Install Additional Software Safely
From Whonix
Easy[edit]
Introduction[edit]
Qubes-Whonix ™ users need to install and update persistant software [archive] in the Whonix-Workstation ™ TemplateVM(s) (
whonix-ws-15
).
Using apt-get in the a TemplateBased AppVM (anon-whonix
) will only install software for the current session, with changes being lost when the VM is shut down; see Install Software in a TemplateBasedVM.
A primary Whonix ™ goal is to greatly reduce the risk posed by (additional) software installations that are not exclusively designed to work with Tor.
Users can install any software inside Whonix-Workstation ™ using apt-get, since it is based on Debian. However, this is not a recommendation for installing additional software.
Whonix ™ is currently the most secure platform for running Tor-unsafe applications like Adobe Flash; see the operating system comparison.
The Whonix ™ software page lists:
- Pre-installed Whonix ™ applications which are available for different tasks.
- Recommended software for different user activities.
- Safety advice.
- Installation instructions.
Install from Debian stable[edit]
To install a package from Debian stable, follow the steps below. Replace package-name
with the name of the software you want to install.
Install package-name
.
1. Update the package lists.
sudo apt-get update
2. Upgrade the system.
sudo apt-get dist-upgrade
3. Install the package-name
package.
Using apt-get
command line parameter --no-install-recommends
is in most cases optional.
sudo apt-get install --no-install-recommends package-name
The procedure of installing package-name
is complete.
There are numerous examples of this procedure in the Software chapter and throughout the wiki.
Best Practices[edit]
Table: Best Software Installation Practices
Domain | Advice |
---|---|
Prefer APT | |
Avoid Third Party Package Managers |
|
Avoid Manual Software Installation |
|
Always Verify Signatures |
|
Prefer Packages from Debian Stable Repository |
|
More Security[edit]
General Advice[edit]
Whonix ™ users are free to install their favorite software packages, but should be aware that additional software increases the attack surface [archive] of the platform. Almost any application can be installed, with a few exceptions for programs that are impossible to torify [archive]. In addition, Whonix ™ provides:
- Protection from IP and DNS leaks (see above for details).
- Partial protection against protocol leaks and fingerprinting, but this is far from perfect.
Users are responsible for trying to prevent any other protocol leaks [archive] using the "Torify: How-to" guide [archive], but most of those are mitigated by Whonix ™.
apt-get Meta-data[edit]
When updating with apt-get
, information will leak about which software packages and versions have been installed, unless Tor onion repositories have been configured. [7] This meta-data cannot be directly linked to any other activity like web browsing, because the Whonix ™ apt-get uwt wrapper forces it to pass through its own circuit. Despite this isolation, it is still possible for updates to be correlated with the same pseudonym. [8] [9]
Recommendations[edit]
For greater security when updating:
- Follow the guidelines below.
- Be especially careful when adding custom repositories, particularly Personal Package Archives (PPAs). Single developers are more easily pressured and/or likely to have malicious intent than the main distribution repositories.
- Read the protocol leak and fingerprinting protection entry first. It highlights useful information, like the fact that DNS and IP-related leaks do not apply to Whonix ™.
- Refer to the Tor Project's Torify: How-to [archive] which discusses various protocol leaks [archive] and how to mitigate them.
- Review the Tor Project's Transparent Proxy Leaks [archive] documentation, which is particularly relevant for Microsoft Windows.
How-to: Install or Update with Utmost Caution[edit]
- Stop all activities and shutdown any open applications like Tor Browser.
- Change the Tor circuit (this step may not apply if the user is running an onion service). [10]
- Update using apt-get after a random delay. By default, a new Tor circuit is generated after 10 seconds.
- Change the Tor circuit again.
- Continue user activities after another random period has elapsed.
Whonix-Workstation ™ is Firewalled[edit]
Note: This section is for users interested in server software or other advanced / uncommon applications.
The Whonix-Gateway ™ firewall [11] has several effects upon the Whonix-Workstation ™:
- Incoming connections are not supported.
- If programs make outgoing connections, then incoming connections are accepted for web browsing, IRC, or other relevant applications.
- Server ports ("open ports") are blocked.
