Whonix / _: Recent posts

Public Letter of Thanks to our Whistleblower Heroes

Independent news publisher 'The Intercept' that handles news stories based on Edward Snowden's disclosures gives a hint of the existence of more than one Whistleblower who decided to step forward.

This is further confirmed by the renown cryptographer Bruce Schneier, who has access to the Snowden docuemnts.

This is great news indeed and I, among many, would like to publicly thank these great people who have underwent immense risks and sacrifices to expose how our basic universal human rights are being violated. Thank you Snowden for your courage and initiative that inspired others to follow the same path of integrity.... read more

Posted by SourceForge Robot 2014-08-09

Hidden Service Tor security advisory: “relay early”

Quote The Tor Blog.

[...] Hidden service operators should consider changing the location of their hidden service. [...]

For technical information see the full blog post on The Tor Blog.

(This is the same security advisory as Tor security advisory: "relay early" traffic confirmation attack - just highlighting the news for hidden service hosts here.)... read more

Posted by SourceForge Robot 2014-08-05

Tor security advisory: “relay early” traffic confirmation attack

Quote The Tor Blog.

SUMMARY:

On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.

The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.

Unfortunately, it's still unclear what "affected" includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too.

[...], to close the particular protocol vulnerability the attackers used [...]... read more

Posted by SourceForge Robot 2014-08-05

Testers wanted! Whonix 9 early first test version

The version number for this testers-only release is 8.6.2.8, which will become Whonix 9 the moment it's blessed stable.

Download link for Virtual Box images (.ova), experimental kvm/qemu images and OpenPGP signatures (.asc):
http://sourceforge.net/projects/whonixdevelopermetafiles/files/8.6.2.8/

Thanks to everyone who made this test release possible! Next step is working on that.

Upgrading from Whonix 8, 8.1, 8.2, 8.3 to 8.6.2.8 is not yet possible!... read more

Posted by SourceForge Robot 2014-07-14

Mentioning Privacy on the Internet is Illegal

Did you know that merely visiting the  Tor website or any place where Linux, data anonymity,privacy or security is mentioned, is enough to earn you a place in a NSA database? Meaning our communications will be retained indefinitely in their data centers.

This of itself is nothing new. We know that everything is  already collected anyway, so looking really, really, really hard at encrypted Tor traffic shouldn't change anything.... read more

Posted by SourceForge Robot 2014-07-05

Coverage by Wired.com

In a story about precautions to take against illegal, warrant-less surveillance, Whonix has been given special mention on Wired.com - a major technology new site on the internet.

I would like to thank our users who have spread the word. The more people who use Whonix the more testing it gets, which allows the project to grow and improve in addition to encouraging new contributors to join our effort.... read more

Posted by SourceForge Robot 2014-06-21

Testers wanted! Whonix 8.3 VPN-Firewall Feature

A new feature for VPN lovers has been added. VPN's can now also be easily installed on Whonix-Gateway. Previously, many VPN users who wanted to route Tor through a VPN (user -> VPN -> Tor), preferred to install VPNs on the host and had little different choice. Some in conjunction with VPN-Firewall, to avoid connecting without the VPN, if the VPN (software) breaks down. Physical isolation users could not easily use a VPN on Whonix-Gateway and naturally had no host.... read more

Posted by SourceForge Robot 2014-06-07

Whonix 8.2 Maintenance Release

Download:
https://www.whonix.org/wiki/Download

Changelog:
- updated Debian packages including Heartbleed OpenSSL bug fix
- Whonix's Tor Browser updater: download from torproject's clearnet domain instead of torproject's onion domain by default, because the onion domain is too slow/can't handle the load. Downloading form the onion domain is possible using -onion.
- no longer recommending to use VirtualBox's snapshot feature in VirtualBox's VM import text due to data loss bug in VirtualBox... read more

Posted by SourceForge Robot 2014-05-01

Looking for mirror hosts! – Mirroring instructions updated

TLDR / Short
Want to mirror Whonix releases?

