www.whonix.org/wiki/Dev/Build_Documentation

Thanks to everyone who made this test release possible!

Forum Discussion:
https://www.whonix.org/forum/index.php/topic,1282

Changelog between Whonix 10.0.0.5.5 and Whonix 11.0.0.2.3:

– fixed custom workstation build
– build script: refactoring, use errtrace rather than many traps – https://phabricator.whonix.org/T48
– build script: refactoring, use exit trap to reduce code duplication – https://phabricator.whonix.org/T269
– whonixcheck: warn if whonix-gateway / whonix-workstation package is not installed – https://phabricator.whonix.org/T264
– whonixcheck: warn if there is low entropy – https://phabricator.whonix.org/T202
– build, anon-apt-sources-list, anon-shared-build-apt-sources-tpo, whonix-repository: changed release codename from wheezy to jessie – https://phabricator.whonix.org/T270
– grub-enable-apparmor: Refactoring. Simplified for Debian jessie. Thanks to the new `/etc/default/grub.d` configuration folder, the `grub-enable-apparmor` has been greatly simplified. No longer need to config-package-dev divert `/etc/default/grub`.
– genmkfile: if debuild not available, recommend installation of the devscripts package
– build script: added fakeroot to whonix_build_script_build_dependency (required for verifiable builds)
– genmkfile: if debuild not available, recommend installation of the devscripts package
– genmkfile: fix, do not set automatically make_use_gain_root_command to true if fakeroot is not installed
– genmkfile: run dpkg-checkbuilddeps before lintian to show better hint if build dependencies are missing
– build script: build-steps.d/1200_create-debian-packages: commented out get_extra_packages, no longer need to download packages from testing
– build script: refactoring, created separate help step, help-steps/git_sanity_test
– whonixcheck: verbose output for check_tor_socks_port_reachability
– all packages: packaging, bumped Standards-Version from 3.9.4 to 3.9.6 for jessie support
– lintian warning copyright fix
– tb-updater: show “highest version number is not necessarily the best one” message also on first run if no Tor Browser is installed yet – https://phabricator.whonix.org/T283
– build script: No longer install acpi-support-base by default on jessie, because systemd now implements that functionality. – https://phabricator.whonix.org/T284
– whonixcheck: added link to Whonix Build Version documentation https://www.whonix.org/wiki/Whonixcheck#Whonix_Build_Version – https://phabricator.whonix.org/T276
– build script: Fix commit 287bdcf6ddee007ba579e3ee9a1997edc8188581 ‘”makefile: added –pedantic to default DEBUILD_LINTIAN_OPTS because we are going to fix the last remaining “missing upstream changelog” warning’ – added –pedantic help-steps/variables.
– all packages: added debian/source/lintian-overrides with debian-watch-may-check-gpg-signature to fix lintian warning – https://phabricator.whonix.org/T277
– whonix-setup-wizard, anon-gw-anonyminizer-config, whonixcheck, whonix-ws-start-menu-additions, whonix-host-firewall: added ‘Keywords=’ to ‘.desktop’ files to fix lintian warning ‘desktop-entry-lacks-keywords-entry’ – https://phabricator.whonix.org/T281
– anon-shared-helper scripts: replaced dependency ‘python-support (>= 0.90)’ with dh-python to fix lintian warning
– control-port-filter-python: packaging, use debhelper with python2 to fix lintian warning
– modify apt-get parameters during build to prevent need to remove apt-listchanges – https://phabricator.whonix.org/T282
– build-script: refactoring, moved variables DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND from help-steps/variables to buildconfig.d/30_apt_opts
– genmkfile: hint “Is the build dependency genmkfile installed?” if genmkfile is not installed
– genmkfile: hint ‘dpkg-parsechangelog not found. Do you have the “build-essential” package installed?’ if dpkg-parsechangelog is not available
– sdwdate: removed dependency on ruby1.9.1-dev to fix lintian warning ‘E: sdwdate: depends-on-obsolete-package depends: ruby1.9.1-dev’
– whonixcheck: show diagnostic message on whonixcheck Whonix News gpg verification failure by default
– build script: Fix building Whonix on Whonix, fix if `lsb_release –short –i` returns ‘Whonix’. Temp hack ‘export whonix_build_on_operating_system=”debian”‘ no longer required. Thanks to @nrgaway for the bug report and the analysis. – https://phabricator.whonix.org/T278
– tb-updater: tbbversion_installed parser fix
– anon-meta-packages: removed dependency on libupower-glib1 which is no longer available in Debian jessie (which has been replaced by upower, that already gets installed)
– anon-base-files, whonix-developer-meta-files: implemented WHONIX_BUILD_QUBES=true environment variable support – https://phabricator.whonix.org/T298
