Page MenuHomePhabricator
Feed Advanced Search

Tue, Jan 7

HulaHoop added a comment to T552: Packaging USBKill.

An interesting product that triggers a system wipe if the cable is pulled:

Tue, Jan 7, 5:51 PM · Whonix-Host, security, Whonix

Tue, Dec 24

madaidan added a comment to T943: make /boot and /lib/modules unreadable even for root.

Any attempted access of /boot would be logged the same way anyway although it might be good to use that to stop it from showing up in aa-logprof.

Tue, Dec 24, 5:07 PM · security, Whonix, apparmor-profile-everything
Patrick closed T943: make /boot and /lib/modules unreadable even for root as Resolved.

Would an audit denyrule for /boot be useful for the sake of audit?

Tue, Dec 24, 4:49 PM · security, Whonix, apparmor-profile-everything
madaidan added a comment to T943: make /boot and /lib/modules unreadable even for root.

/boot isn't allowed in init-systemd anyway so we don't need to add it to dangerous-files. Apparmor denies access to files that aren't explicitly allowed. The only reason we need to blacklist /lib/modules and not /boot is because we give access to all libraries.

Tue, Dec 24, 4:37 PM · security, Whonix, apparmor-profile-everything
Patrick added a comment to T943: make /boot and /lib/modules unreadable even for root.

Still need to add /boot to https://github.com/Whonix/apparmor-profile-everything/blob/master/etc/apparmor.d/abstractions/dangerous-files? Currently cannot find it there.

Tue, Dec 24, 12:17 PM · security, Whonix, apparmor-profile-everything

Mon, Dec 23

madaidan added a comment to T943: make /boot and /lib/modules unreadable even for root.

/boot/ is already unreadable.

Mon, Dec 23, 9:27 PM · security, Whonix, apparmor-profile-everything

Dec 7 2019

Patrick renamed T943: make /boot and /lib/modules unreadable even for root from make /boot unreadable even for root to make /boot and /lib/modules unreadable even for root.
Dec 7 2019, 9:14 AM · security, Whonix, apparmor-profile-everything
Patrick triaged T943: make /boot and /lib/modules unreadable even for root as Normal priority.
Dec 7 2019, 9:13 AM · security, Whonix, apparmor-profile-everything

Dec 5 2019

Patrick updated the task description for T941: lock down interpreters / compilers (interpreter lock) (compiler lock).
Dec 5 2019, 4:16 PM · Whonix, security
Patrick updated the task description for T941: lock down interpreters / compilers (interpreter lock) (compiler lock).
Dec 5 2019, 4:12 PM · Whonix, security
Patrick renamed T941: lock down interpreters / compilers (interpreter lock) (compiler lock) from lock down interpreters (interpreter lock) to lock down interpreters / compilers (interpreter lock) (compiler lock).
Dec 5 2019, 4:12 PM · Whonix, security
Patrick updated the task description for T941: lock down interpreters / compilers (interpreter lock) (compiler lock).
Dec 5 2019, 4:07 PM · Whonix, security
Patrick triaged T942: polish Whonix Host Firewall for Whonix Host as Normal priority.
Dec 5 2019, 4:04 PM · security, Whonix-Host, Whonix
Patrick renamed T941: lock down interpreters / compilers (interpreter lock) (compiler lock) from lock down interpreters to lock down interpreters (interpreter lock).
Dec 5 2019, 3:51 PM · Whonix, security
Patrick triaged T941: lock down interpreters / compilers (interpreter lock) (compiler lock) as Normal priority.
Dec 5 2019, 3:51 PM · Whonix, security
Patrick updated the task description for T940: grub boot password.
Dec 5 2019, 3:35 PM · security, Whonix-Host, Whonix
Patrick triaged T940: grub boot password as Normal priority.
Dec 5 2019, 3:22 PM · security, Whonix-Host, Whonix

Nov 25 2019

Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Nov 25 2019, 1:32 PM · C Code, security, Whonix

Nov 16 2019

Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Nov 16 2019, 11:20 AM · C Code, security, Whonix
Patrick added a comment to T543: TCP ISNs and Temperature induced clock skews.
Nov 16 2019, 11:19 AM · C Code, security, Whonix
Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Nov 16 2019, 11:18 AM · C Code, security, Whonix

Nov 6 2019

Patrick updated subscribers of T362: systemd SystemCallFilter= containment option seccomp hardening.
Nov 6 2019, 3:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick closed T362: systemd SystemCallFilter= containment option seccomp hardening as Resolved.

