- 1 User's Preferences
- 2 Threat Models
- 3 Multiple Download Pages Considerations
- 4 Windows Verification is hosed
- 5 Implementation Ideas
- 6 See Also
- 7 Footnotes
By Host Operating System
- Windows users -> Install VirtualBox from virtualbox.org -> recommend VirtualBox ova's
- Linux users -> Install VirtualBox by using distribution's package manager -> recommend using KVM and .qcow2 images
- Mac users -> Install VirtualBox by ? -> recommend VirtualBox ova's
- Qubes users -> Qubes
By Target Platform
- two physical computers (Physical Isolation)
- probably in long term future other virtualizers as well
By Security / Usability Compromise
- http-only, direct http download link (https as soon as implemented)
- no notes about download anonymity
- Torrent + note, that anonymous download is difficult
- http-only, direct http download link + hash check + note anonymous download
- http(s) + gpg
- onion + gpg
- notes about anonymous download
- Build from source code
By Download Method
By Download Anonymity
Low priority. Perhaps leaving this out.
- preferred download anonymity -> http(s) or onion, avoiding torrent
- no preference about download anonymity -> nevermind http(s) or torrent
By Release Life Cycle
- Stable Releases
- Testers-Only Releases
- Experimental Releases
No attacks prevented
- Http-only download without verification.
- Good for new users who should be warned that this is only to try Whonix and practice getting used to Linux.
- Man-in-the-middle attack between mirror and downloader.
- Can be defeated by using hash check, SSL, onion or BitTorrent.
whonix.org server compromise
- Prevented by OpenPGP verification.
build server compromise
- Prevented by building from source code.
Multiple Download Pages Considerations
If we consider multiple download pages, users are accustomed to share direct download links. One who decided to use VirtualBox is likely to share the VirtualBox download page link. So the VirtualBox download page should ideally briefly mention, that there are also options on the main download page. Just a consideration. IF we decide that route.
Windows Verification is hosed
To check the hash, windows users have to either:
1. Download a utility from a website and follow the instructions about how to check a hash <- Possible, but tedious.
2. Download via Bittorrent <- Requires prior knowledge of Bittorrent
3. All downloads via SSL <- Can't right now
4. Learn GPG <- an important skill; but now we're jumping directory to the "advanced verification" stage
Verifying file integrity is not something Windows encourages.
No one is providing a https enabled download link for a Windows hash verification tool. Maybe we should redistribute rapid-crc-unicode-portable (just 1 MB) over https on whonix.org?
Using html fieldset tag
Compatibility, it looks like everyone supports it: http://www.w3schools.com/tags/tag_fieldset.asp
Dropdown menu examples
<html> <form class="form-download gap-from-top" action="/download/" method="get"> <fieldset> <input type="hidden" name="version" value="9.1" /> <label for="input-operating-system">Choose your operating system</label> <select id="input-operating-system" name="architecture"> <option value="Windows" selected="selected">Windows</option> <option value="Linux">Linux</option> <option value="Mac">Mac</option> </select> </fieldset> <div> <button type="submit">Next</button> </div> </form> </html>
Whonix can run on top of various target platforms such as VirtualBox, KVM, Qemu, Qubes, VMware or with no virtualizer.
<html> <form class="form-download gap-from-top" action="/download/" method="get"> <fieldset> <input type="hidden" name="version" value="9.1" /> <label for="input-operating-system">Choose your target platform</label> <select id="input-operating-system" name="architecture"> <option value="Windows" selected="selected">VirtualBox [status: stable] [usability: easiest]</option> <option value="Linux">KVM [status: testers-only] [usability: medium]</option> <option value="Mac">Qubes [status: testes-only] [usability: harder]</option> <option value="Mac">VMware [status: unmaintained] [usability: easy]</option> <option value="Mac">no virtualizer (physical isolation, bare metal) [status: stable] [usability: harder]</option> </select> </fieldset> <div> <button type="submit">Download</button> </div> </form> </html>
Expand Button Examples
Interested in safer download options? Click on expand on the right side.
Unfortunately, safer download options are more complicated, but well worth the effort. [...]
Torrent, sha512 hash files, etc. [...]
- Related forum discussion about this topic.
- Secure downloader. Stub downloader. Small tool that could be served from whonix.org over https, that could download and install the bigger files from elsewhere without https and do the verification. -> Dev/SecureDownloader -> Probably not. The Tor Project failed to implement such as tool (Thandy). And it is a different topic.
- Other Download Related Topics
- Tails Installation Assistant
- or at least very hard without Whonix, which is what they want to download in the first place
https | (forcing) onion
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.