Testers Wanted! Tor – Stable Upgrades

Tor was updated to 0.2.8.10 in Whonix stable-proposed-updates as well as in testers repository.

Instructions for changing Whonix repository:
https://www.whonix.org/wiki/Whonix-APT-Repository

Then just do a update:
https://www.whonix.org/wiki/Update

accessibility tools could be automatically removed / you probably should remove them

If you do not use any accessibility tools (gnome-orca, espeakup, console-braille, florence, dasher, kdeaccessibility, kvkbd, kmousetool, kmag, kmouth, jovie, xbrlapi, festival, qt-at-sp), you will not miss anything. (You would probably know if you are using them.)

Soon, there will be a Whonix stable upgrade. The package whonix-gateway-shared-packages-shared-meta will no longer depend on anon-shared-kde-accessibility. This means, when you run `sudo apt-get purge kdeaccessibility && sudo apt-get autoremove` after the upgrade, these accessibility packages will be automatically removed.

Non-Qubes-Whonix only: brltty should be removed, since it currently is causing a performance issue.

Otherwise if you just want to remove brltty, use `sudo apt-get purge brltty`. If you want to keep almost all or only not those you manually uninstalled, you can use `sudo aptitude keep-all`.

If you want these installed, you are still very much free to have them installed. Just install them the usual way.

This is because those have some issues.

Can these packages also be uninstalled before the Whonix stable upgrade? – Due to technical limitations, this is not that easy. However, it is documented here:
https://www.whonix.org/wiki/Whonix_Debian_Packages

Non-Qubes-Whonix only: If you just want to stop the brltty syslog spam, you could use the following workaround to reliably stop it.

sudo systemctl stop brltty
sudo systemctl mask brltty

riseup.net likely compromised

riseup.net is a popular service provider among privacy and activist circles tweeted an obscure reference about birds which likely refers to their warrant canary that hasn’t been renewed since August.

I have looked through their whole twitter media history and they never posted pictures of birds with quotes difficult to interpret.

What is a canary? Quote:

A mechanism to test for unsafe conditions, originating from the use of canaries in coal mines to detect poisonous gases or cave-ins. If the canary died, it was time to get out of the mine. More recently, the term has been used by some online service providers to refer to an affirmative statement, updated regularly, that the provider has not been subjected to certain legal processes. If the statement is not updated in a timely fashion, users may infer that the canary statement may no longer be true.

This was followed by a confusing update which could be read as reassurance. Also it could be interpreted as being threatened with incarceration and being forced to keep the site up and a reminder to archive stuff immediately because of impending shutdown.

Compared with past similar concerns where riseup staff were prompt and direct about renewing their canary. No clear response was given so its logical to conclude that the servers may not be under their control any longer.

Why it matters?

While the threats of using a conventional email providers are well understood and apply regardless of who operates the service, taking over a server gives surveillance the power to actively compromise users machines en mass or to target select individuals.

For alternatives, see our wiki page about e-mail.

Tor / whonixcheck Stable Upgrades – Testers Wanted!

Tor was updated to 0.2.8.9-1~d80.jessie+1 and whonixcheck was updated to 3:4.6.4-1 in Whonix stable-proposed-updates as well as in testers repository.

Instructions for chaneing Whonix repository:
https://www.whonix.org/wiki/Whonix-APT-Repository

Then just do a update:
https://www.whonix.org/wiki/Update

Tor Onion Services as Anti-DDoS Protection

The more widely known feature of Onion Services besides anonymity is the free and trustworthy end-to-end encryption they provide which is impossible to have under the Certificate Authority racket.

Another interesting property is they can serve as a drop-in Global Server Load Balancing and Layer 3 DDoS-resistance solution. In short a a free and libre CDN alternative to tyrants like Cloudflare. It can protect your site without compromising on principles like complete and unhindered access for your your users and readers.

This was recently brought up by network scaling engineer, Alec Muffett who contributed much code to make it possible to run heavy traffic Onion Sites.

Advanced Deanonymization Attacks

A number of advanced deanonymization attacks. These do not just apply to Whonix, but any anonymity system. Some are also general security issues.

Rather than exploiting bugs in the hypervisor to break out, some of these attacks rely on the design of the underlying hardware to bypass privilege separation boundaries and extract (or leak) sensitive information to the network. No need for alarm, there are many qualifications to this and details in the listed tickets on proposed countermeasures. We are interested in cooperation to better assess the performance impact of the planned fixes.

  • Keystroke Deanonymization: T542
  • Advanced Attacks Meta ticket: T540
    • CPU-induced latency Covert Channel: T530
    • Cross-VM cache attacks countermeasures: T539
    • DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks: T541
    • TCP ISNs and Temperature induced clock skews: T543

 

Qubes-Whonix 13.0.0.1.2 TemplateVMs – Testers Wanted!

Qubes-Whonix only!

