|This page is out of date. Ignore it for now.|
There is no digital security like 0 or 1 or insecure or secure. The message of this page is, the more inconvenience one is willing to take and the more time one invests, the more security one can gain.
Just downloading the images in the clear without any verification is the least safe method. On the other hand, how insecure is it? There is for example gpg4win, Firefox Portable and so on. There is no SSL available when downloading those software projects. If you compare how often software gets downloaded and how few times the accompanying signatures are downloaded, very few people do care. Yet, reports of downloads which got compromised by a man-in-the-middle attack (for any project) happen seldom.
Sourceforge.net does not support SSL for downloads.
Viewing the sourceforge download page while logged into sourceforge.net you can see the MD5 and SHA1 hash (provided by sourceforge.net, not Whonix developers) after clicking the i button (View details).
Comparing the hash sums from the SSL protected page and verifying (comparing them) with what was downloaded is safer than no verification at all.
OpenPGP verification (as noted on the Download page) is much more safe and highly recommended.
Building Whonix from source code is the most secure option to obtain Whonix. (Many bonus points for auditing the source code before using it.)
Related Wiki Pages
Of course, providing downloadable images over SSL and/or a hidden service hosted by Whonix developers in a physically owned and protected place would be safer. Practically it is difficult to provide SSL protected downloads at all. Many important software projects can only be downloaded in the clear, such as Ubuntu, Debian, Tails, Qubes OS, etc. This is because someone has to pay the bill and SSL (encryption) makes it more expensive. At the moment we don't have any mirror supporting SSL. We're looking for SSL supported mirrors to share the load.
The SSL CA system being flawed in the first place is another story (see SSL).
Having SSL supported mirrors may seem like an oxymoron. The common practice is to say, that mirrors are not to be trusted. Even if the mirror owners were trusted persons, it is still an open question how good their server security is. And even if their server security is good, mirrors are generally also hosted in hosting companies and we can't trust those. However, not all adversaries have all available capabilities. Not all adversaries capable of mounting a man-in-the-middle attack are capable of breaking server security or forcing the hosting company to turn over the keys etc. Users not caring to use verification are still better off downloading from a SSL supported mirror, that works against less sophisticated adversaries. In numbers, this results in fewer users potentially ending up with maliciously altered downloads, so we think this is worth going for.
It would also be safer if the download server would be under full control of the developers and not under control of a big company (hosting provider). But that's not how things work today. Self-hosting is very expensive. (Requires fast internet connection, home user contracts won't be fast enough, many servers, electricity power and physical security (officers).) Even the servers of The Tor Project are not hosted in some developer's home.
Activist, anarchist and a bit of a dreamer.
Mirror & Keys: http://bbbbbb6qtmqg65g6.onion
PGP Keys: key.thecthulhu.com
Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983
Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0
XMPP: thecthulhu at jabber.ccc.de
XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966
Impressum | Datenschutz | Haftungsausschluss
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.