- The Ident Protocol / web server listening port is not reachable, unless it is explicitly configured.
- Onion Services can be hosted.
- Standard DNS requests on UDP port 53 are redirected to Tor's DnsPort. [12]
Also note:
- Tor does not support UDP. This is not a Whonix ™-specific issue.
- Tor only partially supports IPv6 [archive], although full implementation is likely in the near term. [13] This is not a Whonix ™-specific issue. [14]
- All traffic originating from Whonix-Workstation ™ and Whonix-Gateway ™ is routed over Tor. [15] [16] [17] [18] Users should read the footnotes on the left-hand side.
The firewall on the Whonix-Gateway ™ is very restrictive. It can be made even more restrictive by activating #OptionalFeatureNr.3# within the firewall script. It is possible to limit which outgoing ports are redirected to Tor's TransPort. Depending on what the user is trying to achieve, it could also be useful to remove all SocksPorts.
Related:
Advanced[edit]
Install Newer Software Versions[edit]
Prerequisite knowledge: From page Operating System Software and Updates chapter Frozen Packages.
It might be possible to install newer software versions for some applications.
One option, if available are backports. Another option might be manual software installation.
For some applications such as Electrum or Monero where the user intents to use newer versions it is a better approach to not conceptualize about the process of being an "application update" but rather "application installation".
A Debian package for a large part is just a vehicle to place files into some location. For example the binaries-freedom
Debian package [archive] in Whonix ™ ships electrum. It comes with the appimage file (/usr/share/binaries-freedom/electrum-appimage/electrum-4.0.7-x86_64.AppImage
) and a start menu entry (/usr/share/applications/electrum-appimage.desktop
). The presence of these files does not limit the ability of the user to customize the system such as installing newer versions of the software. The user is free to ignore these files. I.e. not use the electrum-appimage start menu entry. The purpose of the binaries-freedom
package is to improve usability. It was never designed to limit the user's freedom of customization and neither has such side effects. As per Whonix ™ policy there are No Intentional User Freedom Restrictions. This concept could be coined "ignore Whonix modifications method".
Another way to think of this could be:
- uninstall
binaries-freedom
(electrum appimage) - install electrum appimage
How to install custom software? For better security, follow the recommendations on this whole page generally. As for actual instructions for custom software installation, this vary per application. This is mostly unspecific to Whonix ™. Therefore installation is recommended as per Free Support Principle.
If if the user is a user of Qubes-Whonix ™ then it is additionally recommended to rephrase the question to "How would I do this with a Debian based Qubes template?" Also as per Free Support Principle.
Backports[edit]
Backports are packages taken from the next Debian release (called "testing"), adjusted and recompiled for usage on Debian stable.
is a far safer alternative than the Debian testing or unstable repositories. However, Debian backports should be used conservatively.
Backports cannot be tested as extensively as Debian stable, and backports are provided on an as-is basis, with risk of incompatibilities with other components in Debian stable. Use with care!
package-name
can be installed from Debian backports. This is non-ideal, see footnote. [19]
1. Boot Whonix-Workstation ™ (whonix-ws-15
) TemplateVM.
2. Add the current Debian stable backports codename buster-backports
to Debian apt sources.
Note: this applies to Whonix 15.0.1.5.4. Later Whonix versions may use a codename different to buster
.
In Whonix-Workstation ™ (whonix-ws-15
) TemplateVM, run.
sudo su -c "echo -e 'deb tor+https://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/backports.list"
Alternatively, users who like Onionizing Repositories can set the .onion mirror.
sudo su -c "echo -e 'deb tor+http://vwakviie2ienjx6t.onion/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/backports.list"
3. Update the package lists.
sudo apt-get update
4. Install the select software.
sudo apt-get -t buster-backports install package-name
The procedure is now complete.
5. Undo.
On occasion it is necessary to undo this configuration, for example when upgrading from Debian buster
to bullseye
. [20] To proceed, run.
sudo rm /etc/apt/sources.list.d/backports.list
Install from Debian Testing[edit]
Mixing packages from Debian
stable
with those from a later release like testing
can destabilize the system due to associated software dependencies required for full functionality.
