Jump to: navigation, search

Security in Real World

This page contains changes which are not marked for translation.

Other languages:
Deutsch • ‎English

Flash Leak Test SocksPort and TransPort
Flash Leak Test both TransPort

Some real world examples that are protected by using Whonix:

  • Flash and Java, although recommended against, cannot leak IP/location. See Browser Plugins for details.
  • Skype, although recommended against, cannot leak IP/location. See Skype.
  • BitTorrent, when using ordinary proxyfication methods, has been reported to protocol IP leak (w). Although recommended against due to excessive traffic and therefore harming the Tor network (see File Sharing), cannot leak IP/location. This is because the external ISP IP address is hidden from Whonix-Workstation.
  • Tails: Icedove (Thunderbird) leaks the real IP address (w) - Whonix didn't exist at the time that bug existed. These kinds of leaks are impossible in Whonix, since the Whonix-Workstation is unaware of its external IP. To be fair, these kinds of leaks are now much less likely in Tails, since they are no longer using transparent proxying. (source (w))
  • pidgin leaks the real IP (w) - Whonix didn't exist at the time that bug existed. These kinds of leaks are not possible with Whonix, since the Whonix-Workstation is unaware of its external IP. To be fair, it should be noted that this bug existed only in the development source code. They spotted the bug and fixed it before the release. (source (w))
  • Tor Browser Bundle: Firefox security bug (proxy-bypass) (w) - This vulnerability was circumvented by Whonix. Any proxy bypass may have only emitted traffic through Tor's TransPort. All that could have been leaked is the IP address of another Tor exit relay, which is harmless.
  • clock skew attack (link) (w) brief summary: The adversary gets the time of a hidden server (example: http header) and measures the skew. Then the adversary compares with Tor relays or other publicly reachable (web) servers. If they have the same skew, it's very likely it's hosted on the same server. - Although it's recommended against to run a Tor relay/publicly reachable server and a hidden service on the same server (because that opens up a lot other attacks (bandwidth, DDOS related)), Whonix 0.4.4 and above circumvent this attack. To be fair, when this attack was first described Whonix didn't exist, but it would circumvent it now.
  • Exploiting P2P Applications to Trace and Profile Tor Users (w) - Whonix didn't exist at the time that attack was first described. This attack gets defeated by Whonix, since the Whonix-Workstation is unaware of its external IP and because Whonix makes extensive use of Stream Isolation.
  • Tor security advisory: Old Tor Browser Bundles vulnerable A vulnerability opened up for remote code execution in Firefox and Tor Browser if JavaScript was enabled (which was the default setting in Firefox and Tor Browser at time of writing). Nowadays, the Tor Browser Bundle allows for easy security settings, using a slider bar, which amay turn of JavaScript completely, thus bypassing this problem, by keeping the Browser from executing any JavaScript code.

Random News:

We are looking for video makers.


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.