– anon-meta-packages: whonix-gateway and whonix-workstation package no longer depend on anon-shared-build-fix-grub because it has been made a weak dependency for better physical isolation and Qubes support
– code simplification, removed support for environment variable ANON_BUILD_INSTALL_TO_ROOT=true because anon-shared-build-fix-grub now gets only installed on required platforms
– implemented build parameter ‘–unsafe-io true’, that speeds up builds, that uses ‘-o Dpkg::Options::=–force-unsafe-io’, eatmydata and ignores ‘sync’. – Thanks to @nrgaway for the suggestion!  – https://phabricator.whonix.org/T295
– implemented $apt_misc_opts – https://phabricator.whonix.org/T295
– whonixcheck: new –verbose debug feature, showing output of systemd-detect-virt
– vbox-disable-timesync: more robust implementation that is compatible with systemd – https://phabricator.whonix.org/T106
– timesync: compatibility with systemd – https://phabricator.whonix.org/T106
– whonixcheck, msgdispatcher: ported to systemd – https://phabricator.whonix.org/T106
– qubes-whonix: skip rads on Qubes – https://phabricator.whonix.org/T306
– systemd unit files: workaround/fix, removed spaces from ‘WantedBy = ‘, likely bug in ‘deb-systemd-helper’ that prevents enabling the service by default – https://phabricator.whonix.org/T316
– created a hellodaemon package, useful for Debian systemd packaging debugging – not part of Whonix – https://github.com/adrelanos/hellodaemon
– whonixcheck: debian/control: fix, added to ‘Build-Depends:’ ‘ruby-ronn (>= 0.7.3)’
– disable torsocks warning spam – https://phabricator.whonix.org/T317
– whonix-libvirt: fixed CI builds
– whonix-libvirt: added driver name=’qemu’ – Thanks to HulaHoop! – https://github.com/Whonix/whonix-libvirt/pull/20 https://github.com/Whonix/whonix-libvirt/pull/19 https://github.com/Whonix/whonix-libvirt/pull/18
– anon-meta-packages: added obfs4proxy to anon-gateway-packages-recommended – https://phabricator.whonix.org/T323
– anon-meta-packages: added apt-transport-tor to anon-shared-packages-recommended – https://phabricator.whonix.org/T92
– whonix-gw-network-conf, whonix-ws-network-conf: Removed ‘pre-up /usr/bin/whonix_firewall’, because /etc/network/if-pre-up.d to load the firewall, because of a Debian upstream bug interface comes up even if a script in /etc/network/if-pre-up.d/ fails http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. – https://phabricator.whonix.org/T68
whonix-gw-firewall, whonix-ws-firewall, whonix-host-firewall: Made package more standalone. Requiring ‘pre-up /usr/bin/whonix_firewall’ in /etc/network/interfaces is no longer necessary. Added etc/network/if-pre-up.d/30_whonix_firewall to load the firewall, because of a Debian upstream bug ‘interface comes up even if a script in /etc/network/if-pre-up.d/ fails’ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. – https://phabricator.whonix.org/T68
– whonixsetup, whonix-setup-wizard: fix ‘Tor fails after reload related to torrc DisableNetwork setting issue’ by only restarting Tor, no longer trying to reload Tor – https://phabricator.whonix.org/T320
– rads: Improved implementation. When there is enough RAM… On ‘enter': instantly start login manager. On ‘ctrl + c': instantly abort and do not start login manager. On ‘timeout': start login manager. Thanks to ‘dh_systemd_start –no-start’ we can now use ‘StandardInput=tty’ and ‘read’ instead of ‘systemd-ask-password’. Now we could even implement an interactive menu at boot (that allows to configure wait time and/or disabling rads). – https://phabricator.whonix.org/T57
– whonixcheck: abolished random wait by default – https://phabricator.whonix.org/T299
– anon-ws-disable-stacked-tor: fixed ‘insserv: script tor.anondist-orig: service tor already provided!’ warning during upgrades – https://phabricator.whonix.org/T303
– anon-ws-disable-stacked-tor: systemd compatibility – https://phabricator.whonix.org/T303
– anon-base-files: no longer ‘set -o pipefail’ in /usr/lib/pre.bsh. config-package-dev doesn’t like ‘set -o pipefail’ – http://mailman.mit.edu/pipermail/config-package-dev/2015-May/000041.html – https://phabricator.whonix.org/T329
– upstream bug report: spaces in Tor’s systemd unit file causes issues – https://trac.torproject.org/projects/tor/ticket/16162
– upstream bug report: Tor dies on reload when swichting to ‘DisableNetwork 0′ when using ‘DnsPort 127.0.0.1:53′ – https://trac.torproject.org/projects/tor/ticket/16161
build script: fix, support ‘–verifiable false’ (was ‘–verifiable minimal’ while build documentation said ‘false’)
– uwt: multi user fix – https://www.whonix.org/forum/index.php/topic,1267
– Qubes: WiFi Realtek RTL8191SEvB Issue and Solution – https://groups.google.com/forum/#!topic/qubes-users/kMGTSwP72aU
– whonix-setup-wizard API proposal: https://www.whonix.org/wiki/Dev/whonixsetup

