Jump to: navigation, search

Protocol-Leak-Protection and Fingerprinting-Protection

Introduction[edit]

Whonix can not do the impossible and magically prevent all kinds of protocol leaks. However, it does offer best possible protection. It is a multi level protection always trying to prevent the worst.

Most dangerous leaks are protected[edit]

Most dangerous leaks are protected. The following ones are in the most dangerous categorical, because they would lead remotely and directly to the users real identity.

  • Your real external non-Tor IP address is covered due to the whole Whonix design, isolated proxy usage and the Whonix firewall. [1]
  • The same as above goes for DNS[1] requests, they are safe. [2]

Many Whonix default applications are already configured, not to leak[edit]

  • Configured to use their own SocksPort (Stream Isolation), thus preventing Identity correlation through circuit sharing.
  • Browser fingerprinting: Whonix Example Implementation includes Tor Browser. The browser fingerprint is as good/as bad, as if you were using the normal Tor Browser Bundle from torproject.org.
  • GPG: /home/user/gpg.conf is optimized for privacy recommended as per torbirdy github repository not to leak your operating system version (no-emit-version) and other stuff (on github).
  • HexChat: uses secure defaults as per TorifyHOWTO/HexChat (on github). Identity can be reset using xchat-reset (on github) as documented on the HexChat page.
  • ssh: Without Whonix, syntax for ssh is user@hostname [...], but if the user forgets to specific user before @hostname, the operating system user name will be used and if that is something identifiable, anonymity is broken. Since Whonix set the user name to user, in worst case, only the username user can be leaked, which is harmless. He could just have copied the syntax from the manpage. In another, similar project, Tails, the username is set to amnesia, which is also not something the user entered and therefore safe.

Many protocol leaks are documented, see Documentation and TorifyHOWTO.

Important identifiers[edit]

These are also important identifiers, because they can be used for fingerprinting, narrow down the list of suspects (for example, the time zone) or even lead to directly to deanonymization (for example, if username were set to John Doe).

  • Desktop resolution is 1024x768 for all Whonix users. (Virtual) refresh rate is set to 60. [3]
  • Color depth is the default 24 bit for all Whonix users. [4] [5]
  • All Whonix users have the same list of fonts installed. [6] [7] [8]
  • Internal (virtual LAN) IP address:
  • Time
    • Whonix-Workstation, Whonix-Gateway and the host time are all different from each other.
    • Time zone (local time) is set to UTC. [10]
    • Hardware clock is set to UTC.
    • See Whonix's Time Synchronization Mechanism for more information.
  • User name is set to user.
  • Hostname is set to host. [11]
  • Long host name (FQDN) is set to host.localdomain. [12]
  • Operating system (apt-get) updates are routed through their own circuit (Stream Isolation) to prevent accidentally leakage of your software packages and versions (if any custom software installed) which then could be correlated with other anonymous activity. See also Software updaters and Software installation Whonix-Workstation.
  • MAC address is different from the host [13] [14] [15]
  • Worst case scenario: contents of your RAM (error reporting software phoning home; RAM dump if infected with malware; Transparent Proxy Leaks) would "only" contain the RAM of your Whonix-Workstation. All your non-anonymous stuff on your Host would stay safe.

Metadata[edit]

See Metadata.

Less important identifiers[edit]

These identifiers are less important, because an adversary can only collect them, either if the user installed malicious software (for example, some copyright enforcement and anticheat tools collect them) or only if the adversary got remote access, i.e. the adversary has compromised a user or in some cases the root account.

  • Hardware serial numbers which any applications could collect are hidden due to the Virtual Machine.[16]
  • CPU model and capabilities.
    • Qubes: Not hidden.
    • VirtualBox: Not hidden. [17]
    • KVM: Hidden. [18]

[19]

  • RAM.
    • Qubes: Dynamically assigned.
    • VirtualBox / KVM: Is set to 768 MB.
  • Sensor information (cpu temperature, hdd temperature, S.M.A.R.T.): Hidden. [20] Fortunately virtualizers hide them from the guest Virtual Machine by not implementing them.
  • Battery information. [21]
    • Qubes: Hidden.
    • VirtualBox: Not hidden.
    • KVM: Hidden.
  • BIOS DMI information.
    • Qubes: Hidden.
    • VirtualBox: Hidden.
    • KVM: Hidden.

[22]

  • Virtual BIOS DMI information and Virtual HDD and CD serial numbers.
    • Qubes: Hidden. (Only virtual ones.)
    • VirtualBox: Hidden. (Only virtual ones.)
    • KVM: Hidden. (Only virtual ones.)

[22] [23]

  • VM UUID: Hidden. (As in explained in VBoxManage modifyhd has no relation to your host by default.) [24]
  • SLIC table:
    • Qubes: Hidden. (Not implemented.)
    • VirtualBox: Hidden. (Is empty by default.)
    • KVM: Hidden. (Is not present.)

