Actions

Protocol Leak Protection and Fingerprinting Protection‎

From Whonix



Introduction[edit]

Whonix ™ cannot do the impossible and magically prevent every kind of protocol leak [archive] and identifier disclosure:

Tor provides only anonymity for DNS and the transmission of the TCP stream. Everything inside the stream, the application protocol, needs to be scrubbed. For example, if the application uses advanced techniques to determine your real external IP and sends it over the anonymized TCP stream, then what you wanted to hide, your real external IP, isn't hidden.

...

Many applications can also leak other problematic and/or sensitive data, such as:

  • Your real external non-Tor IP address, as described above
  • Your time zone (for example: IRC clients through CTCP)
  • Your user name (for example: ssh through login)
  • The name and version of the client or server you are using (for example: Apache web server leaks software name and version number; IRC clients leak client name and client version number through CTCP)
  • ​Metadata can be a risk. Click ​MAT and read 'What is a metadata?' and 'Why metadata can be a risk for your privacy?'
  • Depending on your Mode Of Anonymity you obviously shouldn't mix your use of protected (anonymous) applications with applications not passing through the Tor network or some other form of anonymity. For example, if a login name or password of yours can be traced back to your personal identity, then you are defeating the purpose entirely. Tor can not protect you from this kind of activity
  • Even sending the contents of your RAM can be dangerous. (For example: error reporting, leading to Transparent Proxy Leaks)
  • A lot of information which the application sends on request from a server (for example: most web browsers beside the Tor Browser)
  • Hardware serial numbers might be used for fingerprinting and in the worst case scenario, lead back to you.
  • License keys of non-freedom software is often transmitted and might lead back to you.

Despite the many risks, Whonix ™ is designed to offer multiple layers of defense for the best possible protection against inadvertent deanonymization.

Whonix Advantages[edit]

Protection Against Serious Leaks[edit]

Whonix ™ protects against the most dangerous leak categories outlined below, which would otherwise divulge the user's real identity (remotely or directly):

  • The real, external, non-Tor IP address is hidden due to the fundamental Whonix ™ design, use of an isolated proxy, and the Whonix ™ firewall. [1]
  • The same applies for DNS[1] requests; they are safe. [2]

Numerous Default Applications are Pre-configured Against Leaks[edit]

Developers have taken care to prevent common applications from leaking information that could identify users, including:

  • Stream Isolation: Configuring applications to use their own SocksPort, thus preventing Identity correlation through circuit sharing.
  • Browser fingerprinting: Whonix ™ includes Tor Browser by default. The browser fingerprint is as good (or bad) as using the normal Tor Browser bundle from torproject.org
  • GPG: /home/user/gpg.conf is optimized for privacy; see footnote. [3]
  • HexChat: Secure defaults are utilized as per TorifyHOWTO/HexChat [archive] (on github [archive]). The identity can be reset using xchat-reset (on github [archive]) as documented on the HexChat page.
  • ssh: Without Whonix ™, the syntax for ssh is user@hostname [...]. However, if a specific user is not nominated before @hostname, the operating system user name will be utilized instead. If that value is something identifiable, then anonymity is broken. Since Whonix ™ defaults the user name to user, in the worst case only the username user can be leaked, which is harmless. [4] [5]

Many protocol leaks are already documented, see: Documentation and TorifyHOWTO [archive] for further information.

Identifiers[edit]

In addition to protocol leaks, there are also a range of identifiers that can be used for fingerprinting by adversaries in order to narrow down the list of potential suspects (for example, the time zone), or even for complete deanonymization (for example, if the user name was set to John Doe). Major and minor identifiers are described below.

Major Identifiers[edit]

Table: Major Identifiers

Category Description
Color depth The default color depth is 24-bit for all Whonix ™ users. [6] [7]
Desktop Resolution The desktop resolution was formerly set to 1024x768 for all Whonix ™ users, with the (virtual) refresh rate set to 60. [8]
Fonts All Whonix ™ users have the same list of fonts installed. [9] [10] [11]
Hostname The hostname is set to host. [12]
Internal (virtual LAN) IP address
Long host name (FQDN) The long host name (FQDN) is set to host.localdomain [14]
MAC address The MAC address [archive] is different from the host. [15] [16] [17]
Operating system updates Operating system (apt-get) updates are routed through their own circuit (Stream Isolation) to prevent accidental leakage of software packages and versions (if any custom software is installed) which could then be correlated with other anonymous activity. Also see: Software updaters [archive] and Software installation Whonix-Workstation ™.
RAM In the worst case scenario, if RAM contents are leaked -- such as error reporting software phoning home, RAM dump if infected with malware, or Transparent Proxy Leaks [archive]) -- this would "only" contain the RAM of the Whonix-Workstation ™. All non-anonymous material on the host remains safe.
Time
  • Whonix-Workstation ™, Whonix-Gateway ™ and the host time are all different from each other.
  • Time zone (local time) is set to UTC. [18]
  • The hardware clock is set to UTC.
  • See Whonix ™ Time Synchronization Mechanism for further information.
User name The user name is set to user.