The post Testers Wanted! Whonix 11 ( 11.0.0.2.3 ) appeared first on Whonix.

]]>
https://www.whonix.org/blog/whonix-11-testers-wanted/feed 0
Whonix Host Operating System, Announcing Sponsorship by OTF https://www.whonix.org/blog/host-and-sponsorship-by-otf https://www.whonix.org/blog/host-and-sponsorship-by-otf#comments Thu, 04 Jun 2015 11:57:33 +0000 https://www.whonix.org/blog/?p=1601 A Whonix Host Operating System has been a long standing TODO item that hasn’t made much progress over the years. Providing more usable user interface than VirtualBox, the ability to easily fire up additional VMs, to open potentially dangerous files

The post Whonix Host Operating System, Announcing Sponsorship by OTF appeared first on Whonix.

]]>
A Whonix Host Operating System has been a long standing TODO item that hasn’t made much progress over the years. Providing more usable user interface than VirtualBox, the ability to easily fire up additional VMs, to open potentially dangerous files in a disposable VM, easier file transfer in and out VMs, backups, host firewall and so forth. Not to mention hardware driver support Whonix would have to offer. While the Whonix project has insufficient funding as well as contributor manpower to realize any of that anytime soon, fortunately there is the Qubes OS Project. A Xen / Linux based distribution that focuses heavily on security compartmentalization. That means, for example, network devices are running in their own virtual machine. Any vulnerability in the network stack or card would be contained in that virtual machine. Firewall runs in another virtual machine. So does an untrusted browser. Everything can be compartmentalized into domains. An exploit inside an untrusted domain is contained and cannot compromise a private or work domain as long as the adversary cannot compromise Xen as well. Fortunately, Xen has a smaller attack surface than Linux. You can read more about Qubes architecture on the Qubes website. Furthermore Qubes implemented all of that while providing user interface with good usability.

Over the last few months Qubes-Whonix, a port of Whonix to Qubes has been developed. There has been a lot interest in this. And there is more to do.

After the release of Whonix 11, which is a port from Debian wheezy, sysvinit based Whonix to Debian jessie, systemd based Whonix [and more], my personal focus will shift more and more towards development of Qubes-Whonix.

This work will be supported by the Open Technology Fund. You can learn more about the history of that sponsorship and its details on the Qubes blog.

Work related to Qubes will be under the sponsor-c tag as well as the Qubes tag. More tickets to be added. Stay tuned.

For now, physical isolation (“–target root”) is not planned to be deprecated, because the Qubes-Whonix build process uses something similar to “–target root”. Neither the VirtualBox builds of Whonix are planned to be deprecated. Those are still a good way for new users to get in touch with Whonix and Linux in general.

The post Whonix Host Operating System, Announcing Sponsorship by OTF appeared first on Whonix.

]]>
https://www.whonix.org/blog/host-and-sponsorship-by-otf/feed 0
Whonix Project looking for Translations Coordinator https://www.whonix.org/blog/translations-coordinator https://www.whonix.org/blog/translations-coordinator#comments Fri, 22 May 2015 15:00:10 +0000 http://www.whonix.org/blog/whonix-project-looking-for-translations-coordinator Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. It has its focus on anonymity, privacy, security and usability. The Whonix project is looking for a volunteer Translations Coordinator. Your task: Join us

The post Whonix Project looking for Translations Coordinator appeared first on Whonix.

]]>
Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. It has its focus on anonymity, privacy, security and usability.

The Whonix project is looking for a volunteer Translations Coordinator.

Your task:

If you are interested, please sign up for the Whonix Development Forum [2] and say hello.

[1] https://www.mediawiki.org/wiki/MediaWiki_Language_Extension_Bundle
[2] https://www.whonix.org/forum/index.php/board,5.0.html

The post Whonix Project looking for Translations Coordinator appeared first on Whonix.

