sdwdate: Secure Distributed Web Date

From Whonix
Jump to navigation Jump to search
sdwdate-gui Control Panel

sdwdate - Secure Distributed Web Date - in Whonix

sdwdate Documentation[edit]

Kicksecure seal
Kicksecure Hardened

Redirection to Kicksecure Documentation

Incomplete: This wiki page is incomplete by design. It only includes details specific to Whonix. For full understanding, please follow the link below to the Kicksecure wiki, which provides more complete background and instructions.

  • Introduction: Whonix Documentation Introduction, User Expectations, Footnotes and References, User Expectations - What Documentation Is and What It Is Not
  • Whonix is based on Kicksecure: Whonix is built on top of Kicksecure. This means it uses many of the same security tools, design concepts, and configurations.
  • Kicksecure is based on Debian: Kicksecure is developed using Debian as its base. Debian is a widely used, stable, and free Linux operating system.
  • Inheritance: As a result, Whonix is also based on Debian.
  • Debian is GNU/Linux-based: Debian is built using the GNU/Linux operating system. GNU provides essential tools and Linux is the system’s kernel (core).
  • Shared documentation benefits: Since each system is based on the one below it, a lot of documentation and guides are shared. This reduces the need to duplicate information.
  • Inherited documentation: Most instructions and explanations are inherited from Kicksecure or Debian, unless otherwise specified.
  • Shared principles: The systems share similar security goals and setup instructions. In most cases, users can follow Kicksecure documentation when using Whonix.
  • Keep using Whonix: This does not mean users should switch to Kicksecure. This page only points to related, helpful information.
  • Where to apply the instructions: Follow the instructions inside Whonix unless specifically stated otherwise.
  • Wiki editors notice: This information is pulled from a reusable wiki template: upstream_wiki. (See which pages use this.)
  • Comparison: Whonix versus Kicksecure
  • Documentation compatibility: Because Whonix is based on Kicksecure, you can often follow Kicksecure’s instructions as long as you apply them in the right place.
  • Summary: Whonix is built on top of Kicksecure, which itself is based on Debian. Debian is a GNU/Linux operating system. This layered design means Whonix inherits many features, tools, and documentation from both Kicksecure and Debian.
  • Click here: Visit the related page in the Kicksecure wiki for full documentation and background:

  • Note: Re-interpretation...
Apply the instructions inside Whonix, not inside Kicksecure.

Kicksecure: Perform these steps inside Kicksecure.

Instead, apply the steps inside Whonix-Workstation.

Kicksecure for Qubes: Perform these steps inside Qubes kicksecure-17 Template.

Instead, use the whonix-workstation-17 Template for these steps.

Whonix specific[edit]

Whonix sets the configuration option RANDOMIZE_TIME=true through the package anon-apps-configarchive.org iconarchive.today icon in the file /etc/sdwdate.d/40_anon-apps-config.confarchive.org iconarchive.today icon with the line RANDOMIZE_TIME=true.

Prerequisite knowledge: Timezone

Do sdwdate issues impact anonymity?[edit]

sdwdate failing doesn't mean deanonymization.

Even if sdwdate does not work, there is still Boot Clock Randomization.

To put it into perspective, Tor Browser Bundle on the host operating system (unrelated to Whonix) has neither sdwdate nor Boot Clock Randomization.

This is similar to asking, "How secure is Whonix?" See: Security Overview and Whonix Protection against Real World Attacks.

sdwdate-gui makes Tor issues more visible due to its graphical indication and easily accessible logs. It would be an unsubstantiated conclusion to deduce that sdwdate is the cause of Tor issues.

The timing of sdwdate issues matters. If sdwdate fails:

  • A) during its first run after boot, then that's worse than
  • B) sdwdate failing during any subsequent runs.

In case of A), the user would only be protected by Kicksecure logo Boot Clock RandomizationOnion network Logo.

In case of B), it is less of an issue because it is only for timekeeping in long-running VMs. For example, if sdwdate succeeded after boot but then only succeeded once per day in long-running VMs, that might still be good enough.

Planned sdwdate-gui enhancements include:

  • Only showing sdwdate failure if sdwdate failed after boot and multiple times in long-running VMs.
  • Making Tor log output (anon-log) more accessible. This might help redirect the often misplaced attention from sdwdate to Tor.

See Also[edit]

Notification image

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!