Whonix https://www.whonix.org/blog Privacy and Anonymity OS Mon, 16 Mar 2015 22:47:20 +0000 en-US hourly 1 http://wordpress.org/?v=4.1.1 Major Updates for Qubes + Whonix! https://www.whonix.org/blog/major-updates-for-qubes-whonix https://www.whonix.org/blog/major-updates-for-qubes-whonix#comments Mon, 16 Mar 2015 22:36:51 +0000 https://www.whonix.org/blog/?p=1478 Hello everyone, WhonixQubes here. I wanted to finally update you on some major updates with the Qubes + Whonix platform that have been accomplished over the past few months. TLDR Summary: Qubes + Whonix is the seamless combination of Qubes

The post Major Updates for Qubes + Whonix! appeared first on Whonix.

]]>
Hello everyone, WhonixQubes here. :D

I wanted to finally update you on some major updates with the Qubes + Whonix platform that have been accomplished over the past few months.

TLDR Summary:

Qubes + Whonix is the seamless combination of Qubes OS and Whonix OS for best-in-class Security + Anonymity.

The Qubes + Whonix port has been fundamentally upgraded to a native seamless architecture (ProxyVM + AppVM).

Qubes + Whonix is now easy to install (Install Guide available on the wiki) and most all of the past usability issues have been fixed.

We now have upstream integration into the Qubes codebase and templates repository.

We now have newly updated documentation guides on our wiki with more to come soon.

Based on Qubes OS R2 and Whonix OS 9.6, the current newly released versions of the new Qubes + Whonix RPM templates is 2.1.8 and DEB updates package is 9.6.2.

Qubes + Whonix Primary Sources:

- Wiki: whonix.org/wiki/Qubes
– Forum: whonix.org/forum/Qubes
– Blog: whonix.org/blog/Qubes
– Tracker: whonix.org/tracker/Qubes

Full Version:

First: What is Qubes + Whonix all about?

Qubes OS (qubes-os.org) is one of the most secure OS architectures you will ever encounter that is able to withstand greater attack due to its advanced isolation properties.

Whonix OS (whonix.org) is a Tor-based virtual machine OS for anonymizing all of your traffic through Tor in a meaningfully more optimal and secure way than normal.

Qubes + Whonix is the seamless combination of Qubes OS and Whonix OS for best-in-class Security + Anonymity.

New Architecture:

Last year, I accomplished the first port of Whonix OS over to Qubes OS.

Now, with big thanks to nrgaway, we have a new — much improved — seamless combination of Qubes + Whonix.

The new Qubes + Whonix is a much more natively integrated, seamless and easy to use combination of Qubes + Whonix.

Instead of the old TwoHVM architecture, we now make use of a seamless ProxyVM + AppVM architecture.

The Whonix-Workstation is installed as an AppVM in Qubes, which is where your user applications reside, and all of their traffic gets forced through the separate Whonix-Gateway Tor ProxyVM.

The Whonix-Gateway is installed as a ProxyVM in Qubes, which is where your Tor connection proxy resides, and is securely isolated so that malware can’t simply circumvent your Tor connection to easily find out your real identity, as it can with other Tor systems.

With the new architecture, we have seamless GUI desktop integration with Qubes OS.

And we have Qubes tools integration that allow for things like easy-and-secure copy/paste as well as easy-and-secure file moving between VMs.

From the base TemplateVMs, you can dynamically generate as many Whonix VMs as you please, to use simultaneously, for more optimal anonymous workspace isolation.

The new native port architecture of Qubes + Whonix is much more useful.

Upsteam Integration and Install/Updates:

The Qubes team has enjoyed our work on Qubes + Whonix and we now have upstream integration in the Qubes codebase and templates repository.

This also means that installation is very easy to do via the RPM packages (Install Guide available on the wiki).

Also, much of the Qubes + Whonix code has been moved out of the Qubes template builder codebase to an independent Whonix package called “qubes-whonix”.

This qubes-whonix package will now allow us to push more convenient updates to Qubes + Whonix without always needing to rebuild and reinstall the underlying TemplateVMs.