[25]

  • HDD UUIDs: Different from your host. [26]
  • CD-ROM UUID: Same for all Whonix users. [27]
  • software packages: Differs for Qubes-Whonix and Non-Qubes-Whonix. And... All Whonix users have by default the same set of software packages installed. - If you install software packages yourself, you give up that advantage. See also Software updaters.
  • Disk uuids: Hidden (Real hardware uuids are hidden through the virtualizer.)
  • EDID is hidden by virtualizer.

/proc/cpuinfo output[edit]

Created by TNT_BOM_BOM in the forums, copied here.

cpu test 1:- (before VBoxManage modifyvm Whonix-Workstation --cpuidremoveall)[edit]

>  
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 37
model name      : Intel(R) Core(TM) i5 CPU       M 580  @ 2.67GHz
stepping        : 5
microcode       : 0x616
cpu MHz         : 2659.899
cache size      : 3072 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc xtopology nonstop_tsc pni monitor lahf_lm
bogomips        : 5319.79
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

cpu test 2 (after VBoxManage modifyvm Whonix-Workstation --cpuidremoveall + shutdown the WS)[edit]

>  
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 37
model name      : Intel(R) Core(TM) i5 CPU       M 580  @ 2.67GHz
stepping        : 5
microcode       : 0x616
cpu MHz         : 2660.690
cache size      : 3072 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc xtopology nonstop_tsc pni monitor lahf_lm
bogomips        : 5321.38
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

KVM Whonix-Workstation 12 /proc/cpuinfo[edit]

> processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.1.2
stepping        : 3
microcode       : 0x1
cpu MHz         : 2659.914
cache size      : 4096 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 4
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm
bogomips        : 5319.82
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

> processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.1.2
stepping        : 3
microcode       : 0x1
cpu MHz         : 2659.914
cache size      : 4096 KB
physical id     : 1
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 1
initial apicid  : 1
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 4
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm
bogomips        : 1945.60
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

KVM Whonix-Workstation 13proc/cpuinfo[edit]

> processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cache size : 4096 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm
bogomips : 1185.79
clflush size : 32
cache_alignment : 32
address sizes : 40 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cache size : 4096 KB
physical id : 1
siblings : 1
core id : 0
cpu cores : 1
apicid : 1
initial apicid : 1
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm
bogomips : 1173.50
clflush size : 32
cache_alignment : 32
address sizes : 40 bits physical, 48 bits virtual
power management:

from whonix 12 WS - qubes Q3 "cat /proc/cpuinfo" (**different PC**)[edit]

> processor    : 0
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 1
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 2
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 3
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 4
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 5
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 6
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 7
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

KVM vs Qubes[edit]

KVM

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.1.2
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm

Qubes

processor    : 0
vendor_id    : GenuineIntel
cpu family   : 6
model        : 60
model name   : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt

get-edid output[edit]

EDID[edit]

sudo apt-get install read-edid
sudo get-edid ; echo $?

Qubes[edit]

This is read-edid version 3.0.1. Prepare for some fun.
Attempting to use i2c interface
Looks like no busses have an EDID. Sorry!
Attempting to use the classical VBE interface

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0
        Function unsupported
        Call failed

        VBE version 0
        VBE string at 0x0 "O"

VBE/DDC service about to be called
        Report DDC capabilities

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0                                                                                                                                      
        Function unsupported                                                                                                                                                        
        Call failed                                                                                                                                                                 
                                                                                                                                                                                    
Reading next EDID block                                                                                                                                                             
                                                                                                                                                                                    
VBE/DDC service about to be called                                                                                                                                                  
        Read EDID                                                                                                                                                                   
                                                                                                                                                                                    
        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0
        Function unsupported
        Call failed

The EDID data should not be trusted as the VBE call failed
Error: output block unchanged
I'm sorry nothing was successful. Maybe try some other arguments
if you played with them, or send an email to Matthew Kern <pyrophobicman@gmail.com>.
1

VirtualBox[edit]

get-edid: get-edid version 2.0.0

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0
        Function supported
        Call successful

        VBE version 200
        VBE string at 0xc7f10 "VirtualBox VBE BIOS http://www.virtualbox.org/"

VBE/DDC service about to be called
        Report DDC capabilities

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0
        Function unsupported
        Call failed

Reading next EDID block

VBE/DDC service about to be called
        Read EDID

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0
        Function unsupported
        Call failed

The EDID data should not be trusted as the VBE call failed
Error: output block unchanged
1

KVM[edit]

get-edid: get-edid version 2.0.0                                                                                                               
                                                                                                                                               
        Performing real mode VBE call                                                                                                          
        Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0                                                                                                 
halt_sys: file ��y�*+, line -1216758308                                                                                                        
        Function unsupported
        Call successful

        VBE version 300
        VBE string at 0xc4f55 "SeaBIOS VBE(C) 2011"

VBE/DDC service about to be called
        Report DDC capabilities

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0
halt_sys: file ��y�*+, line -1216720908
        Function unsupported
        Call successful

