Whonix / _: Recent posts

Whonix on distrowatch

Posted by SourceForge Robot 2016-04-20

‘sudo apt-get install whonix’ Part II

Many packages developed under the Whonix umbrella are independent
packages in their own right and should be available to users whether
they use Whonix directly or not.

Another long term goal is bringing some of Whonix's major software
packages with their security and privacy enhancements to Debian host
systems via our repository.

To try it out, follow the instructions on the wiki.... read more

Posted by SourceForge Robot 2016-04-20

‘sudo apt-get install whonix’ Part I

The ability to install Whonix meta-packages packages from a repository
is currently under heavy development and almost finished. With this
announcement we ask that you consider donating to sustain and accelerate
progress.

How it Works:

In two steps a user is able to convert plain Debian VMs into Whonix:

1. First by adding the Whonix repo URLs to the apt sources list
(optionally: check instructions for anonymous repo downloads)... read more

Posted by SourceForge Robot 2016-04-19

Bounty! $ 3.000 USD – Build Debian Packages from Source Code

Short:

Ticket updated, shortened discussion here:
https://github.com/Whonix/Whonix/issues/400

On bountysource.com showing the $ 3000 USD bounty (with old lengthy discussion):
https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code

Long:

The old discussion got too lengthy. Since no one was working on the ticket… I restarted the discussion. Meaning, I created a backup of the old discussion using webcitation, went through all the existing discussion, summarized it, and answered all questions and confusion in the initial ticket description before they come up again, and deleted all comments. That should help everyone interested working on the ticket understand what it's about and save time by skipping reading and parsing the lengthy previous discussion.... read more

Posted by SourceForge Robot 2016-04-02

bounty overview – April 2016

Get paid to work on programming tasks! Up to $ 3.000 USD per task.

List of bounties and details:

Posted by SourceForge Robot 2016-04-02

Biometric Fingerprinting, Mass Surveillance and You

Tracking techniques have become more sophisticated with time. They advanced from simple cookies to browser/device fingerprinting (which Tor Browser focuses on defeating) to user behavior fingerprinting. The latter is about profiling how a user types on a keyboard or uses a mouse.

Keystroke dynamics have been around for a while but the massive scale of deployment is new and comes with serious implications for anonymous users. This technology is already used by PRISM partners, banks and massive online courses.... read more

Posted by SourceForge Robot 2016-03-16

Hardware Endorsed by the FSF

The Free Software Foundation endorses hardware that is Libre software friendly and respects your freedom and privacy. Take a look and consider supporting the OEMs behind these great projects:

https://www.fsf.org/resources/hw/endorsement/respects-your-freedom

The post Hardware Endorsed by the FSF appeared first on Whonix.
link

Posted by SourceForge Robot 2016-03-15

audit if torbrowser-launcher GnuPG signature verification bypass attack applies to Whonix or other projects

Issue of torbrowser-launcher using gpg command line.

[or call it an issue of the gnupg interface and its difficulty using it inside scripts, unfinished python gpg libraries etc.]

https://github.com/micahflee/torbrowser-launcher/issues/229... read more

Posted by SourceForge Robot 2016-03-15

whonix.org apt repository – testers wanted!

Now hosted on whonix.org rather than volunteer mirror network. Should be more reliable.

This is what we will be using in Whonix 13.

sudo whonix_repository --baseuri http://whonix.org/download/whonixdevelopermetafiles/internal/ --repository stable --enable
Feel free to experiment with TLS.

sudo whonix_repository --baseuri https://whonix.org/download/whonixdevelopermetafiles/internal/ --repository stable --enable... read more

Posted by SourceForge Robot 2016-03-14

Looking for firejail / seccomp maintainer for better security!

firejail is a sandbox to restrict the application environment.

Please contribute. Task:

  • play around with firejail in Whoinx
  • see how it goes
  • report (and possibly fix) issues upstream in firejail
  • test the Tor Browser firejail profile, consider packaging it
  • maintain firejail profiles in Whonix... read more
Posted by SourceForge Robot 2016-03-11

bounty overview – March 2016

Get paid to work on programming tasks!

List of bounties and details:

Posted by SourceForge Robot 2016-03-10

General information on various clock sources such as tsc etc. by intel

Posted by SourceForge Robot 2016-02-25

a browser is not a safe environment to type

A browser is no safe environment to write stuff such as for example forum posts or e-mails, webmail or IMAP.