This was done. If not, please create specific tickets where it isn't done.

Nov 6 2019, 3:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix

Oct 15 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

https://redmine.tails.boum.org/code/issues/17156

Oct 15 2019, 9:26 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Oct 13 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Analysis by Cyrus cited here for completion:

Oct 13 2019, 4:18 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Oct 7 2019

HulaHoop added a comment to T543: TCP ISNs and Temperature induced clock skews.

An alternative proposal for editing ISNs without involving the kernel:

Oct 7 2019, 3:11 AM · C Code, security, Whonix

Oct 6 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.
Oct 6 2019, 10:53 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick closed T596: keep an eye on kloak anti keystroke deanonymization tool as Resolved.

Implemented for some time now.

Oct 6 2019, 9:54 PM · Whonix 16, security, Whonix
Patrick updated subscribers of T530: CPU-induced latency Covert Channel Countermeasures.
Oct 6 2019, 9:50 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Reported build failures:

Oct 6 2019, 9:47 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

When an implementation is decided, let's decide if we can include this in security-misc for use on Linux hosts and Kicksecure. We would need some way in detecting the active NIC since on wireless systems wlan0 is the interface of choice and not eth0

Oct 6 2019, 9:01 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

tc-netem is a utility that is part of the iproute2 package in Debian. It leverages functionality already built into Linux and userspace utilities to simulate networks including packet delays and loss.

Oct 6 2019, 6:04 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Apr 23 2019

Patrick updated the task description for T552: Packaging USBKill.
Apr 23 2019, 12:39 PM · Whonix-Host, security, Whonix
Patrick updated the task description for T552: Packaging USBKill.
Apr 23 2019, 12:38 PM · Whonix-Host, security, Whonix

Apr 6 2019

Patrick lowered the priority of T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream from High to Normal.
Apr 6 2019, 8:22 PM · security, Qubes, Whonix

Apr 5 2019

Patrick added a comment to T543: TCP ISNs and Temperature induced clock skews.

@Patrick What is the status of integration?

Apr 5 2019, 10:20 PM · C Code, security, Whonix
HulaHoop added a comment to T543: TCP ISNs and Temperature induced clock skews.

@Patrick What is the status of integration? Since we have kloak this is also a great defense to have. There is a script on there for packing as a deb:

Apr 5 2019, 8:55 PM · C Code, security, Whonix

Mar 28 2019

Patrick added a comment to T596: keep an eye on kloak anti keystroke deanonymization tool.

release kloak v0.2

Mar 28 2019, 12:55 AM · Whonix 16, security, Whonix

Mar 1 2019

Patrick added a comment to T596: keep an eye on kloak anti keystroke deanonymization tool.

Many code enhancements were recently added by its author.

Mar 1 2019, 9:03 AM · Whonix 16, security, Whonix

Feb 15 2019

marmarek added a comment to T709: port Whonix package build process to Qubes package build process.

To build a package with qubes-builder, you need to add Makefile.builder file with just one line: DEBIAN_BUILD_DIRS := debian. This will tell qubes-builder that given repository contains Debian package.
Alternatively, if that would be too much of a problem, it should be easy to add an option that do auto detection (probably just looks for debian directory).

Feb 15 2019, 12:20 AM · security, Qubes, build, Whonix

Feb 14 2019

Patrick added projects to T709: port Whonix package build process to Qubes package build process: build, Qubes, security.
Feb 14 2019, 8:01 PM · security, Qubes, build, Whonix

Jan 23 2019

Patrick updated the task description for T114: Permanent Takedown Attack Defender.
Jan 23 2019, 11:15 AM · whonixcheck, upstream, enhancement, security, Whonix
Patrick updated the task description for T114: Permanent Takedown Attack Defender.
Jan 23 2019, 11:14 AM · whonixcheck, upstream, enhancement, security, Whonix
Patrick closed T678: tb-updater onion mirros downloads support as Resolved.
Jan 23 2019, 5:45 AM · security, Whonix 15, Whonix 14, tb-updater, Whonix

Jan 22 2019

Patrick changed the status of T678: tb-updater onion mirros downloads support from Open to testing-in-next-build-required.