So install and update are much improved.

Qubes + Whonix Packages:

There are now three packages specific to the Qubes + Whonix platform now:

- Whonix-Gateway TemplateVM which comes as a RPM package in Qubes and is currently at version 2.1.8.

- Whonix-Workstation TemplateVM which comes as a RPM package in Qubes and is currently at version 2.1.8.

- qubes-whonix which comes as a DEB updates package in Whonix and is currently at version 9.6.2.

These current versions are based on Qubes OS R2 and Whonix OS 9.6.

New and Improved Documentation:

We have new documentation for Qubes + Whonix on our wiki (whonix.org/wiki/Qubes).

Here you can learn more about the platform and get some primary guides on how to work with Qubes + Whonix.

The new documentation was just recently launched and more is being added throughout the near-term future.

To learn more, go check it out the wiki documentation for yourself.

Also, the general Whonix wiki has extensive knowledge available about optimizing your Tor-based anonymity.

So, if you want to supercharge your Security + Anonymity, then feel free to try out Qubes + Whonix.

Also, if you’ve got skills, feel free to get in touch and join in on the development effort of the Qubes + Whonix platform.

More improvements coming soon.

Thanks everyone! :D

WhonixQubes

Qubes + Whonix Primary Sources:

- Wiki: whonix.org/wiki/Qubes
– Forum: whonix.org/forum/Qubes
– Blog: whonix.org/blog/Qubes
– Tracker: whonix.org/tracker/Qubes

The post Major Updates for Qubes + Whonix! appeared first on Whonix.

]]>
https://www.whonix.org/blog/major-updates-for-qubes-whonix/feed 0
Poisoned Fruit https://www.whonix.org/blog/poisoned-fruit https://www.whonix.org/blog/poisoned-fruit#comments Wed, 11 Mar 2015 03:13:42 +0000 https://www.whonix.org/blog/?p=1470 https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/ The classic paper on compilers called “Trusting Trust” sheds light on the most devastating type of attacks in a computing environment. An attacker altering a compiler binary can make it produce malicious versions of every program it compiles, including

The post Poisoned Fruit appeared first on Whonix.

]]>
https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/

The classic paper on compilers called “Trusting Trust” sheds light on the most devastating type of attacks
in a computing environment. An attacker altering a compiler binary can make it produce malicious versions of every program it compiles, including itself. Once this is done, the attack remains undetectable in perpetuity:

http://cm.bell-labs.com/who/ken/trust.html

Apple sunk millions of dollars
into creating LLVM just to undermine GCC and to close off their development chain from developers. The problem with their closed proprietary model is that there can never be a way for users to
verify that their binary copy of the compiler is derived from clean
source code. Apple want to prevent users from seeing the source for
the compiler and spies are taking advantage of this.

Apple also bans GPL software from their Appstore.

This ladies and gentlemen is why the world without GCC would be a very dark place. Revelations like these vindicate Richard Stallman and his philosophy.

To no amazement, the tree of secret proprietary development can only bear the fruits of sabotage. By backdooring the compiler, as they do with Apple’s Xcode, the Intelligence Community is poisoning entire software ecosystems. For them its OK as long as they can get at a few bad apples. See what I did there? :P

Screw you Apple for viciously attacking Free Software, you reap what you sow.

My favorite part:
“I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will,” Cook said last September in announcing Apple’s new privacy policy.

LOL ever heard of PRISM Mr. Cook? What do you mean you “never” allowed access to your servers? Last time I checked all surveillance programs foreign and domestic are still in place and being beefed up as we speak. Before you make privacy Apple’s next marketing gimmick you’d do well to keep up with the headlines.

The post Poisoned Fruit appeared first on Whonix.