Minor Identifiers[edit]

These identifiers are less important because an adversary can only collect them if the user installed malicious software (for example, some copyright enforcement and anti-cheat tools collect them), or if the adversary achieves remote access by compromising a user or in some cases the root account.

Table: Minor Identifiers

Qubes Virtualbox KVM
Hidden hardware serial numbers [19] [20] Yes Yes Yes
Hidden CPU model and capabilities No No [21] No [22] [23] [24]
Safe RAM assignment Dynamically assigned Yes, fixed Yes, fixed
Hidden sensor information [25] [26] [27] Yes Yes Yes
Hidden battery information [28] Yes No Yes
Hidden BIOS DMI information [29] Yes Yes Yes
Hidden virtual BIOS DMI information and Virtual HDD and CD serial numbers [29] [30] Yes, only virtual ones Yes, only virtual ones Yes, only virtual ones
Hidden VM UUID [31] [32] Yes Yes Yes
Hidden SLIC table [archive] [33] Yes, not implemented Yes, empty by default Yes, not present
HDD UUIDs are different from the host [34] Yes Yes Yes
CD-ROM UUID is identical for all Whonix ™ users [35] Yes Yes Yes
Identical software packages [36] Differs from Non-Qubes-Whonix ™ Differs from Qubes-Whonix ™ Differs from Qubes-Whonix ™
Hidden disk UUIDs [37] Yes Yes Yes
Hidden EDID [archive] [38] Yes [39] Yes [40] [41] Yes [42]

Metadata[edit]

See Metadata.

CPU Output Tests[edit]

TNT_BOM_BOM generated /proc/cpuinfo output which was posted to the Whonix ™ forums [archive] and copied here.

cpu test 1:- (before VBoxManage modifyvm Whonix-Workstation ™ --cpuidremoveall)[edit]

>  
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 37
model name      : Intel(R) Core(TM) i5 CPU       M 580  @ 2.67GHz
stepping        : 5
microcode       : 0x616
cpu MHz         : 2659.899
cache size      : 3072 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc xtopology nonstop_tsc pni monitor lahf_lm
bogomips        : 5319.79
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

cpu test 2 (after VBoxManage modifyvm Whonix-Workstation ™ --cpuidremoveall + shutdown the WS)[edit]

>  
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 37
model name      : Intel(R) Core(TM) i5 CPU       M 580  @ 2.67GHz
stepping        : 5
microcode       : 0x616
cpu MHz         : 2660.690
cache size      : 3072 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc xtopology nonstop_tsc pni monitor lahf_lm
bogomips        : 5321.38
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

KVM Whonix-Workstation ™ 12 /proc/cpuinfo[edit]

> processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.1.2
stepping        : 3
microcode       : 0x1
cpu MHz         : 2659.914
cache size      : 4096 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 4
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm
bogomips        : 5319.82
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

> processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.1.2
stepping        : 3
microcode       : 0x1
cpu MHz         : 2659.914
cache size      : 4096 KB
physical id     : 1
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 1
initial apicid  : 1
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 4
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm
bogomips        : 1945.60
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

KVM Whonix-Workstation ™ 13 /proc/cpuinfo[edit]

> processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cache size : 4096 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm
bogomips : 1185.79
clflush size : 32
cache_alignment : 32
address sizes : 40 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cache size : 4096 KB
physical id : 1
siblings : 1
core id : 0
cpu cores : 1
apicid : 1
initial apicid : 1
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm
bogomips : 1173.50
clflush size : 32
cache_alignment : 32
address sizes : 40 bits physical, 48 bits virtual
power management:

from whonix 12 WS - qubes Q3 "cat /proc/cpuinfo" (**different PC**)[edit]

> processor    : 0
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 1
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 2
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 3
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 4
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 5
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 6
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 7
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

KVM vs Qubes[edit]

KVM[edit]

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.1.2
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm

Qubes[edit]

processor    : 0
vendor_id    : GenuineIntel
cpu family   : 6
model        : 60
model name   : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt

get-edid output[edit]

EDID[edit]

sudo apt-get install read-edid

sudo get-edid ; echo $?