Reading next EDID block

VBE/DDC service about to be called
        Read EDID

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0
halt_sys: file ��y�*+, line -1216720908
        Function unsupported
        Call successful

The EDID data should not be trusted as the VBE call failed
Error: output block unchanged
1

Footnotes[edit]

  1. 1.0 1.1 This does not cover application vulnerabilities and exploits, which escalate from the virtual machine to the host see Attacks. However, by design, the Whonix-Workstation does not know its own external non-Tor IP address.
  2. /etc/resolv.conf in Whonix-Workstation is configured to use the Whonix-Gateway as DNS resolver, which is routed through Tor.
  3. You can check the desktop resolution and refresh rate by running in console:
    xrandr
    
  4. You can check color depth by running in console:
    xdpyinfo | grep "of root"
    
  5. Note that you can not rely on https://ip-check.info or similar websites for checking desktop resolution and color depth, because Tor Button changes this values to improve your anonymity. See Tor Button specification and Tor trac for details. You can check installed fonts using:
    fc-list
    
  6. As long you or any additional software packages do not install further packages.
  7. Only 3 common fonts (monospace, serif, times new roman) for all Tor Browser / TBB users can be detected.
  8. Robert Ransom suggested, if possible, to share the same list of fonts as Tails. Since Tor Browser does not leak, which fonts are installed anymore Whonix developer adrelanos fails to see the advantage of this. Follow-up inquiry ignored.
  9. You can check your internal (virtual LAN) IP address using:
    sudo ifconfig
    
  10. You can check your time zone using:
    cat /etc/timezone
    
  11. You can check that by running.
    host
    
  12. You can check that by running.
    hostname --fqdn
    
  13. You can check Whonix-Workstations MAC address using
    sudo ifconfig | grep HWaddr
    

    inside Whonix-Workstation and then comparing with your host.

  14. Disadvantages of shared MAC Addresses:
    • Multiple_Whonix-Workstations can not use the internet at the same time if they are using the same MAC address. It leads to confusing connection interruptions in the one or the other virtual machine.
    • The advantage of sharing MAC addresses among all Whonix versions are very little. (That would be useful, in case an application leaks the MAC address or in case Whonix-Workstation got compromised.
    • The project maintainers have to explain and defend the design, which takes a lot time of such little gain. (Again, it's important not to expose the hosts, the real MAC address, but as long as the one inside the virtual machine is different, everything is in an acceptable state.)
  15. Advantages of shared MAC addresses:
  16. You can check the visible hardware yourself with
    sudo apt-get update
    sudo apt-get install lshw
    
    sudo lshw
    

    and

    sudo lspci
    

    If you have USB devices attached use:

    sudo apt-get install usbutils
    sudo lsusb
    

    and then comparing with your host.

  17. These were hidden by VirtualBox "Synthetic CPU" in past but that feature was removed from VirtualBox. (Even then the clock speed of your host CPU was visible to all code (applications or malware) inside Whonix-Workstation.) The parameters --cpuid-portability-level or --cpuidremoveall have been tested and do not hide it either.
  18. https://phabricator.whonix.org/T449
  19. This is due to the design of virtualization platforms (VirtualBox, VMware, etc.). Most virtualization platforms leak CPU model, capabilities and clock speed. Check.
    cat /proc/cpuinfo
    

    If that is a still problem for you another workaround could be to use an emulator, such as QEMU (port available, documented, see QEMU) or bochs (no one has created a port yet, undocumented). Unfortunately such emulators are slow and there might be other limitations. (Does Bochs support internal networking?)

  20. You can check the sensor information using:
    sudo apt-get install hddtemp
    
    ## Qubes
    sudo hddtemp /dev/xvda
    
    ## VirtualBox
    sudo hddtemp /dev/sda
    
    ## KVM
    sudo hddtemp /dev/vda
    
    and 
    
    sudo apt-get install lm-sensors
    sudo sensors-detect
    
  21. You can check the battery information using:
    sudo apt-get install acpi
    
    acpi -V
    
  22. 22.0 22.1 You can check the BIOS DMI information using:
    sudo dmidecode
    
  23. You can see disk ids using:
    sudo ls -la /dev/disk/by-id/
    
    sudo ls -la /dev/disk/by-uuid/
    

    Then compare with the host.

  24. You can check the VM UUID using:
    sudo dmidecode
    
  25. You can check the SILC table using:
    sudo cat /sys/firmware/acpi/tables/SLIC
    

    inside your virtualizer and on your host. On your host there may or may be not be a SLIC table. If there is none, it can't leak into your virtualizer. If there is one, you'll see, that it is not mirrored in VirtualBox, which is fine.

  26. You can check the HDD UUID using:
    ## Qubes
    sudo hdparm -i /dev/xvda
    
    ## VirtualBox
    sudo hdparm -i /dev/sda
    
    ## KVM
    sudo hdparm -i /dev/vda
    
  27. You can check the CD-ROM UUID using:
    udisks --show-info /dev/cdrom
    

Random News:

Join us testing new AppArmor profiles for improved security! (forum discussion)


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.