Before completing steps in this section, first read Prefer Packages from Debian Stable Repository. Carefully check how packages will change before proceeding -- a host of upgrades is usually safe, but no Whonix ™ packages should be removed as part of the process; see Whonix Debian Packages. Be aware that problems are still possible - see here [archive] for an example.
It is recommended to complete this process in a separate Whonix-Workstation ™ (whonix-ws-15-debian-testing-mix
) due to the risks. Ask for advice in the forums on a case-by-case basis.
1. Boot the Whonix-Workstation ™ (whonix-ws-15-debian-testing-mix
) TemplateVM.
2. Add the current Debian testing codename bullseye
to sources.list
Note: this applies to Whonix ™ 14. Later Whonix ™ versions may use a codename different to bullseye
.
In the Whonix-Workstation ™ (whonix-ws-15-debian-testing-mix
) TemplateVM, run.
sudo su -c "echo -e 'deb http://http.debian.net/debian bullseye main' > /etc/apt/sources.list.d/testing.list"
Or alternatively use the .onion mirror.
sudo su -c "echo -e 'deb tor+http://vwakviie2ienjx6t.onion/debian bullseye main' > /etc/apt/sources.list.d/testing.list"
3. Update the package lists.
sudo apt-get update
4. Install the select software.
sudo apt-get -t bullseye install packagename
- Replace
packagename
with the package you actually want to install.
The procedure is now complete.
5. Undo.
On occasion it is necessary to undo this configuration, for example when upgrading from Debian buster
to bullseye
. [21] To proceed, run.
sudo rm /etc/apt/sources.list.d/testing.list
Install from Debian Unstable[edit]
Managing security updates for the "stable" distribution remains the hightest priority for the Debian security team. This means security-fixes for Debian "unstable" are managed by the contributors themselves and not not by the Debian security team. Therefore, "unstable" does not receive security updates in a timely manner.[22] [23]
Before completing steps in this section, first read Prefer Packages from Debian Stable Repository.
Mixing packages from Debian stable
with those from a later release like unstable
can destabilize the system due to associated software dependencies required for full functionality. First carefully check how packages will change before proceeding. [24]
A host of upgrades is usually safe, but no Whonix ™ packages should be removed as part of the process; see Whonix Debian Packages. It is recommended to complete this process in a separate Whonix-Workstation ™ (whonix-ws-15-debian-unstable-mix
) due to the risks. Ask for advice in the forums on a case-by-case basis.
Prior to installing
package-name
[archive] from Debian unstable
read Install software from Debian unstable to understand the risks involved and circumvention options. Mixing packages from Debian stable
with later release packages like Debian unstable
can lead to instability. [25]
1. Open a terminal.
If you are using Qubes-Whonix ™, complete the following steps.
Qubes App Launcher (blue/grey "Q")
→ Whonix-Workstation ™ AppVM (commonly named anon-whonix)
→ Xfce Terminal
If you are using a graphical Whonix with XFCE, run.
Start Menu
→ Xfce Terminal
2. In Whonix-Workstation ™ (whonix-ws-15
Qubes-Whonix ™) konsole, add Debian stable codename buster
to the apt-conf
default-release.
sudo su -c "echo -e 'APT::Default-Release buster;' > /etc/apt/apt.conf.d/70defaultrelease"
3. Add the current Debian unstable codename sid
to sources.list.d.
sudo su -c "echo -e 'deb http://http.debian.net/debian sid main' > /etc/apt/sources.list.d/unstable.list"
Or alternatively use the .onion mirror.
sudo su -c "echo -e 'deb tor+http://vwakviie2ienjx6t.onion/debian sid main' > /etc/apt/sources.list.d/unstable.list"
4. Update the package lists.
sudo apt-get update
5. Install package-name from the current Debian unstable codename sid
repository.
sudo apt-get install package-name/sid
6. Undo.
On occasion it is necessary to undo this configuration, for example when upgrading from Debian buster
to bullseye
. [26] To proceed, run.
Delete Debian testing repository list.
sudo rm /etc/apt/sources.list.d/unstable.list
Delete apt Default-Release configuration.
sudo rm /etc/apt/apt.conf.d/70defaultrelease
Package Reinstallation[edit]
As per the free support principle, package reinstallation utilizes normal Debian processes.