With TPO infrastructure using onions, its now a good idea to switch tb-updater to check for version info and downloads to these more secure mirrors.

Jan 22 2019, 8:16 AM · security, Whonix 15, Whonix 14, tb-updater, Whonix
Patrick added projects to T678: tb-updater onion mirros downloads support: Whonix 14, Whonix 15, security.
Jan 22 2019, 8:12 AM · security, Whonix 15, Whonix 14, tb-updater, Whonix

Dec 9 2018

Patrick lowered the priority of T389: make sure Qubes-Whonix has no access to clocksource=xen from High to Normal.
Dec 9 2018, 6:53 AM · mgmt, research, security, Qubes, Whonix

Dec 7 2018

Patrick removed a project from T486: Disable conntrack helper?: Whonix 15.
Dec 7 2018, 12:08 PM · Whonix, whonix-ws-firewall, whonix-gw-firewall, enhancement, security
Patrick removed a project from T530: CPU-induced latency Covert Channel Countermeasures: Whonix 15.
Dec 7 2018, 12:06 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick removed a project from T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes): Whonix 15.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick assigned T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) to troubadour.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick removed a project from T533: iptables block network access until sdwdate succeeded: Whonix 15.
Dec 7 2018, 12:04 PM · Whonix, usability, whonix-ws-firewall, whonix-gw-firewall, iptables, python, security, enhancement, sdwdate-gui, sdwdate
Patrick removed a project from T713: Mail OTF for Security Audit / Review #2: Whonix 15.
Dec 7 2018, 11:58 AM · organization, security, Whonix
Patrick removed a project from T397: prevent dom0 telling Qubes-Whonix VMs the time by using the mgmt stack for that / disable Qubes dom0 /etc/qubes-rpc/qubes.SetDateTime: Whonix 15.
Dec 7 2018, 11:57 AM · mgmt, Whonix, Qubes, security, bug
Patrick removed a project from T387: Qubes-Whonix-Gateway as ClockVM: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, security, sdwdate, Qubes, Whonix
Patrick removed a project from T362: systemd SystemCallFilter= containment option seccomp hardening: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick removed a project from T80: direct SSL certificate pinning for check.torproject.org and torproject.org (curl method): Whonix 15.
Dec 7 2018, 11:56 AM · Whonix, whonixcheck, tb-updater, security

Nov 20 2018

Patrick closed T69: Change KDE Theme and KDE Mouse Theme It's easy to do by manually using a mouse, but I haven't found out how to do it shipping a configuration file. After being done, update https://www.whonix.org/wiki/Dev/KDE from TODO to Done. as Wontfix.

https://forums.whonix.org/t/user-poll-xfce-vs-kde-kde-deprecation-considered/6235

Nov 20 2018, 5:00 PM · Whonix, kde, desktop, enhancement, security
Patrick closed T630: Disabling Baloo file indexer as Wontfix.

https://forums.whonix.org/t/user-poll-xfce-vs-kde-kde-deprecation-considered/6235

Nov 20 2018, 4:59 PM · Debian version 10 codename Buster, kde, security, research
Patrick closed T734: disable web shortcuts as Wontfix.

https://forums.whonix.org/t/user-poll-xfce-vs-kde-kde-deprecation-considered/6235

Nov 20 2018, 4:58 PM · usability, security, kde, Whonix 16, Whonix
Patrick closed T735: settings-plasma search/configure search configurations from Whonix-Gateway as Wontfix.

https://forums.whonix.org/t/user-poll-xfce-vs-kde-kde-deprecation-considered/6235

Nov 20 2018, 4:58 PM · security, usability, kde, Whonix 16, Whonix
Patrick closed T737: Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ) as Resolved.
Nov 20 2018, 4:58 PM · Whonix 15, security, kde, Whonix

Oct 13 2018

HulaHoop added a comment to T80: direct SSL certificate pinning for check.torproject.org and torproject.org (curl method).