]]>
https://www.whonix.org/blog/poisoned-fruit/feed 0
The ‘Libre’ in Libre Software https://www.whonix.org/blog/the-libre-in-libre-software https://www.whonix.org/blog/the-libre-in-libre-software#comments Tue, 10 Mar 2015 23:37:54 +0000 https://www.whonix.org/blog/?p=1466 For those of you using proprietary platforms, powerful privacy tools may be your first encounter with Libre Software. Unlike proprietary software, Libre Software is not some opaque mysterious blackbox, a shrink wrapped “product” or even a development process. Libre Software

The post The ‘Libre’ in Libre Software appeared first on Whonix.

]]>
For those of you using proprietary platforms, powerful privacy tools may be your first encounter with Libre Software.

Unlike proprietary software, Libre Software is not some opaque mysterious blackbox, a shrink wrapped “product” or even a development process.

Libre Software is an evolving dialogue between contributors and users, constantly improving and evolving to meet their needs and yours too if you participate in the discussion.

It is a community dedicated to protecting your inalienable human rights in a predatory, global corporate-government surveillance climate.

By its definition, Freedom cannot force itself on you or choose you, you must choose it. If you enjoy using Tor and Whonix I encourage you to try a GNU/Linux distro as your host OS.

(Anything but Ubuntu though. It saddens me to make an exception but their hostile actions against the community and user privacy make them untrustworthy)

The post The ‘Libre’ in Libre Software appeared first on Whonix.

]]>
https://www.whonix.org/blog/the-libre-in-libre-software/feed 3
Whonix KVM is Back! https://www.whonix.org/blog/whonix-kvm-is-back https://www.whonix.org/blog/whonix-kvm-is-back#comments Tue, 10 Mar 2015 22:31:31 +0000 https://www.whonix.org/blog/?p=1463 After a brief hiatus I am retaking up maintenance of KVM Whonix. Feel free to leave comments or raise support concerns in the dedicated sub-forum.

The post Whonix KVM is Back! appeared first on Whonix.

]]>
After a brief hiatus I am retaking up maintenance of KVM Whonix.

Feel free to leave comments or raise support concerns in the dedicated sub-forum.

The post Whonix KVM is Back! appeared first on Whonix.

]]>
https://www.whonix.org/blog/whonix-kvm-is-back/feed 0
First Bounty! 3.000 $ – Build Debian Packages from Source Code https://www.whonix.org/blog/bounty-debian-source-code https://www.whonix.org/blog/bounty-debian-source-code#comments Mon, 02 Mar 2015 18:05:57 +0000 https://www.whonix.org/blog/?p=1445 For Task Details see: https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code Bounty too low? How to apply? 1) Go to https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code 2) Click on “Developers” 3) Click on “Get Started” 4) Select Status “Bounty too low” 5) Enter your offer and press “Save”. The bounty may

The post First Bounty! 3.000 $ – Build Debian Packages from Source Code appeared first on Whonix.

]]>
For Task Details see:
https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code

Bounty too low? How to apply?

1) Go to https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code
2) Click on “Developers”
3) Click on “Get Started”
4) Select Status “Bounty too low”
5) Enter your offer and press “Save”.

The bounty may then be increased by if realistic and sustainable.

If you have any questions, please get in contact.

The post First Bounty! 3.000 $ – Build Debian Packages from Source Code appeared first on Whonix.

]]>
https://www.whonix.org/blog/bounty-debian-source-code/feed 0
[Solved] – Unmaintained Notice! – Whonix inside KVM – Looking for contributor! https://www.whonix.org/blog/unmaintained-notice-whonix-inside-kvm-looking-for-contributor https://www.whonix.org/blog/unmaintained-notice-whonix-inside-kvm-looking-for-contributor#comments Fri, 27 Feb 2015 20:52:04 +0000 http://www.whonix.org/blog/unmaintained-notice-whonix-inside-kvm-looking-for-contributor Update: KVM maintainer HulaHoop is back. Since previous Whonix in KVM maintainer HulaHoop was last active on January 04, 2015, it’s safe to assume this person got lost. No idea why HulaHoop went inactive. There was no notice of departure,

The post [Solved] – Unmaintained Notice! – Whonix inside KVM – Looking for contributor! appeared first on Whonix.