Ideally for this testers wanted task, start fresh. Rename or delete both Whonix VMs sys-whonix and anon-whonix, reinstall whonix-gw and whonix-ws Qubes-Whonix templates. See the following instructions. Note: use qubes-dom0-unstable rather than qubes-templates-community then recreate Whonix VMs.

https://www.qubes-os.org/doc/reinstall-template/

(The following command deviates from the above instructions so you install the testers rather than stable Whonix templates.)

sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-template-whonix-gw qubes-template-whonix-ws

After template re-installation, to re-create Whonix VMs you can use the following command in Qubes dom0 using salt (not yet mentioned in Qubes documentation).

sudo qubesctl state.highstate

(Or you can also upgrade from Whonix jessie-proposed-updates and testers repository. Dedicated blog post and more information on this upgrade:
https://www.whonix.org/blog/testers-wanted-repo-upgrades)

Testers wanted! Tor, anon-gw-anoynmizer-config and qubes-whonix upgrades

Upgraded packages have been added to Whonix jessie-proposed-updates and testers repository.

  • newer Tor version 0.2.8.6-1~d80.jessie+1
  • anon-gw-anoynmizer-config 1.9.2 – bugfix
  • newer qubes-whonix version 5.7-1 – It contains various bug fixes to ensure Qubes R3.2 compatibility.

If you can, please enable such a repository and help test this.

corridor, a Tor traffic whitelisting gateway, a clearnet leak tester

After making the second step, posting how to use corridor, a Tor traffic whitelisting gateway with Qubes-Whonix, I will hereby do the first step, posting a general announcement of an interesting third party project, corridor. Please forget about Whonix for a moment, and I will explain what the corridor project by default is doing.

corridor is a Tor traffic whitelisting gateway. It is a filtering gateway. Not a proxying gateway.

corridor can be used to check systems / programs that should cause only Tor traffic for leaks. corridor can log any clearnet, non-Tor traffic and will block it.

Ideally, corridor gets installed on a physically isolated device running Debian with two network adapters. Let’s call that corridor-Gateway. Then start Tails, TBB or Whonix behind such a corridor-Gateway. Should there be any accidental clearnet traffic (leaks), then corridor could log it and would block it.

Alternatively, corridor can be installed in a Debian based VM. Another VM could run Tails, TBB or Whonix-Gateway. These VMs would be configured to connect through corridor-Gateway.

In pure corridor, non-Whonix terms, let’s call these VMs corridor-Gateway and corridor-Workstation.

In a corridor like setup, it is up to the coridor-Workstation to run its own Tor client to establish connections. The corridor-Gateway will run its own, separate Tor client. For the simplicity of the design, corridor-Workstation does not have access to Tor’s ControlPort running on corridor-Gateway. Again, corridor-Gateway is not a proxying gateway, it is a filtering gateway. The main purpose of the Tor client running on corridor-Gateway is to know obtain the current list of Tor entry guards. corridor-Gateway’s firewall restricts all outgoing connections to Tor relays [or Tor bridges].

This is not necessarily more anonymous. It is an additional fail-save Tor traffic whitelisting firewall that would protect from accidental clearnet leaks (hypothetical clearnet leak bugs in TBB, Tails or Whonix). As corridor’s project description states, quote “it cannot prevent malware on a client computer from finding out your clearnet IP address”.

corridor is mostly useful for developers and auditors of TBB, Tails or Whonix, perhaps also for advanced users who would like to have an additional safety net.

Quote corridor readme:

“corridor is not a replacement for using a well-designed operating system on your client computers, like Qubes with TorVM/Whonix.”

corridor cannot sit between Whonix-Gateway and Whonix-Workstation. That would make no sense in combination with the Whonix design.

Credits: The author of corridor is rustybird. The author of fork of corridor for Debian is Patrick Schleizer.

If you like Whonix, please support it.

 

Using corridor, a Tor traffic whitelisting gateway with Qubes-Whonix

corridor is a Tor traffic whitelisting gateway. It is a filtering gateway. Not a proxying gateway.

It can also be used as a BridgeFirewall.

This is not necessarily more anonymous. It is an additional fail-save Tor traffic whitelisting firewall that would protect from accidental clearnet leaks (hypothetical clearnet leak bugs in Whonix). As corridor’s project description states, quote “it cannot prevent malware on a client computer from finding out your clearnet IP address”. corridor is mostly useful for developers and auditors of Whonix, perhaps also for advanced users who would like to have an additional safety net. It cannot protect from hypothetical Qubes ProxyVM leak bugs either, a physically isolated, standalone corridor-Gateway would be better and could cover that.

It does not increase the tunnel length, i.e. it does not add more relays between you and the destination, if you are interested in that, see Tunnels/Introduction.

Credits: The author of corridor is rustybird. The author of fork of corridor for Debian which will be used in this instructions is Patrick Schleizer.

The full documentation for doing this can be found here:
https://www.whonix.org/wiki/Corridor

If you like Whonix, please support it.

Top