]]>
https://www.whonix.org/blog/translations-coordinator/feed 0
AppArmor and Whonix https://www.whonix.org/blog/apparmor-and-whonix https://www.whonix.org/blog/apparmor-and-whonix#comments Sun, 17 May 2015 20:38:23 +0000 https://www.whonix.org/blog/?p=1585 AppArmor (“Application Armor”) for better security. Current status of AppArmor and Whonix: – We do enable apparmor by default for a while now. (https://github.com/Whonix/grub-enable-apparmor) – Therefore The Tor Project’s apparmor profile for Tor is in use on Whonix-Gateway. – We

The post AppArmor and Whonix appeared first on Whonix.

]]>
AppArmor (“Application Armor”) for better security.

Current status of AppArmor and Whonix:

– We do enable apparmor by default for a while now. (https://github.com/Whonix/grub-enable-apparmor)
– Therefore The Tor Project’s apparmor profile for Tor is in use on Whonix-Gateway.
– We tweak that one a bit to make it work with Whonix and obfsproxy. (https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/etc/apparmor.d/local/system_tor.anondist)
– We don’t install any apparmor profiles by default as of Whonix 10.
– We do not install any longer the profiles from Debian (packages apparmor-profiles, apparmor-profiles-extra) since Whonix 10 because of the noise they generate in the forums.
– We do not plan on installing apparmor profiles by default for packages that are not developed under the Whonix umbrella such as for Tor Browser, pidgin, xchat, etc. (list: https://github.com/Whonix?utf8=%E2%9C%93&query=apparmor) – Package upgrades that we don’t control by upstream could make it impossible to start the application, lead to eventual fingerprinting issues, therefore installation of such apparmor profiles is manual for testers and advanced users.
– Upstreaming such profiles is a very time consuming process, also a slow process (requires a new stable debian release). Help welcome.
– For apparmor profiles developed under the Whonix such as sdwdate, whonixcheck, we plan in future for Whonix 12 or so on deprecating the separate apparmor profiles and installing those profiles by default, that is doable, because we control package upgrades.

The Whonix profiles can be installed with:

sudo apt-get install apparmor-profiles-whonix

AppArmor Whonix Wiki Page:
https://www.whonix.org/wiki/AppArmor

AppArmor Whonix Forum:
https://www.whonix.org/forum/index.php/board,18.0.html

Apparmor Whonix Phabricator TODO List:
https://phabricator.whonix.org/maniphest/?statuses=open%2Creview&allProjects=PHID-PROJ-q6t3ulhtja6xyqgs7l5z#R

Comments / Forum Discussion:
https://www.whonix.org/forum/index.php/topic,1237.0.html

The post AppArmor and Whonix appeared first on Whonix.

]]>
https://www.whonix.org/blog/apparmor-and-whonix/feed 0
If-by-Surveillance https://www.whonix.org/blog/if-by-surveillance https://www.whonix.org/blog/if-by-surveillance#comments Sun, 17 May 2015 18:06:01 +0000 https://www.whonix.org/blog/?p=1583 My friends, I had not intended to discuss this controversial subject at this particular time. However, I want you to know that I do not shun controversy. On the contrary, I will take a stand on any issue at any

The post If-by-Surveillance appeared first on Whonix.

]]>
My friends, I had not intended to discuss this controversial subject at this particular time. However, I want you to know that I do not shun controversy. On the contrary, I will take a stand on any issue at any time, regardless of how fraught with controversy it might be. You have asked me how I feel about surveillance. All right, here is how I feel about surveillance:

If when you say surveillance you mean enabling the privileged to commit unchecked nepotism and corruption, choking out dissent, the overriding of Constitutional checks and balances, manufacturing threats to control the populace with fear, the five-eyed monster, that attacks innocents, aiding destruction of homes, creation of misery and poverty, yea, literally taking the bread from the mouths of little children; if you mean the agencies that topple third world nations and drive their peoples into the bottomless pit of degradation, and despair, and shame and helplessness, and hopelessness, then certainly I am against it.

But, if when you say surveillance you mean the sabotage of global internet infrastructure, subversion of crypto standards, spying on human rights groups lawyers and journalists, attacks on freedom of speech, manipulation of public opinion and media polls, political blackmail, interference with domestic criminal court procedures and evidence gathering, sitting on 0days while leaving national infrasructure wide open to attack, magnification of totalitarianism, destruction of happiness and our right to be forgotten if only for a little while; if you mean the agencies whose bills rob our treasuries of untold billions of dollars, which could otherwise by used to provide tender care for our little crippled children, our blind, our deaf, our dumb, our pitiful aged and infirm; to build highways and hospitals and schools, then certainly I am still very much against it.