The example below shows how the thunderbird package would be reinstalled. It is possible to substitute thunderbird with many other packages, so long as they do not have too many dependencies. These instructions are not suitable for any packages needed for connectivity such as tor, because the reinstallation would be very difficult and is currently unsupported.
Even in the thunderbird package example, dependency complications emerge. The anon-workstation-packages-recommended package also depends on thunderbird. Further, the whonix-workstation package depends on anon-workstation-packages-recommended.
1. Update the package lists and upgrade.
See Updates for instructions.
2. Purge the package you want to reinstall.
sudo apt-get purge thunderbird
The output will show something like the following.
Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: anon-workstation-packages-recommended* thunderbird* whonix-workstation* 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. After this operation, 90.8 MB disk space will be freed. Do you want to continue? [Y/n] (Reading database ... 100681 files and directories currently installed.) Removing whonix-workstation (3:2.9-1) ... Removing anon-workstation-packages-recommended (3:2.9-1) ... Removing thunderbird (38.4.0esr-1~deb8u1) ... Purging configuration files for thunderbird (38.4.0esr-1~deb8u1) ... Processing triggers for hicolor-icon-theme (0.13-1) ... Processing triggers for menu (2.1.47) ... Processing triggers for man-db (2.7.0.2-5) ... Processing triggers for desktop-file-utils (0.22-1) ... Processing triggers for qubes-core-agent (3.0.20-1+deb8u1) ... Processing triggers for mime-support (3.58) ...
The packages anon-workstation-packages-recommended and whonix-workstation have been inadvertently uninstalled due to technical limitations. [27] These packages are reinstalled at a later step.
3. Delete the user configuration folder if that is desired.
In this thunderbird example, the user configuration folder is specified below (it changes depending on the package).
rm -r ~/.thunderbird
4. Reinstall the thunderbird package and the additional packages that were purged.
The --no-install-recommends
parameter below is optional.
sudo apt-get install --no-install-recommends thunderbird anon-workstation-packages-recommended whonix-workstation
Related to: Whonix Debian Packages.
Install Software in a TemplateBasedVM[edit]
Qubes-Whonix ™ only! Custom scripting is recommended, which is beyond the scope of this entry. Numerous free articles and instructions can be easily found with a search engine.
There is no reason to avoid installing software in TemplateBasedVMs [archive], although software installed this way will not persist across reboots. Users can opt to use a custom script to automate this process, thereby minimizing time spent re-installing packages.
Advantages[edit]
This software installation method means a single VM [archive] assumes many of the positive characteristics found in both TemplateBasedVMs and StandaloneVMs [archive].
- Centralized Updates: AppVMs [archive] are based on a TemplateVM [archive]. This means the AppVM's root filesystem is based on the corresponding template's root filesystem. Users need only update the TemplateVM and those updates will be reflected in the TemplateBasedVM's root filesystem upon restart.[28]
- Minimal Disk Usage: TemplateBasedVMs require much less disk space than StandaloneVMs, since the AppVM's root filesystem is based the corresponding template. The AppVM only requires enough disk space to hold user files in the
/home
directory. - Semi-persistent Storage: User data stored in
/home
,/rw
and/usr/local
survives reboot. Many applications like Signal [archive] and Wire [archive] store user data in the/home
folder. Since the custom script installs the software seamlessly with little or no user interaction, the AppVM has "quasi-full persistence", not unlike a StandaloneVM's full persistence.
AppVM Preparation[edit]
1. Create an AppVM based on whonix-ws-15
.
2. Pre-install any necessary dependencies.
Dependencies are available from packages.debian.org [archive] and can be pre-installed in the TemplateVM to speed up the repetitive software installation process. This means only packages or software missing from packages.debian.org [archive] will be repeatedly installed in the AppVM.
3. Create a custom script that runs at VM boot.
The purpose of this script is to automate software installation that would otherwise require manual user steps. Note that script functionality is variable, dependent on the software packages being installed and the experience of the user.
Scripting is useful for common tasks such as:
- Adding specific software repositories.
- Importing verified signing keys.
- Updating the package list with
apt-get update
, after the repository and signing key are imported. - Finally running
apt-get install
to install the relevant software package(s).
