Actions

FAQ

From Whonix

(Redirected from FAQ2)

Update Notice[edit]

June 2019: This FAQ is currently being rebooted -- most of the existing entries were outdated and rarely raised in user forums seven years after Whonix's founding. All the previous contents were moved to more appropriate places in the existing documentation. It is possible to find those entries with the Whonix wiki internal search or via an internet search engine. The old version of the FAQ can still be found here. As contemporary, frequently asked questions are identified, they will be added here.

Keyservers[edit]

Why aren't the SKS Keyserver Wiki Steps always Functional?[edit]

The SKS keyserver network has recently come under attack after a critical vulnerability was discovered which allows certificates to be spammed using a flaw in the OpenPGP protocol itself. Future releases of OpenPGP software will likely mitigate this flaw, but high profile contributors to the protocol suggest that data should not be retrieved form the network at present if possible. For more details, see here. [1] [2]

Tor Browser[edit]

Does Whonix Change Default Tor Browser Settings?[edit]

Tor Browser changes implemented by Tor developers are sometimes mistakenly attributed to Whonix developers: [3] [4]

I've been looking for how to fix some bad default settings in the whonix tor browser. Namely, they removed NoScript from the toolbar, so that the NoScript cannot be used as intended.

As noted in the Whonix Tor Browser Differences entry, Whonix does not:

  • change Tor Browser's internal updater checking mechanism;
  • change or remove proxy settings by default; or
  • modify Tor Browser's startup script, default settings and so on.

In fact, the NoScript URL bar change was a conscious decision by Tor developers which became part of a recent release: [5] [6] [7] [8]

boklm said:

NoScript and HTTPS Everywhere are still present in the URL bar if you upgraded from an older version. They are not present if you did a new install with a recent version.


boklm said:

If you want to turn off javascript, then you can change the security level. There is also nothing preventing you from adding NoScript on the toolbar even if it is not there by default.

Virtual Private Networks[edit]

Should I Set Up a VPN with Whonix?[edit]

In a word, no. There are several reasons for this position: [9]

  • It is impossible to verify a VPN provider is actually trustworthy and not logging data -- 'honeypot' providers might be ubiquitous.
    • Recent research reveals that around one-third of all popular VPN providers are owned by Chinese companies, while others are based in countries like Pakistan, with non-existent or weak privacy laws. [10] [11]
  • VPN traffic is sensitive to Deep Packet Inspection (DPI) and Website Traffic Fingerprinting, [12] so it is ineffective in hiding use of Whonix ™ and Tor from the ISP or skilled adversaries.
  • Depending on the configuration, VPN tunnels combined with Tor can worsen anonymity. For example it can lead to a permanent Tor exit relay in the network or remove Stream Isolation of different online activities.
  • Complicated and lengthy instructions can lead to mistakes and insecure tunnel configurations.
  • It is difficult to anonymously register and pay for VPN services.
  • Certain variables make it likely Whonix ™ / Tor users can be identified. This includes: the hardened network configuration fingerprint, the list of installed packages and those fetched from repositories, the amount of traffic going to one IP address daily (guard nodes), and examination of dropped (invalid) versus non-dropped packets when the firewall is probed. [13]

For documentation on how to set up a VPN with Whonix, see: Combining Tunnels with Tor.

Whonix Downloads[edit]

Where are the Separate Gateway and Workstation Download Files?[edit]

The Whonix ™ 14 release introduced unified ova / libvirt downloads. Rather than separate Whonix-Gateway ™ and Whonix-Workstation ™ ova / libvirt downloads, there is now only a single Whonix ™ ova / libvirt which includes both Whonix virtual machines. [14] [15] The Whonix split-VM design incorporating a separate Whonix-Gateway ™ and Whonix-Workstation ™ remains unchanged.

Footnotes[edit]

  1. New, experimental keyservers have been established which afford protection against this attack.
  2. The author notes the potential downsides of this attack:
    • If you fetch a poisoned certificate from the keyserver network, you will break your GnuPG installation.
    • Poisoned certificates cannot be deleted from the keyserver network.
    • The number of deliberately poisoned certificates, currently at only a few, will only rise over time.
    • We do not know whether the attackers are intent on poisoning other certificates.
    • We do not even know the scope of the damage.
  3. https://www.mail-archive.com/qubes-users@googlegroups.com/msg29899.html
  4. https://www.mail-archive.com/qubes-users@googlegroups.com/msg29573.html
  5. Tor Bug 30600: Restore NoScript control widget icon to the Tor Browser toolbar
  6. https://blog.torproject.org/comment/282733#comment-282733
  7. https://blog.torproject.org/comment/282735#comment-282735
  8. The same blog discussion confirms that moving the NoScript icon back onto the URL bar does not pose a known fingerprinting risk.
  9. https://forums.whonix.org/t/setting-up-vpn-with-whonix-is-it-a-good-idea/7568
  10. https://www.computerweekly.com/news/252466203/Top-VPNs-secretly-owned-by-Chinese-firms
  11. The implication is that traffic might be routinely examined in a high percentage of cases, despite corporate promises to the contrary.
  12. Website traffic fingerprinting is an attack where the adversary attempts to recognize the encrypted traffic patterns of specific web pages without using any other information. In the case of Tor, this attack would take place between the user and the Guard node, or at the Guard node itself.

  13. https://forums.whonix.org/t/hiding-tor-whonix-is-difficult-beyond-practicality/7408
  14. https://forums.whonix.org/t/whonix-virtualbox-14-0-1-4-4-unified-ova-downloads-point-release/6996
  15. https://forums.whonix.org/t/whonix-kvm-14-0-1-4-4-unified-tar-gz-download-point-release/7061

No user support in comments. See Support. Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.


Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.


Random News:

Bored? Want to chat with other Whonix users? Join us in IRC chat (Webchat).


https | (forcing) onion

Follow: Twitter | Facebook | gab.ai | Stay Tuned | Whonix News

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.