This is my stand. I will not retreat from it. I will not compromise.

The above was a parody of a political speech by a lawmaker from Mississippi about prohibition, originally called if-by-whiskey. But unlike the original there’s no double-speak. When I saw it I thought its a good opportunity to take a 10000 foot bird’s eye view of what has been making headlines.

With that said, I’m not sure that every IC employee was aware of the total scope of surveillance and abuses before the Snowden cache was published. The majority of NSA employees probably don’t agree with what’s happening. This sad direction is the result of the leaders who direct the efforts of well-meaning people into self-serving ways. People who are smart enough to figure out that they are being used to build the surveillance systems that are intended for their children and grandchildren, their families and friends, their neighbors and fellow citizens. All whom they wanted to serve and protect by joining the agency in the first place.

In reality, corporate surveillance poses a bigger danger than state surveillance for the average internet user. Its the former that enables the latter in large part. The fact that they are willing to dish out information about your life to anyone willing to pay their advertising networks should worry you even more than a government employee with top-secret clearance taking a peak. That’s not to say anyone is entitled to your data, thoughts or information about who you talk with. Its a choice that comes down to you choosing to change your perception about the value of yourself and refusing to use systems that betray you.

The post If-by-Surveillance appeared first on Whonix.

]]>
https://www.whonix.org/blog/if-by-surveillance/feed 0
bounty overview – May 2015 https://www.whonix.org/blog/bounty-overview-may-2015 https://www.whonix.org/blog/bounty-overview-may-2015#comments Tue, 12 May 2015 15:40:28 +0000 https://www.whonix.org/blog/?p=1575 List of bounties and details: – Build Debian Packages from Source Code – $ 3.000 – https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code – implement rads (ram adjusted desktop starter) systemd unit – $ 50 – https://www.bountysource.com/issues/14466761-implement-rads-ram-adjusted-desktop-starter-systemd-unit – make grsecurity kernel, grsecurity-installer work inside Whonix  –

The post bounty overview – May 2015 appeared first on Whonix.

]]>
List of bounties and details:

– Build Debian Packages from Source Code – $ 3.000 – https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code

– implement rads (ram adjusted desktop starter) systemd unit – $ 50 – https://www.bountysource.com/issues/14466761-implement-rads-ram-adjusted-desktop-starter-systemd-unit

– make grsecurity kernel, grsecurity-installer work inside Whonix  – $ 400 – https://www.bountysource.com/issues/14471558-make-grsecurity-kernel-grsecurity-installer-work-inside-whonix

– bountysource/frontend – Add support for Phabricator – $ 100 – https://www.bountysource.com/issues/1384856-add-support-for-phabricator-100

Bounty too low? How to apply?

1) Go to specific bountysource tickets.
2) Click on “Developers”
3) Click on “Get Started”
4) Select Status “Bounty too low”
5) Enter your offer and press “Save”.

The bounty may then be increased by if realistic and sustainable.

If you have any questions, please get in contact.

The post bounty overview – May 2015 appeared first on Whonix.

]]>
https://www.whonix.org/blog/bounty-overview-may-2015/feed 0
qubes-whonix – Whonix on top of Qubes – Looking for Maintainer! https://www.whonix.org/blog/qubes-whonix-maintainer https://www.whonix.org/blog/qubes-whonix-maintainer#comments Sat, 02 May 2015 13:17:08 +0000 https://www.whonix.org/blog/?p=1570 WhonixQubes, the previous maintainer of qubes-whonix unfortunately resigned. qubes-whonix is the combination of Qubes and Whonix. What are the tasks of a maintainer? – answering questions in the forums – keeping the wiki up to date – testing of installation,

The post qubes-whonix – Whonix on top of Qubes – Looking for Maintainer! appeared first on Whonix.

]]>
WhonixQubes, the previous maintainer of qubes-whonix unfortunately resigned.

qubes-whonix is the combination of Qubes and Whonix.

What are the tasks of a maintainer?

– answering questions in the forums
– keeping the wiki up to date
– testing of installation, build, upgrade instructions
– having a look at the issue tracker, implementing bug fixes and perhaps new features in team with nrgaway and other contributors
– otherwise self-initiated (guess)work and care keeping- example current task: Qubes Whonix 10 – Testing Instructions and Issues

This is a volunteer position.

Forum discussion:
https://www.whonix.org/forum/index.php/topic,1198.0.html

The post qubes-whonix – Whonix on top of Qubes – Looking for Maintainer! appeared first on Whonix.

]]>
https://www.whonix.org/blog/qubes-whonix-maintainer/feed 0