AppVM Use[edit]
The AppVM's root filesystem does not provide a strong non-persistent security feature [archive]. The persistence of the
/home
, /rw
, and /usr/local
filesystem means malware can be specifically written to target Qubes-based AppVMs, inserting hooks inside these directory's files. [29] [30]
Once user preparation is complete and the AppVM is started, it will automatically start the script to begin installing software. When the process finishes, the AppVM can be used like any other TemplateBasedVM. However when the AppVM is shutdown, all data outside of the persistent /home
folder will be lost, including the newly installed software packages. Following reboot, the VM will again install the software packages automatically.
Using bind-dirs Selective Persistence[edit]
Using selective bind-dirs [archive] persistence is currently a difficult problem and undocumented. Further research is required to ascertain which files require persistence across VM reboots.
Add Application Launcher to Start Menu[edit]
1. Create folder ~/.local/share/applications
.
mkdir -p ~/.local/share/applications
2. Create a new file ~/.local/share/applications/program-name.desktop
using an editor.
mousepad ~/.local/share/applications/program-name.desktop
3. Paste the following contents.
[Desktop Entry] Type=Application Exec=/path/to/program Name=program-name Categories=Other
4. Save the file.
The procedure is now complete.
The launcher can be found here:
Start Menu
→ Other
→ program-name
snap[edit]
General forum discussion about snap: Snap Store / snaps / snapd / snapcraft.io - a new software source? [archive]
Qubes-Whonix ™ issues:
- Efforts to persistently install snap apps in Qubes-Whonix ™ via bind-dirs [archive] or with snap proxy settings have proven unsuccessful. This means it needs to be installed in a TemplateBasedVM on every occasion it is required. Efforts to improve this situation are most welcome, see: Wickr Me vs Qubes-Whonix Persistence [archive] and snap totally unusable on Qubes whonix-ws [archive].
- Qubes TemplateVMs are non-networked by Qubes default. (APT works because of Qubes' qrexec-based updates proxy.) Therefore snap does not run inside whonix-ws TemplateVM. The same would probably also happen in any other Qubes TempalteVMs such as for example in a Debian TempalteVM. As per Free Support Principle is recommend to make snap work in a non-Whonix based TemplateVM first such as a Debian TemplateVM before attempting to do the same inside Whonix ™.
flatpak[edit]
flatpak Package Manager Security[edit]
Comparison by security features [31] (such as signed metadata) alone, flatpak package manager security is comparable to Debian's APT package manager security with a caveat. Flatpak currently does not defend against indefinite freeze attacks
[archive].
Definition of indefinite freeze attacks
according to the TUF
(The Update Framework) Threat Model [archive]:
Indefinite freeze attacks. An attacker continues to present files to a software update system files that the client has already seen. As a result, the client is kept unaware of new files.
This attack is difficult to pull-off for many adversaries since it requires breaking TLS. While version information are not protected by a valid-until
field [archive] these are fetched over TLS.
To work around this issue, users would have to manually check if their version numbers of their flatpak installed applications match the version numbers available from the flathub repository. Every application available from flathub has a corresponding website has a chapter Additional information
with entries Updated
and Version
. For example for Chromium there is the org.chromium.Chromium flathub website [archive] which at the time of writing this wiki chapter showed. Updated
December 23, 2020
, Version
87.0.4280.88-1
. Since researching version information on the flathub website is equally vulnerable to indefinite freeze attacks as the flathub package manager itself (both rely on TLS), it is recommended to use Whonix ™ or Tor Browser for this purpose. [32]
Qubes OS Specific[edit]
This chapter is only of interested for users of Qubes OS. Other readers can skip this chapter.
At time of writing, applications installed using flatpak do not show up in Qubes start menu after installation. [33] To work around that, users can go to Qube settings → applications tab → press Refresh Applications
.
Forum Discussion[edit]
General forum discussion about flatpak and flathub: flathub as a source of software [archive].
Foreign Sources[edit]
In most cases, the extensive software range available from the official Debian repositories should be enough to satisfy the user's needs. A selection of more than 50,000 programs can be installed within a couple of steps. These packages are constantly maintained for bug/security fixes and tightly integrated to provide a stable distribution.