Qubes[edit]

This is read-edid version 3.0.1. Prepare for some fun.
Attempting to use i2c interface
Looks like no busses have an EDID. Sorry!
Attempting to use the classical VBE interface

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0
        Function unsupported
        Call failed

        VBE version 0
        VBE string at 0x0 "O"

VBE/DDC service about to be called
        Report DDC capabilities

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0                                                                                                                                      
        Function unsupported                                                                                                                                                        
        Call failed                                                                                                                                                                 
                                                                                                                                                                                    
Reading next EDID block                                                                                                                                                             
                                                                                                                                                                                    
VBE/DDC service about to be called                                                                                                                                                  
        Read EDID                                                                                                                                                                   
                                                                                                                                                                                    
        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0
        Function unsupported
        Call failed

The EDID data should not be trusted as the VBE call failed
Error: output block unchanged
I'm sorry nothing was successful. Maybe try some other arguments
if you played with them, or send an email to Matthew Kern <pyrophobicman@gmail.com>.
1

VirtualBox[edit]

get-edid: get-edid version 2.0.0

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0
        Function supported
        Call successful

        VBE version 200
        VBE string at 0xc7f10 "VirtualBox VBE BIOS http://www.virtualbox.org/"

VBE/DDC service about to be called
        Report DDC capabilities

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0
        Function unsupported
        Call failed

Reading next EDID block

VBE/DDC service about to be called
        Read EDID

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0
        Function unsupported
        Call failed

The EDID data should not be trusted as the VBE call failed
Error: output block unchanged
1

KVM[edit]

get-edid: get-edid version 2.0.0                                                                                                               
                                                                                                                                               
        Performing real mode VBE call                                                                                                          
        Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0                                                                                                 
halt_sys: file ��y�*+, line -1216758308                                                                                                        
        Function unsupported
        Call successful

        VBE version 300
        VBE string at 0xc4f55 "SeaBIOS VBE(C) 2011"

VBE/DDC service about to be called
        Report DDC capabilities

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0
halt_sys: file ��y�*+, line -1216720908
        Function unsupported
        Call successful

Reading next EDID block

VBE/DDC service about to be called
        Read EDID

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0
halt_sys: file ��y�*+, line -1216720908
        Function unsupported
        Call successful

The EDID data should not be trusted as the VBE call failed
Error: output block unchanged
1

Footnotes[edit]

  1. 1.0 1.1 This does not cover application vulnerabilities and exploits, which escalate from the virtual machine to the host. See: Attacks. However, by design the Whonix-Workstation ™ does not know its own external non-Tor IP address.
  2. /etc/resolv.conf in Whonix-Workstation ™ is configured to use the Whonix-Gateway ™ as the DNS resolver, which is routed through Tor.
  3. Adhering to recommendations [archive] as per the torbirdy github repository [archive], which prevents leakage of the operating system version (no-emit-version) and other variables (on github [archive]).
  4. In this case it may appear that the syntax was simply copied from the manpage.
  5. The Tails OS similarly sets the username to amnesia, which is a default value not set by the user and therefore safe.
  6. To check the color depth run the following command in console.
    xdpyinfo | grep "of root"
    
  7. Do not rely on https://ip-check.info [archive] or similar websites to check the desktop resolution and color depth, because Tor Button changes these values to improve anonymity; refer to the TorButton specification and Tor trac for further details. In order to check the list of installed fonts, run.
    fc-list
    
  8. To check the desktop resolution and refresh rate, run the following command in console.
    xrandr
    
  9. So long as the user or any additional software packages do not install further packages.
  10. Only three common fonts (monospace, serif, times new roman) can be detected for all Tor Browser users.
  11. Robert Ransom previously suggested Whonix ™ should share the same list of fonts as Tails if possible. Since Tor Browser no longer leaks which fonts are installed, lead Whonix ™ developer Patrick Schleizer does not see any advantage of this action (follow-up enquiry ignored).
  12. To check the hostname, run.
    host
    
  13. To check the internal (virtual LAN) IP address, run.
    sudo ifconfig
    
  14. To check the long host name, run.
    hostname --fqdn
    
  15. To check Whonix-Workstation ™'s MAC address, run.
    sudo ifconfig | grep HWaddr
    

    Inside Whonix-Workstation ™ and then compare it with the host.