]]>
Update: KVM maintainer HulaHoop is back.

Since previous Whonix in KVM maintainer HulaHoop was last active on January 04, 2015, it’s safe to assume this person got lost. No idea why HulaHoop went inactive. There was no notice of departure, argument or whatsoever. I would like to thank HulaHoop for its work on support for running Whonix inside KVM. As of Whonix 9, the status was “testers-only” and would likely have changed to “stable” in Whonix 10. So most integration work is already done. A new contributor would be welcome to take over from there.

What does this mean for you as a user? No one from the Whonix team will keep KVM in mind. Any eventually upcoming security issues with KVM with respect to Whonix would go unnoticed. Questions in Whonix KVM sub forum will likely not be answered by anyone from the Whonix team. You are encouraged to move on to still supported platforms. The KVM wiki page has been updated accordingly to reflect this information.

Unfortunately, due to work generated by blessing a platform as supported, the current Whonix team cannot takeover HulaHoop’s task. A dedicated maintainer is required for that platform. This is partly because KVM is too support intensive. There are too many KVM’s installation issues from various distribution package sources. KVM’s non-helpful, cryptic error messages if the xml files are using a feature, that is is not available by the platform and because one ought to look over KVM changelogs and to think though if/how those affect Whonix.

The post [Solved] – Unmaintained Notice! – Whonix inside KVM – Looking for contributor! appeared first on Whonix.

]]>
https://www.whonix.org/blog/unmaintained-notice-whonix-inside-kvm-looking-for-contributor/feed 0
Whonix Setup Wizard Feedback Required! https://www.whonix.org/blog/whonix-setup-wizard-feedback-required https://www.whonix.org/blog/whonix-setup-wizard-feedback-required#comments Mon, 23 Feb 2015 18:03:35 +0000 http://www.whonix.org/blog/whonix-setup-wizard-feedback-required troubadour has created Whonix Setup Wizard, that will replace the terminal whonixsetup when running a graphical Whonix-Gateway or Whonix-Workstation. We need your feedback on whether our approach seems usable. Please leave feedback in the forums. Link to forum discussion: https://www.whonix.org/forum/index.php/topic,974

The post Whonix Setup Wizard Feedback Required! appeared first on Whonix.

]]>
troubadour has created Whonix Setup Wizard, that will replace the terminal whonixsetup when running a graphical Whonix-Gateway or Whonix-Workstation. We need your feedback on whether our approach seems usable. Please leave feedback in the forums. Link to forum discussion:
https://www.whonix.org/forum/index.php/topic,974

Please keep discussion limited to usability and move technical discussion to the technical thread.

Have a look at the following screenshots.
Click to enlarge the screenshots.

At first boot, before starting KDE (if using KDE), “whonix-setup-wizard locale_settings” will be started. You will only see this little window and the rest will be black, because at this time no desktop is load yet. Mouse and keyboard will be available.

Language Selection 1
whonix-setup-wizard xinit 1
You can imagine a bit better how it would look like in the following screenshots.

Language selection. (Same menu as in KDE system settings.)
whonix-setup-wizard xinit 2

Keyboard layout selection. (Same menu as in KDE system settings.)

whonix-setup-wizard xinit 3
Language Selection End
whonix-setup-wizard xinit 4
After a desktop environment has been start, “whonix-setup-wizard setup” will be automatically started. It begins with the disclaimer.

Disclaimer Page 1/2

Disclaimer 2/2

Then goes on the the connection wizard.

Connection Wizard Page 1

Connection Wizard Page 1 Tooltip

Connection Wizard page 2
whonix-setup-wizard connection wizard 2
Connection Wizard End
whonix-setup-wizard connection wizard 3
On first boot, it will also additionally start “whonix-setup-wizard repository”.
whonix-setup-wizard connection wizard first boot
Whonix Repository Wizard Page 1
whonix-setup-wizard repository wizard 1
Whonix Repository Wizard Page 2
whonix-setup-wizard repository wizard 2

Whonix Repository Wizard Page End

whonix-setup-wizard repository wizard 3

Please leave feedback! Link to forum discussion:
https://www.whonix.org/forum/index.php/topic,974

Please keep discussion limited to usability and move technical discussion to the technical thread.