To guarantee stability, no new versions are uploaded to Debian stable archives to avoid breaking the system. This makes Debian stable a dependable distribution and an excellent base for downstream distributions. However, the Linux software scene is very dynamic and sometimes the user will want software that is not yet packaged in Debian. In this instance, it may be necessary to install software from separate sources; either from third party repositories, as a stand-alone precompiled .deb binary, or directly compiled source packages. [34]
Risks[edit]
The use of foreign sources should be kept to a minimum, as it may cause problems. Note this is simply a warning about the worst case scenario and not a predetermined outcome of installing third party software.
Security Issues[edit]
Keep in mind that foreign sources pose important security implications for the user's system. Installing software is tantamount to granting root privileges to the developers. Software originating from dubious sources could replace important system components with malicious versions that allow backdoors or Trojan horses [archive] to be installed on the system.
In general, the installation of software is a matter of trust. The fact is that users have to trust every software source they install. This trust is two-fold: firstly that the developers have integrity, and secondly that the community will notice any suspicious code, which might indicate compromise of the developers' machines. [35]
Dependency Hell[edit]
Manually installed packages can contain library versions not available in the standard repositories. This causes problems with dependency resolution when installing additional software from the official repository. Individual applications are less critical in this context, but when important system libraries in the third-party software are considered, complications are inevitable.
Depending on the severity of the complications, upgrades to the next version of the operating system might fail, or the system may become unbootable or generally unstable.
Mitigation[edit]
Users can reduce security risks and eliminate the risk of making the workstation unusable by using Multiple Whonix-Workstation ™.
GUI Applications with Root Rights[edit]
Moved to root - Graphical Applications with Root Rights.
Footnotes[edit]
- ↑ https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md [archive] http://www.webcitation.org/6F7Io2ncN [archive]
- ↑ https://www2.cs.arizona.edu/stork/packagemanagersecurity/attacks-on-package-managers.html [archive]
- ↑ https://web.archive.org/web/20170919173146/https://arstechnica.com/information-technology/2017/09/devs-unknowingly-use-malicious-modules-put-into-official-python-repository/ [archive]
- ↑ The pip developers refused to implement any kind of proper GPG signature verification, opting to support server HTTPS instead [archive] which is a lot weaker. While the TUF secure updater project has implemented a safe version of pip [archive], it is not clear how widely it has been adopted and whether it will become popular.
- ↑ Such as desirable software versions that are not yet bundled in the official repositories.
- ↑
If security or stability are at all important for you: install stable. period. This is the most preferred way.
... Since there is typically over 1 year between releases you might find that stable contains old versions of packages. However, they have been tested in and out. One can confidently say that the packages do not have any known severe bugs, security holes etc., in them. The packages in stable integrate seamlessly with other stable packages. These characteristics are very important for production servers which have to work 24 hours a day, 7 days a week. ... Stable is rock solid. It does not break and has full security support. But it might not have support for the latest hardware.
On the other hand, packages in testing or unstable can have hidden bugs, security holes etc. Moreover, some packages in testing and unstable might not be working as intended.
- ↑ See software updaters [archive] for more information on this topic.
- ↑ Consider the following example. A user announces online that software X is being utilized, and another specific application set x, y, and z is installed. If this information becomes available to an adversary and the circuit-isolated apt-get passes through any Tor exit relays, mirrors or ISPs under their control, then they may guess it is associated with the same pseudonym. In that case, the adversary has a list of the user's installed packages, and can attempt a stale mirror attack (if the user has a custom Ubuntu build), or try other attacks against apt-get.
- ↑ As per the previous footnote, this threat equally applies to users who run an onion service with a specific set of server software, for example apache, mediawiki, phpbb, and others.
- ↑ One option is using Arm: Navigate to Whonix-Gateway ™ (Qubes-Whonix ™:
sys-whonix
) and selectArm - Tor Controller
. Pressn
for a "New Identity". Alternatively, pressm
for the menu, scroll down to New Identity and pressEnter
. - ↑ The firewall is found on the Whonix-Gateway ™: /usr/bin/whonix_firewall
- ↑ If the DNS server is changed in Whonix-Workstation ™ /etc/resolv.conf, this will likely have no effect. The reason is the firewall on Whonix-Gateway ™ will redirect all those requests to Tor's DnsPort. The working exception to this rule is when users tunnel / encrypt DNS requests (DNSCrypt, httpsdnsd), as per the secondary DNS resolver instructions.