We can now grab the browser tarball from the TPO onion instead which makes this ticket obsolete. Close if you concur.

Oct 13 2018, 2:47 PM · Whonix, whonixcheck, tb-updater, security

Oct 1 2018

Patrick placed T737: Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ) up for grabs.
Oct 1 2018, 1:18 PM · Whonix 15, security, kde, Whonix
Patrick placed T62: Mail OTF for Security Review up for grabs.
Oct 1 2018, 1:18 PM · security, organization, Whonix
Patrick placed T80: direct SSL certificate pinning for check.torproject.org and torproject.org (curl method) up for grabs.
Oct 1 2018, 1:17 PM · Whonix, whonixcheck, tb-updater, security
Patrick placed T596: keep an eye on kloak anti keystroke deanonymization tool up for grabs.
Oct 1 2018, 1:17 PM · Whonix 16, security, Whonix

Sep 20 2018

Patrick added a subtask for T387: Qubes-Whonix-Gateway as ClockVM: T856: whonix TemplateVM time fetching qrexec service.
Sep 20 2018, 11:45 AM · enhancement, security, sdwdate, Qubes, Whonix

Sep 6 2018

Patrick updated the task description for T737: Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ).
Sep 6 2018, 9:08 AM · Whonix 15, security, kde, Whonix
Patrick renamed T737: Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ) from Desktop Session Login better to start it with empty session to Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ).
Sep 6 2018, 9:08 AM · Whonix 15, security, kde, Whonix
Patrick changed the status of T737: Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ) from Open to testing-in-next-build-required.

This should be fixed by default in the next build.

Sep 6 2018, 9:07 AM · Whonix 15, security, kde, Whonix
Patrick edited projects for T737: Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ), added: Whonix 15; removed Whonix 16.
Sep 6 2018, 9:07 AM · Whonix 15, security, kde, Whonix
Patrick added a comment to T737: Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ).
Sep 6 2018, 9:05 AM · Whonix 15, security, kde, Whonix
TNTBOMBOM triaged T737: Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ) as Normal priority.
Sep 6 2018, 2:35 AM · Whonix 15, security, kde, Whonix
TNTBOMBOM raised the priority of T737: Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ) from Normal to Needs Triage.
Sep 6 2018, 2:35 AM · Whonix 15, security, kde, Whonix
TNTBOMBOM added a comment to T737: Desktop Session Login better to start it with empty session / kdesudo error popup window ( sdwdate-gui ).

linking to forum:

Sep 6 2018, 2:34 AM · Whonix 15, security, kde, Whonix

Aug 15 2018

Patrick updated the task description for T362: systemd SystemCallFilter= containment option seccomp hardening.
Aug 15 2018, 1:06 PM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix

Aug 10 2018

HulaHoop reopened T596: keep an eye on kloak anti keystroke deanonymization tool as "Open".

He was busy those past few months and thought there was no interest. @Patrick Expect a new release this coming week.

Aug 10 2018, 4:37 PM · Whonix 16, security, Whonix

Aug 9 2018

HulaHoop added a comment to T596: keep an eye on kloak anti keystroke deanonymization tool.

Ping:
https://github.com/vmonaco/kloak/issues/10

Aug 9 2018, 9:37 PM · Whonix 16, security, Whonix

Aug 8 2018

HulaHoop added a comment to T596: keep an eye on kloak anti keystroke deanonymization tool.

Why not ping him first? Its a waste of good work otherwise.

Aug 8 2018, 4:55 PM · Whonix 16, security, Whonix
Patrick closed T596: keep an eye on kloak anti keystroke deanonymization tool as Invalid.

Dead upstream.

