Security in Real World
Some real world examples that are protected by using Whonix:
- Flash and Java, although recommended against, cannot leak IP/location. See Browser Plugins for details.
- Skype, although recommended against, cannot leak IP/location. See Skype.
- BitTorrent, when using ordinary proxyfication methods, has been reported to protocol IP leak (w). Although recommended against due to excessive traffic and therefore harming the Tor network (see File Sharing), cannot leak IP/location. This is because the external ISP IP address is hidden from Whonix-Workstation.
- Tails: Icedove (Thunderbird) leaks the real IP address (w) - Whonix didn't exist at the time that bug existed. These kinds of leaks are impossible in Whonix, since the Whonix-Workstation is unaware of its external IP. To be fair, these kinds of leaks are now much less likely in Tails, since they are no longer using transparent proxying. (source (w))
- pidgin leaks the real IP (w) - Whonix didn't exist at the time that bug existed. These kinds of leaks are not possible with Whonix, since the Whonix-Workstation is unaware of its external IP. To be fair, it should be noted that this bug existed only in the development source code. They spotted the bug and fixed it before the release. (source (w))
- Tor Browser Bundle: Firefox security bug (proxy-bypass) (w) - This vulnerability was circumvented by Whonix. Any proxy bypass may have only emitted traffic through Tor's TransPort. All that could have been leaked is the IP address of another Tor exit relay, which is harmless.
- clock skew attack (link) (w) brief summary: The adversary gets the time of a hidden server (example: http header) and measures the skew. Then the adversary compares with Tor relays or other publicly reachable (web) servers. If they have the same skew, it is very likely it is hosted on the same server. - Although it is recommended against to run a Tor relay/publicly reachable server and a hidden service on the same server (because that opens up a lot other attacks (bandwidth, DDOS related)), Whonix 0.4.4 and above circumvent this attack. To be fair, when this attack was first described Whonix didn't exist, but it would circumvent it now.
- Exploiting P2P Applications to Trace and Profile Tor Users (w) - Whonix didn't exist at the time that attack was first described. This attack gets defeated by Whonix, since the Whonix-Workstation is unaware of its external IP and because Whonix makes extensive use of Stream Isolation.
- GVfs/GIO support based proxy bypass (IP leak) using a specially crafted URL
Impressum | Datenschutz | Haftungsausschluss
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.