  • You could accidentally paste things you don't want to paste for example into the search or url bar, which could trigger a search for text that you did not intend to sent into the public internet.
  • With JavaScript enabled, while you type, the server already knows what you type as you type..
    • It reveals, how fast you type, how long your breaks are, which mistakes you make and how you correct them while writing the draft, also which type of local keyboard you are using.
    • It should be assumed, that such data is already being collected and analyzed.
  • Since there is stylometry which works with less data (final text only), it is save to assume, that data is more than unique enough to pose a serious risk for de-anonymization or at least anonymity set reduction. An adversary having this data from a user having typed over clearnet, then comparing with a user having typed over Tor, may be able compare those. Even if it was not a 100% hit, reaching higher probabilities this is already fatal.
  • Write the text in an offline text editor such as KWrite and copy and paste the text into the web interface once you are done.... read more
Posted by SourceForge Robot 2016-02-16

good read on the linux security wrt to entropy / randomness

Posted by SourceForge Robot 2016-02-15

upcoming usability improvements that will hurt, TLS downloads, abolishing torrent downloads

Whonix website, especially downloading and getting started is so super secure that mortal users give up on it. Even friends of mine, who graduated from university and working as engineers are incapable of getting Whonix installed.

My mission to make everyone happy with implementing geeky feature requests like "optional torrent downloads" has failed. Stuff like this really gets small groups of geeks happy, but overall it over complicates the download process.... read more

Posted by SourceForge Robot 2016-02-14

Whonix FAQ was updated

Posted by SourceForge Robot 2016-02-10

Persistent Tor Entry Guard Relays can make you trackable Across Different Physical Locations

Posted by SourceForge Robot 2016-02-10

Tails Installation Assistant – What do you think about it?

Tails (The Amnesic Incognito Live System) has now a Tails Installation Assistant. What do you think about it? Does it improve or worsen usability?

I am wondering, if something like that would be useful for Qubes OS to ease download and installation.

Something similar has been discussed for Whonix some time ago, although with a different outcome.... read more

Posted by SourceForge Robot 2016-02-01

Selected Papers in Anonymity – Anonymity Bibliography – Selected Papers in Anonymity

Posted by SourceForge Robot 2016-01-28

consolidating Whonix packages

There have been some complaints, that there are too many Whonix packages. Specifically by people auditing or trying to understand Whonix better. I think here is some valid and some invalid criticism. Nowadays seemlingly almost everyone is overworked. Attention spawns are small. However, it should not be expected to be capable to get an overview about a linux distribution in 5 minutes. All I can do is ask to take 30 or 60 minutes to go through the list of Whonix packages one by one. Perhaps just read the quick github description. And if you want to learn more, see their readme files. That should give you a good first overview.... read more

Posted by SourceForge Robot 2016-01-17

Whonix Signing Key Fingerprint mirrored on Social Media

916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA

It's been suggested to post Whonix signing key on twitter. Yes. Why not. Good idea. Let's post it to facebook and twitter. Just for additional verification. Needless to say, that relying on key signatures is more secure.
pub 4096R/2EEACCDA 2014-01-16 [expires: 2016-10-05] Key fingerprint = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA uid [ultimate] Patrick Schleizer <adrelanos@riseup.net> sub 4096R/CE998547 2014-01-16 [expires: 2016-10-05] sub 4096R/119B3FD6 2014-01-16 [expires: 2016-10-05] sub 4096R/77BB3C48 2014-01-16 [expires: 2016-10-05]... read more

Posted by SourceForge Robot 2016-01-06

Want a local backup of Whonix wiki contents?

Public for a long time, yet seemingly not found by anyone.

mediawiki markup:
https://github.com/Whonix/whonix-wiki-backup

mediawiki xml:
https://github.com/WhonixBOT/WhonixWikiBackups

git clone
it. Fork it on github. Ideally keep it current.

Test our instructions for replicating whonix.org.
https://www.whonix.org/wiki/Dev/Replicating_whonix.org

Help creating a Whonix backup script:
https://phabricator.whonix.org/T159... read more

Posted by SourceForge Robot 2016-01-06

Whonix 12 released!

Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP.

Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.... read more

Posted by SourceForge Robot 2015-12-14

New Qubes website! New Whonix homepage?

The new Qubes website is looking great. Check it out!

https://www.qubes-os.org

It's a great inspiration. Whonix's home page also urgently needs a redesign.

The post New Qubes website! New Whonix homepage? appeared first on Whonix.
link

Posted by SourceForge Robot 2015-12-08

Tor Donation Campaign

The Tor Project is running its first donation campaign ever. I urge our dear users to support them. They are the guardians of the last free space on the web, working tirelessly and passionately to preserve people's rights and even lives around the planet. Without them Whonix wouldn't exist.

https://www.torproject.org/donate/donate.html.en

The post Tor Donation Campaign appeared first on Whonix.
link

Posted by SourceForge Robot 2015-12-05