Aug 8 2018, 10:28 AM · Whonix 16, security, Whonix
Patrick edited projects for T596: keep an eye on kloak anti keystroke deanonymization tool, added: Whonix 16; removed Whonix 15.
Aug 8 2018, 10:12 AM · Whonix 16, security, Whonix

Aug 7 2018

Patrick renamed T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) from make sdwdate-gui Qubes friendly to make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).
Aug 7 2018, 6:45 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick renamed T397: prevent dom0 telling Qubes-Whonix VMs the time by using the mgmt stack for that / disable Qubes dom0 /etc/qubes-rpc/qubes.SetDateTime from prevent dom0 telling Qubes-Whonix VMs the time by using the mgmt stack for that to prevent dom0 telling Qubes-Whonix VMs the time by using the mgmt stack for that / disable Qubes dom0 /etc/qubes-rpc/qubes.SetDateTime.
Aug 7 2018, 6:43 PM · mgmt, Whonix, Qubes, security, bug
Patrick updated the task description for T389: make sure Qubes-Whonix has no access to clocksource=xen.
Aug 7 2018, 6:37 PM · mgmt, research, security, Qubes, Whonix

Aug 3 2018

Patrick added a project to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream: security.
Aug 3 2018, 11:22 AM · security, Qubes, Whonix

Jul 24 2018

Patrick renamed T388: document Spoof the Initial Virtual Hardware Clock Offset for KVM (biossystemtimeoffset) from document Spoof the Initial Virtual Hardware Clock Offset for KVM to document Spoof the Initial Virtual Hardware Clock Offset for KVM (biossystemtimeoffset).
Jul 24 2018, 11:52 AM · user documentation, enhancement, security, Whonix, KVM

Jul 21 2018

Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Created [way to find out name of gateway from witin VM - qubesdb-read /qubes-gateway-name](https://github.com/QubesOS/qubes-issues/issues/4117) for it.

Jul 21 2018, 11:38 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 18 2018

marmarek added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

The easiest way would be to have a new entry for qubesdb-read, in addition to qubes-gateway which holds the IP address.
Something like qubesdb-read /qubes-gateway-name.

Jul 18 2018, 12:12 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 17 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

For the time being, the vm's whonix gateway is hard coded in two files, the one watching and sending sdwdate satus and the one sending the shutdown notification.

Jul 17 2018, 11:14 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

What happens in case of multiple Whonix-Gateway ProxyVMs? I.e. in case of sys-whonix, sys-whonix-two, etc.? How would anon-whonix-two know it has to connect to sys-whonix-two?

Jul 17 2018, 9:19 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 16 2018

Patrick closed T70: Use a Content-Security-Policy as Resolved.

https://forums.whonix.org/t/content-security-policy-now-deployed-on-whonix-websites

Jul 16 2018, 6:17 AM · Whonix, website, security

Jul 14 2018

Patrick changed the status of T66: Certificate Authority (CA) Pinning for whonix.org from Invalid to Resolved.

We have now a DNS Certification Authority Authorization (CAA) Policy.

Jul 14 2018, 12:02 PM · research, website, Whonix, security, infrastructure

Jul 9 2018

Patrick added a comment to T56: Bridge Sanity Check.

From sdwdate log. Clock was right but I got this using a bridge.

Jul 9 2018, 8:10 AM · Whonix, sdwdate, security, enhancement
Patrick added a comment to T84: Should we enable HTTP Public Key Pinning (HPKP) for whonix.org?.
In T84#14765, @marmarek wrote:
Jul 9 2018, 7:21 AM · infrastructure, security, research, Whonix, website
Patrick closed T66: Certificate Authority (CA) Pinning for whonix.org as Invalid.

Same as T84#14765.

Jul 9 2018, 7:20 AM · research, website, Whonix, security, infrastructure
Patrick updated the task description for T66: Certificate Authority (CA) Pinning for whonix.org.
Jul 9 2018, 7:19 AM · research, website, Whonix, security, infrastructure
Patrick updated the task description for T84: Should we enable HTTP Public Key Pinning (HPKP) for whonix.org?.
Jul 9 2018, 7:19 AM · infrastructure, security, research, Whonix, website

Jul 7 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Have run the fuzzer unit test simultaneously in sys-whonix and five anon-vm.

Jul 7 2018, 10:26 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick closed T84: Should we enable HTTP Public Key Pinning (HPKP) for whonix.org? as Wontfix.
Jul 7 2018, 2:36 PM · infrastructure, security, research, Whonix, website