  16. Disadvantages of shared MAC Addresses:
    • Multiple Whonix-Workstation ™ cannot use the Internet at the same time if they are using the same MAC address. It leads to confusing connection interruptions in either of the virtual machines.
    • There are minimal advantages of sharing MAC addresses among all Whonix ™ versions. (That would be useful in the event an application leaks the MAC address or if Whonix-Workstation ™ was compromised.)
    • The project contributors need to explain and defend the design, which takes a lot of time for little gain. (Again, it is important not to expose the host's real MAC address, but so long as the one inside the virtual machine is different, everything is in an acceptable state.)
  17. Advantages of shared MAC addresses:
  18. To check the time zone, run.
    cat /etc/timezone
    
  19. Hardware serial numbers which any applications could collect are hidden due to the Virtual Machine.
  20. It is possible to check the visible hardware yourself with the following commands.
    sudo apt-get update
    sudo apt-get install lshw
    
    sudo lshw
    

    and

    sudo lspci
    

    If USB devices are attached, run.

    sudo apt-get install usbutils
    sudo lsusb
    

    Then compare the results with your host.

  21. These were hidden by VirtualBox "Synthetic CPU" in the past but that feature was removed from VirtualBox. (Even then the clock speed of your host CPU was visible to all code (applications or malware) inside Whonix-Workstation ™.) The parameters --cpuid-portability-level or --cpuidremoveall have been tested and do not hide it either. [archive]
  22. https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/403 [archive]
  23. https://phabricator.whonix.org/T449 [archive]
  24. This is due to the design of virtualization platforms (VirtualBox, VMware, etc.). Most virtualization platforms leak CPU model, capabilities and clock speed. Check.
    cat /proc/cpuinfo
    

    If that is a still problem for you another workaround could be to use an emulator, such as QEMU (port available, documented, see QEMU) or bochs [archive] (no one has created a port yet, undocumented). Unfortunately such emulators are slow and there might be other limitations. (Does Bochs support internal networking?)

  25. CPU temperature, HDD temperature, S.M.A.R.T. [archive]
  26. Fortunately virtualizers hide them from the guest VM by not implementing them.
  27. To check the sensor information, run.
    sudo apt-get install hddtemp
    
    ## Qubes
    sudo hddtemp /dev/xvda
    
    ## VirtualBox
    sudo hddtemp /dev/sda
    
    ## KVM
    sudo hddtemp /dev/vda
    

    and

    sudo apt-get install lm-sensors
    sudo sensors-detect
    
  28. To check the battery information, run.
    sudo apt-get install acpi
    
    acpi -V
    
  29. 29.0 29.1 To check the BIOS DMI information, run.
    sudo dmidecode
    
  30. To see disk ids that are in use, run.
    sudo ls -la /dev/disk/by-id/
    
    sudo ls -la /dev/disk/by-uuid/
    

    Then compare the result with the host.

  31. As in explained in VBoxManage modifyhd [archive], this value has no relation to the host by default.
  32. To check the VM UUID, run.
    sudo dmidecode
    
  33. To check the SILC table, run.
    sudo cat /sys/firmware/acpi/tables/SLIC
    

    Inside the virtualizer and on the host. On the host there may or may not be not be a SLIC table. If there is none, it cannot leak into your virtualizer. If there is one, the value will not be mirrored in VirtualBox, which is fine.

  34. To check the HDD UUID, run.
    ## Qubes
    sudo hdparm -i /dev/xvda
    
    ## VirtualBox
    sudo hdparm -i /dev/sda
    
    ## KVM
    sudo hdparm -i /dev/vda
    
  35. To check the CD-ROM UUID, run.
    udisks --show-info /dev/cdrom
    
  36. By default, all Whonix ™ users have the same set of software packages installed. However, if additional software packages are installed, this advantage is lost. See also: Software updaters [archive].
  37. Real hardware UUIDs are hidden by the virtualizer.
  38. Virtualizers routinely hide extended display identification data.
  39. See: Qubes EDID.
  40. See: VirtualBox EDID.
  41. See: KVM EDID.


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Check out the Whonix News Blog [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.