[Whonix-devel] [qubes-users] Re: [qubes-devel] Qubes Project gets OTF funding to integrate Whonix, improve UX

Patrick Schleizer patrick-mailinglists at whonix.org
Mon Jun 8 16:01:00 CEST 2015

> On Sat, Jun 06, 2015 at 07:14:53AM -0400, cprise wrote:
>> On 06/05/15 21:23, Unman wrote:
>>> On Thu, Jun 04, 2015 at 01:12:52PM +0200, Joanna Rutkowska wrote:
>>>> Hello,
>>>> Here is some great news:
>>>> http://blog.invisiblethings.org/2015/06/04/otf-funding-announcement.html
>>>> In other news: Qubes Canary #3 has been published yesterday:
>>>> https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-003-2015.txt
>>>> Thanks,
>>>> joanna.
>>> Great news on the funding, congratulations.
>>> It isn't clear to me what features the whonix gateway provides that the
>>> torvm/torfw combo doesn't - can someone on the whonix side help me out on
>>> this?
>>> cheers
>>> unman
>> They have a detailed comparison here:
>> https://www.whonix.org/wiki/Comparison_with_Others
>> If you want to use non-browser apps over Tor then Whonix is better because
>> they test for leaks and each app benefits from stream isolation. It also
>> protects against fingerprinting, and sets up TorBrowser as the default
>> browser (last I checked in TorVM, you had to use regular Firefox or go
>> through a special TorBrowser setup process that isn't described in the
>> wiki).
> I've read that comparison and I've ploughed through lots of the whonix
> documentation. What i haven't seen is a design document or specification
> for the whonix gateway.
> On the points you mention, the torvm provides stream isolation, and the
> setup of TBB is pretty trivial and (now) well documented. I thought that
> it was the whonix ws which provided protection against fingerprinting -
> is this a function performed by the gateway too?
> As for the testing, do you mean that there's some packet inspection in
> the gateway to guard against metadata leakage or something like that? Or
> do you mean that whonix-qubes is tested in some way that qubes isn't? If it's
> the latter then we can pretty easily fix that.
> There's a comment in the documentation that the whonix templates may
> provide a more usable and robust solution for torifying traffic. As I
> don't encounter any problems with the torvm, and haven't seen many
> reported in the lists, I don't know what to make of this.
> What I was looking for was some detail on what the whonix gateway
> provides that the torvm/torfw combo doesn't. The reason why I think it's
> important is that if there are features then I think they should be
> ported to the torvm so that users who don't want to use
> whonix will still benefit from them.
> Also the advantage of a simpler system, only one code base to maintain
> etc etc. And if there were a unified tor gateway solution the devs could
> focus on the whonix workstation template, which is, I think, where most
> of the anonymising configuration in the apps takes place.
> Anyone help me out?
> unman

For a list what Whonix does, go to https://github.com/Whonix and check
the short summaries. ~7 pages with ~20 packages. From there you can
click any package and view the long description, from there perhaps dig
deeper. See also:
- https://www.whonix.org/wiki/Dev/Design-Detailed
- https://www.whonix.org/wiki/Design


More information about the Whonix-devel mailing list