Updated instructions can be found here:
https://www.whonix.org/wiki/Hosting_a_Whonix_Mirror

Full Story

At the moment we're still using sourceforge as primary download mirror, because there is a problem with mirror.whonix.org and non-https downloads. That is, for better security, we asked to get whole whonix.org to be added to HSTS Preload List before we had mirror.whonix.org in mind. Now some browsers rightly attempt to enforce https on mirror.whonix.org, which our mirrors do not support. Changing whonix.org hsts settings would take a long time until it hit major browsers and operating systems (not sure if Debian stable uses a hard coded hsts list).... read more

Posted by SourceForge Robot 2014-04-12

Testers wanted! Whonix 8.2

Testers wanted for security / maintenance release.

Download link for Virtual Box images (.ova), experimental .qcow images and OpenPGP signatures (.asc):
https://sourceforge.net/projects/whonixdevelopermetafiles/files/8.2/

Changelog:
- updated Debian packages including Heartbleed OpenSSL bug fix
- Whonix's Tor Browser updater: download from torproject's clearnet domain instead of torproject's onion domain by default, because the onion domain is too slow/can't handle the load. Downloading form the onion domain is possible using -onion.
- no longer recommending to use VirtualBox's snapshot feature in VirtualBox's VM import text due to data loss bug in VirtualBox... read more

Posted by SourceForge Robot 2014-04-12

Testers wanted! New FIN ACK / RST ACK Leak Test

Mike Perry recently discovered a leak bug in custom transparent proxies (not related to Whonix!) and published his findings on the tor-talk mailing list:
https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html

This leak test has been adapted for Whonix and documented here:
https://www.whonix.org/wiki/Dev/Leak_Tests#FIN_ACK_.2F_RST_ACK_-_Leak_Test

Fortunately, I wasn't able to reproduce this leak using Whonix. Probably because the Linux version Whonix is using isn't affected by this bug and/or because Whonix's Firewall uses iptables default policy drop for input-, output-, fowardchain and only allows the Tor user to establish external connections. However, other users using different host operating systems and setups than I should repeat the test.... read more

Posted by SourceForge Robot 2014-04-11

The Linux Security Circus: On GUI isolation – Your opinion?

Check this out…

Already a bit older, but if true - and it seems to be true (I've tested this!) - it would be still up to date - and quite a scandal!

The Linux Security Circus: On GUI isolation:
http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html

[

](http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html)

The post The Linux Security Circus: On GUI isolation - Your opinion? appeared first on Whonix.
link

Posted by SourceForge Robot 2014-04-10

new SSL certificate and new secondary .onion domain

Our clearnet domain continues to be reachable:
https://www.whonix.org

Due to the heartbleed bug we needed to create a new .onion domain:
http://xxxxxxxxxxh5kyrx.onion

If you are wondering what our .onion domain is useful for anyway, see this note:
https://www.whonix.org/wiki/Forcing_.onion_on_Whonix.org

Due to the heartbleed bug we also needed to get a new SSL certificate. We used this opportunity to get an SSL certificate from Gandi. (We used a SSL certificate from startssl.com before.)... read more

Posted by SourceForge Robot 2014-04-09

Security Advisory: Whonix and the OpenSSL Heartbleed bug

On Whonix-Gateway and Whonix-Workstation,
due to the Heartbleed bug in OpenSSL, you are advised to run:

sudo apt-get update && sudo apt-get dist-upgrade

as fast as possible.

Additionally, on Whonix-Gateway restart Tor:

sudo service tor restart

(or simply reboot).

(You only have to do this once. Otherwise do just regular upgrades.)

Hidden Services:
If you are using hidden services (TorChat, hidden web server, etc.), you should also create a new hidden service domain name, for more information, see:
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160... read more

Posted by SourceForge Robot 2014-04-08

whonix.org Server Downtime

Because of Heartbleed OpenSSL vulnerability, most of our keys are being restructured. Expect weirdness / downtime for the next couple hours / days.

The post whonix.org Server Downtime appeared first on Whonix.
link

Posted by SourceForge Robot 2014-04-08

Full Historical Archive of Original TorBOX Project Site

whonix-supporter created a Full Historical Archive of Original TorBOX Project Site.