Other links:
whonix-setup-wizard open tasks
whonix-setup-wizard technical development discussion

The post Whonix Setup Wizard Feedback Required! appeared first on Whonix.

]]>
https://www.whonix.org/blog/whonix-setup-wizard-feedback-required/feed 0
Contribute! Whonix Development Help Wanted! Check out the open Tasks on our new Issue Tracker! https://www.whonix.org/blog/contribute-whonix-development-help-wanted-check-out-the-open-tasks-on-our-new-issue-tracker https://www.whonix.org/blog/contribute-whonix-development-help-wanted-check-out-the-open-tasks-on-our-new-issue-tracker#comments Mon, 09 Feb 2015 17:04:19 +0000 http://www.whonix.org/blog/contribute-whonix-development-help-wanted-check-out-the-open-tasks-on-our-new-issue-tracker Migration to our new phabricator bug tracker finished. Thanks to Jason Ayala who did most of the migration work! Whonix Development Help Wanted! Check out the list of all open issues (feature requests and bugs) that we would like seeing

The post Contribute! Whonix Development Help Wanted! Check out the open Tasks on our new Issue Tracker! appeared first on Whonix.

]]>
Migration to our new phabricator bug tracker finished. Thanks to Jason Ayala who did most of the migration work!

Whonix Development Help Wanted!

Check out the list of all open issues (feature requests and bugs) that we would like seeing implemented:
https://phabricator.whonix.org/maniphest/query/all/

Or if you want to help working towards the release of Whonix 10, check out the issues we want to solve before Whonix 10:
https://phabricator.whonix.org/tag/whonix_10/

Do you speak python? Check out our tasks with the python label:
https://phabricator.whonix.org/tag/python/

Do you speak bash? Whonix’s build script is written in bash and so are most scripts developed by Whonix. Check out our tasks with the bash label:
https://phabricator.whonix.org/tag/bash/

Do you speak C? Mostly missing features in other upstream projects. Check out our tasks with the C code label:
https://phabricator.whonix.org/tag/c_code/

Can you write AppArmor profiles? Check out our AppArmor tasks:
https://phabricator.whonix.org/tag/apparmor/

Interested in Whonix Qubes? Check out the Qubes tag:
https://phabricator.whonix.org/tag/qubes/

Interested in Whonix KVM? Check out the KVM tag:
https://phabricator.whonix.org/tag/kvm/

Interested in Legal Issues? Check out the legal issues tag:
https://phabricator.whonix.org/tag/legal_issue/

Want to see systemd support? Check out the systemd tag:
https://phabricator.whonix.org/tag/systemd/

Interested in security hardening? Check out the security tag:
https://phabricator.whonix.org/project/view/23/

Want to improve user documentation? Check out the user documentation tag:
https://phabricator.whonix.org/tag/user_documentation/

Want to backdoor resistance? Check out Verifiable Builds:
https://phabricator.whonix.org/tag/verifiable_builds/

The full list of tags can be found here:
https://phabricator.whonix.org/project/

Too technical? Still not busy? Check out our Contribute wiki page:
https://www.whonix.org/wiki/Contribute

Please contribute!

Why did we move to our self-hosted phabricator web app? Our Github issue tracker didn’t scale for Whonix since it’s a project at the size of a GNU/Linux distribution. Github doesn’t support roadmaps referencing tickets that are in different repositories/projects. Neither adding tickets to more than one roadmap is supported. And adding all tickets to one bug tracker rendered that tracker too crowded and therefore unusable. We’ve discussed this and agreed to move to use phabricator.

