- 1 Update Notice
- 2 Keyservers
- 3 Tor Browser
- 4 Virtual Private Networks
- 5 Whonix Downloads
- 6 Footnotes
This FAQ has been rebooted. All the previous contents were moved to more appropriate places in the existing documentation. It is possible to find those entries with the Whonix wiki internal search or via an internet search engine. The old version of the FAQ can still be found here.
Why aren't the SKS Keyserver Wiki Steps always Functional?
The SKS keyserver network has recently come under attack after a critical vulnerability was discovered which allows certificates to be spammed using a flaw in the OpenPGP protocol itself. Future releases of OpenPGP software will likely mitigate this flaw, but high profile contributors to the protocol suggest that data should not be retrieved form the network at present if possible. For more details, see here.  
Does Whonix Change Default Tor Browser Settings?
I've been looking for how to fix some bad default settings in the whonix tor browser. Namely, they removed NoScript from the toolbar, so that the NoScript cannot be used as intended.
As noted in the Whonix Tor Browser Differences entry, Whonix does not:
- change Tor Browser's internal updater checking mechanism;
- change or remove proxy settings by default; or
- modify Tor Browser's startup script, default settings and so on.
NoScript and HTTPS Everywhere are still present in the URL bar if you upgraded from an older version. They are not present if you did a new install with a recent version.
Virtual Private Networks
Should I Set Up a VPN with Whonix?
In a word, no. There are several reasons for this position: 
- It is impossible to verify a VPN provider is actually trustworthy and not logging data -- 'honeypot' providers might be ubiquitous.
- VPN traffic is sensitive to Deep Packet Inspection (DPI) and Website Traffic Fingerprinting,  so it is ineffective in hiding use of Whonix ™ and Tor from the ISP or skilled adversaries.
- Depending on the configuration, VPN tunnels combined with Tor can worsen anonymity. For example it can lead to a permanent Tor exit relay in the network or remove Stream Isolation of different online activities.
- Complicated and lengthy instructions can lead to mistakes and insecure tunnel configurations.
- It is difficult to anonymously register and pay for VPN services.
- Certain variables make it likely Whonix ™ / Tor users can be identified. This includes: the hardened network configuration fingerprint, the list of installed packages and those fetched from repositories, the amount of traffic going to one IP address daily (guard nodes), and examination of dropped (invalid) versus non-dropped packets when the firewall is probed. 
For documentation on how to set up a VPN with Whonix, see: Combining Tunnels with Tor.
Where are the Separate Gateway and Workstation Download Files?
The Whonix ™ 14 release introduced unified ova / libvirt downloads. Rather than separate Whonix-Gateway ™ and Whonix-Workstation ™ ova / libvirt downloads, there is now only a single Whonix ™ ova / libvirt which includes both Whonix virtual machines.   The Whonix split-VM design incorporating a separate Whonix-Gateway ™ and Whonix-Workstation ™ remains unchanged.
- New, experimental keyservers have been established which afford protection against this attack.
- The author notes the potential downsides of this attack:
- If you fetch a poisoned certificate from the keyserver network, you will break your GnuPG installation.
- Poisoned certificates cannot be deleted from the keyserver network.
- The number of deliberately poisoned certificates, currently at only a few, will only rise over time.
- We do not know whether the attackers are intent on poisoning other certificates.
- We do not even know the scope of the damage.
- Tor Bug 30600: Restore NoScript control widget icon to the Tor Browser toolbar
- The same blog discussion confirms that moving the NoScript icon back onto the URL bar does not pose a known fingerprinting risk.
- The implication is that traffic might be routinely examined in a high percentage of cases, despite corporate promises to the contrary.
Website traffic fingerprinting is an attack where the adversary attempts to recognize the encrypted traffic patterns of specific web pages without using any other information. In the case of Tor, this attack would take place between the user and the Guard node, or at the Guard node itself.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)