Dev/Torified Wi-Fi Hotspot
< Dev
Jump to navigation
Jump to search
Reputational Considerations[edit]
- For now Whonix ™ has a simple design and great reputation. At time of writing, no clearnet IP leak found ever. See Whonix ™ Protection against Real World Attacks.
- If that gets mixed with android-anyting, the quality if leak protection could be lower due to issues causes on the Android, not Whonix ™ side.
Torified WiFi Hotspot[edit]
Even if a WiFi USB stick was added to Whonix-Workstation ™... Possible causes for clearnet leaks on the Android side:
- The WiFi could go off / out of range. Then the device might jump to an untorified open WiFi.
- Users might turn off WiFi off while forgetting to keep mobile network (clearnet) turned off.
- madaidan:
The mobile device wouldn't be isolated from local networks though. Nothing stops it from bruteforcing your neighbour's WiFi and deanonymizing you that way. Unlike in a Whonix ™ workstation VM, where it can't access those.
- Adding all the security challenges of WiFi.
- A 1) insecure WiFi + TLS is less of a problem than 2) insecure WiFi connection to Whonix-Gateway which would be even more of an issue. 1) could still be OK because TLS secures the contents of the connection. But 2) could be used to de-anonymize the user.
- Using a stock android device once non-anonymously, then routing all traffic over Tor would not be as anonymous as expected due to TransparentProxyLeaks
.
- TransparentProxyLeaks are not an issue in the usual Whonix ™, Whonix-Gateway ™ + Whonix-Workstation ™ design. Mixing Whonix-Gateway ™ with stock android gives the developers of Whonix ™ a lot less design abilities. Similar to using Whonix ™ with other operating systems, Whonix-Custom-Workstation ™, see security comparison.
forum discussion:
https://forums.whonix.org/t/whonix-gateway-whonix-workstation-torified-wi-fi-hotspot/4751
Using VPN[edit]
A VPN tunnel from Android to Whonix-Gateway or Whonix-Workstation ™.
Many Android phones do not have a fail closed mechanism. When the VPN connection gets interrupted, device continues to connect without VPN.