Jump to: navigation, search

Next

Random News:

Please Contribute by answering questions.

Warning[edit]

Documentation for the NEXT Whonix version! ONLY for developers! No guarantee it really makes into the next Whonix version.

ricochet[edit]

Unfinished! See also:
https://github.com/ricochet-im/ricochet/issues/30

Doesn't work yet, because Control Port Filter Proxy[1] does not support wildcards yet. Might also not work for other reasons yet.

Security implications not researched yet.

On Whonix-Gateway, Control Port Filter Proxy needs some adjustments.

Create a file /etc/cpfpy.d/50_ricochet.

kdesudo kwrite /etc/cpfpy.d/50_torsion

Add the following content.

## Keep existing contents of variable CONTROL_PORT_FILTER_WHITELIST
## and extend it with control port commands required by torsion as per:
## "Documentation request for Whonix setup"
## https://github.com/special/torsion/issues/30
CONTROL_PORT_FILTER_WHITELIST=GETINFO status/circuit-established,SETCONF HiddenServiceDir,SETCONF HiddenServicePort,SETEVENTS STATUS_CLIENT

Restart Control Port Filter Proxy.

sudo service control-port-filter-python restart

onionshare[edit]

Unfinished! Work in progress! See also:

Security implications not researched yet.

On Whonix-Gateway, Control Port Filter Proxy[2] needs some adjustments.

Create a file /etc/cpfpy.d/50_onionshare.

kdesudo kwrite /etc/cpfpy.d/50_onionshare

Add the following content.

## Keep existing contents of variable CONTROL_PORT_FILTER_WHITELIST
## and extend it with control port commands required by onionshare as per:
## https://github.com/micahflee/onionshare/blob/master/onionshare/onionshare.py
CONTROL_PORT_FILTER_WHITELIST=PROTOCOLINFO 1,SETCONF HiddenServiceDir,SETCONF HiddenServicePort

Restart Control Port Filter Proxy.

sudo service control-port-filter-python restart

whonixcheck SSL Certificate Pinning[edit]

How[edit]

UNFINISHED! See: https://github.com/Whonix/Whonix/issues/24

Advanced users only!

In Whonix-Gateway and Whonix-Workstation.

You need torbrowser-launcher installed. [3] Currently only available from wheezy-backports.

To enable this on a by case base, use the --pin-tpo-cert command line option. Example.

whonixcheck --pin-tpo-cert

Or to permanently enable this.

Create a file /etc/whonix.d/50_user.

sudo nano /etc/whonix.d/50_user

Add.

PIN_TPO_CERT="true"

Footnotes[edit]

  1. Dev/CPFP
  2. Dev/CPFP
  3. Because torbrowser-launcher ships The Tor Projects SSL certificate


Log in | OpenID | Contact | Impressum | Datenschutz | Haftungsausschluss | Investors | Donate

https | Mirror | Mirror | Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.