Links:
https://www.whonix.org/forum/index.php/topic,220.msg1426.html#new

Webcitation backup:
http://www.webcitation.org/6OZ91nvpZ
Thank you, whonix-supporter!... read more

Posted by SourceForge Robot 2014-04-03

Whonix 8.1 Maintenance Release

Usability fixes for new users only. There is no rush to update.

Download link for Virtual Box images (.ova), experimental .qcow images and OpenPGP signatures (.asc):

https://www.whonix.org/Download

Changelog:
- updated Debian packages
- fixed Tor restart bug when updated by apt-get

The post Whonix 8.1 Maintenance Release appeared first on Whonix.
link

Posted by SourceForge Robot 2014-03-30

Survey: How to make Whonix really user friendly? Looking for your suggestions!

Future Directions - Where Whonix wants to be in 2 or 5 years?

Whonix is a useful tool for some already, got many fans. How can we make Whonix really user friendly to allow mass adaption by regular people who need anonymity most?

It seems, Whonix limits itself by its two machines design. It's not exactly simple and user friendly to say "you first need to get VirtualBox, then import these two VMs, then start Whonix-Gateway, then start Whonix-Workstation or use physical isolation". How could that be improved while keeping Whonix's design?... read more

Posted by SourceForge Robot 2014-03-26

Plans to remove a feature, the Whonix News Blog Offline feature

This feature is documented here:
https://www.whonix.org/wiki/Download#Whonix_News_Blogs

This is about this icon:

Here is a screenshot.

Whonix News Blog opened offline

Whonix News Blog opened offline

We should now be talking about the same feature.... read more

Posted by SourceForge Robot 2014-03-25

[looking for contributor] css / logo refinement ; [update] main page css updates

lasko fixed the css on our main page. Looks now much better than before. Check it out:
https://www.whonix.org

Thank you lasko!

lasko added our old logo to the main page. Could anyone refine it?
https://www.whonix.org/forum/index.php/topic,209.0.html... read more

Posted by SourceForge Robot 2014-03-25

Job Offer: Developer

Your impact will involve:
- developing Whonix, generally we like to improve security and usability, see github https://github.com/Whonix/Whonix/issues and forum https://www.whonix.org/forum/index.php/board,5.0.html for a roadmap

Other tasks:
- improving documentation, fixing language, reorganization, documentation of new features, creating screenshots, etc.
- user support, answering user questions about Whonix
- creating videos about Whonix
- coordination of translators
- generally working on project related tasks depending on your optional abilities
- speaking for Whonix in virtual places (mailing lists, social media, etc.)
- speaking for Whonix in public at conferences... read more

Posted by SourceForge Robot 2014-03-20

Job / Project Offer: Project Coordinator

Your impact will involve:
- communication with funds, getting founding for Whonix, keeping in touch with funds
- improving documentation, fixing language, reorganization, documentation of new features, creating screenshots, etc.
- user support, answering user questions about Whonix
- creating videos about Whonix
- coordination of translators
- generally working on project related tasks depending on your optional abilities
- speaking for Whonix in virtual places (mailing lists, social media, etc.)
- speaking for Whonix in public at conferences... read more

Posted by SourceForge Robot 2014-03-20

survey: consideration to drop VirtualBox support for Linux users

TLDR:
As a Linux user(!), would you mind to use Whonix with KVM instead of VirtualBox?

How important is VirtualBox to you, if you could use KVM instead?

What features in VirtualBox do you believe are superior to KVM?

Which things in KVM do you dislike?

Long:
This one needs user feedback.

First of all, relax. Nothing has been decided yet. I am just thinking aloud. Without the controversy, there can not be real progress.... read more

Posted by SourceForge Robot 2014-03-20

Documentation index layout improved

lasko prettied up Whonix's Documentation index page. Check it out:
https://www.whonix.org/wiki/Documentation

Thank you, lasko!

The post Documentation index layout improved appeared first on Whonix | Privacy and Anonymity OS.
link

Posted by SourceForge Robot 2014-03-20

Contribute page updated

lasko prettied up Whonix's contribute page. Check it out:
https://www.whonix.org/wiki/Contribute

Thank you, lasko!

The post Contribute page updated appeared first on Whonix | Privacy and Anonymity OS.
link

Posted by SourceForge Robot 2014-03-20