- ↑ The only missing elements at the time of writing were automatic client connections and inter-relay connections via IPv6. Bridges are fully supported. See also: IPv6 roadmap [archive].
- ↑ https://phabricator.whonix.org/T509 [archive]
- ↑ Since Whonix 0.2.1, Whonix-Gateway ™ traffic is also routed over Tor. In this way, use of Whonix is hidden from persons or systems observing the network.
- ↑ To preserve the anonymity of a user's Whonix-Workstation ™ activities, it is not necessary to torify Whonix-Gateway ™ own traffic.
- ↑
For reader interest: If DNS settings on Whonix-Gateway ™ are changed in
/etc/resolv.conf
, this only affects Whonix-Gateway ™ own DNS requests issued by applications using the system's default DNS resolver. By default, no applications issuing network traffic on Whonix-Gateway ™ use the system's default DNS resolver. All applications installed by default on Whonix-Gateway ™ that issue network traffic (apt-get, whonixcheck, sdwdate) are explicitly configured, or forced by uwt wrappers, to use their own TorSocksPort
(see Stream Isolation). - ↑
Whonix-Workstation ™ default applications are configured to use separate Tor
SocksPorts
(see Stream Isolation), thereby not using the system's default DNS resolver. Any applications in Whonix-Workstation ™ that are not configured for stream isolation - for examplenslookup
- will use the default DNS server configured in Whonix-Workstation ™ (via/etc/network/interfaces
), which is the Whonix-Gateway ™. Those DNS requests are redirected to Tor's DnsPort by Whonix-Gateway ™ firewall. Whonix-Gateway ™/etc/resolv.conf
does not affect Whonix-Workstation ™ DNS requests. - ↑ Users should Prefer Packages from Debian Stable Repository, but using backports is better than manual software installation or using third party package managers since this prefers APT. To contain the risk, Non-Qubes-Whonix ™ users might want to consider using Multiple Whonix-Workstation ™ and Qubes-Whonix ™ users might want to consider using Multiple Qubes-Whonix ™ TemplateVMs or Software Installation in a TemplateBasedVM.
- ↑ Most often this step applies before attempting major Whonix upgrades; upgrade instructions are also made available at that time (see Stay Tuned).
- ↑ Most often this step applies before attempting major Whonix ™ upgrades; upgrade instructions are also made available at that time (see Stay Tuned).
- ↑ https://www.debian.org/releases/sid/ [archive]
- ↑ https://www.debian.org/security/faq#unstable [archive]
- ↑ See: https://wiki.debian.org/DebianUnstable#What_are_some_best_practices_for_testing.2Fsid_users.3F [archive]
- ↑ It is recommended to create aMultiple Whonix-Workstation ™ to install the package due to these risks.
- ↑ Most often this step applies before attempting major Whonix upgrades; upgrade instructions are also made available at that time (see stay tuned).
- ↑ Whonix_Debian_Packages#Technical_Stuff
- ↑ Qubes install software [archive]
- ↑ https://www.qubes-os.org/doc/software-update-vm/#note-on-treating-appvms-root-filesystem-non-persistence-as-a-security-feature [archive]
- ↑ Obvious hook targets include .bashrc, the Firefox profile directory (which contains extensions), or PDF or DOC documents that are likely to be opened by the user.
- ↑ Features. Not source code.
- ↑ In theory, some adversaries are capable to mount a indefinite freeze attack against all visitors coming from the Tor network but this ever happening might be unlikely. Such an attack is likely to get spotted eventually which would lead to it being widely publicized and presumably responded to by major improvements on how encrypted/authenticated connections are done over the internet generally.
- ↑ flatpak installed applications do not show up in Qubes start menu [archive]
- ↑ https://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html [archive]
- ↑ With reproducible package builds on the horizon, the security risk from the second factor will be minimal in the future.
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.