Old Github Issue Tracker:
https://github.com/Whonix/Whonix/issues

New Phabricator Issue Tracker:
https://phabricator.whonix.org/maniphest/query/all/

If you are interested to get e-mail notification about any new issue that is created so you can jump into the discussion, see this wiki link:
https://www.whonix.org/wiki/Dev/Bug_Tracker#Get_E-Mail_Notification_for_all_New_Maniphest_Tasks

For any questions about the new bug tracker, please ask in the forums:
https://www.whonix.org/forum/index.php/topic,867

The post Contribute! Whonix Development Help Wanted! Check out the open Tasks on our new Issue Tracker! appeared first on Whonix.

]]>
https://www.whonix.org/blog/contribute-whonix-development-help-wanted-check-out-the-open-tasks-on-our-new-issue-tracker/feed 0
Suggest Trustworthy Tor Hidden Services as Time Sources for sdwdate https://www.whonix.org/blog/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate https://www.whonix.org/blog/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate#comments Fri, 06 Feb 2015 19:26:51 +0000 http://www.whonix.org/blog/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate TLDR: What web servers do you consider trustworthy, to take great care of their visitors’ privacy, that are stable and that get great amounts of traffic, and most important, are reachable over .onion as a Tor Hidden Service? Ideally, we

The post Suggest Trustworthy Tor Hidden Services as Time Sources for sdwdate appeared first on Whonix.

]]>
TLDR:

What web servers do you consider trustworthy, to take great care of their visitors’ privacy, that are stable and that get great amounts of traffic, and most important, are reachable over .onion as a Tor Hidden Service?

Ideally, we need to have around ~50 servers.

Post in the comments below or in the forums:
https://www.whonix.org/forum/index.php/topic,943

Long:

In Whonix 10, we want to avoid SSL by using Tor Hidden Services as a time source for sdwdate.

The purpose of this blog post is to ask Whonix users, to suggest suitable web servers.

What web servers do you consider trustworthy, to take great care of their visitors’ privacy, that are stable and that get great amounts of traffic, and most important, are reachable over .onion as a Tor Hidden Service?

(The whole discussion about network time synchronization in anonymity centric distributions is off topic in this thread, but can be found here [link] and you could open separate threads to discuss other aspects.) (Déjà vu?)

Post in the comments below or in the forums:
https://www.whonix.org/forum/index.php/topic,943

The post Suggest Trustworthy Tor Hidden Services as Time Sources for sdwdate appeared first on Whonix.

]]>
https://www.whonix.org/blog/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate/feed 0
Bug: Tor Browser Alpha rather than Tor Browser Stable being installed by Tor Browser Updater (AnonDist) https://www.whonix.org/blog/bug-tor-browser-alpha-rather-than-tor-browser-stable-being-installed-by-tor-browser-updater-anondist https://www.whonix.org/blog/bug-tor-browser-alpha-rather-than-tor-browser-stable-being-installed-by-tor-browser-updater-anondist#comments Thu, 05 Feb 2015 11:55:10 +0000 http://www.whonix.org/blog/bug-tor-browser-alpha-rather-than-tor-browser-stable-being-installed-by-tor-browser-updater-anondist The version file format was changed, and there is no stable version version format. If you want to use the stable version of Tor Browser, you have to use these instructions in meanwhile: https://www.whonix.org/wiki/Manually_Updating_Tor_Browser Forum Discussion: https://www.whonix.org/forum/index.php?topic=939 Whonix Issue Tracker:

The post Bug: Tor Browser Alpha rather than Tor Browser Stable being installed by Tor Browser Updater (AnonDist) appeared first on Whonix.

]]>
The version file format was changed, and there is no stable version version format.

If you want to use the stable version of Tor Browser, you have to use these instructions in meanwhile:
https://www.whonix.org/wiki/Manually_Updating_Tor_Browser

Forum Discussion:
https://www.whonix.org/forum/index.php?topic=939

Whonix Issue Tracker:
https://phabricator.whonix.org/T130

The post Bug: Tor Browser Alpha rather than Tor Browser Stable being installed by Tor Browser Updater (AnonDist) appeared first on Whonix.

]]>
https://www.whonix.org/blog/bug-tor-browser-alpha-rather-than-tor-browser-stable-being-installed-by-tor-browser-updater-anondist/feed 0