Page MenuHomePhabricator

user documentationProject
ActivePublic

Watchers

  • This project does not have any watchers.

Recent Activity

Fri, Jun 21

Patrick added a comment to T521: simplify https://www.whonix.org/wiki/Documentation.

https://forums.whonix.org/t/splitting-whonix-documentation-into-a-short-and-long-edition-for-better-usability/1861/53?u=patrick

Fri, Jun 21, 1:34 PM · Whonix, user documentation, usability

Apr 23 2019

Patrick updated the task description for T909: instructions how to copy Whonix Host image to disk.
Apr 23 2019, 3:45 PM · user documentation, Whonix-Host, Whonix
Patrick triaged T909: instructions how to copy Whonix Host image to disk as Normal priority.
Apr 23 2019, 2:38 PM · user documentation, Whonix-Host, Whonix

Apr 20 2019

0brand added a comment to T900: Installation and setup of Hardened Debian Linux tutorials.

Hardened Debian Linux has been added to Google Season of Docs project ideas.

Apr 20 2019, 2:47 AM · user documentation, Whonix
Herald added a project to T900: Installation and setup of Hardened Debian Linux tutorials: Whonix.
Apr 20 2019, 2:33 AM · user documentation, Whonix

Apr 6 2019

Patrick closed T811: document multiple Qubes TemplateVMs as Resolved.

https://www.whonix.org/wiki/Multiple_Whonix-Workstations#Multiple_Qubes-Whonix_TemplateVMs

Apr 6 2019, 8:38 PM · Whonix, Qubes, user documentation

Feb 18 2019

HulaHoop added a comment to T580: Document recovery procedure after compromise.

Good for the time being, if anyone wants to add more there is an outline of what procedures can be done, to add to.

Feb 18 2019, 6:57 PM · Whonix, user documentation
HulaHoop closed T580: Document recovery procedure after compromise as Resolved.
Feb 18 2019, 6:57 PM · Whonix, user documentation

Feb 3 2019

Patrick added a comment to T580: Document recovery procedure after compromise.

I am slow to review this. Finally got to it. More feedback here:

Feb 3 2019, 10:33 AM · Whonix, user documentation

Feb 2 2019

HulaHoop closed T544: systemd-socket-proxyd instructions template as Resolved.
Feb 2 2019, 8:57 PM · Whonix 15, user documentation, design documentation, Whonix
HulaHoop added a comment to T544: systemd-socket-proxyd instructions template.

I created a user documentation page explaining this feature and when to use it for users to understand.

Feb 2 2019, 8:56 PM · Whonix 15, user documentation, design documentation, Whonix
Patrick added a comment to T544: systemd-socket-proxyd instructions template.

Not only relevant for retroshare.

Feb 2 2019, 9:35 AM · Whonix 15, user documentation, design documentation, Whonix
HulaHoop added a comment to T544: systemd-socket-proxyd instructions template.

@Patrick Was this only relevant for Retroshare?

Feb 2 2019, 3:48 AM · Whonix 15, user documentation, design documentation, Whonix
HulaHoop closed T567: research: Single Tor-Gateway with Multiple Workstations vs Multiple Tor-Gateways mapped 1:1 to Workstation VMs as Resolved.

The concept was documented for operational use. Auto Guard de-duplication considered too complex to deploy and manual checking is enough.

Feb 2 2019, 3:47 AM · research, Whonix, user documentation
HulaHoop added a comment to T580: Document recovery procedure after compromise.

Ready to close if happy.

Feb 2 2019, 3:39 AM · Whonix, user documentation

Jan 23 2019

Patrick assigned T580: Document recovery procedure after compromise to HulaHoop.
Jan 23 2019, 10:09 AM · Whonix, user documentation
Patrick added a comment to T580: Document recovery procedure after compromise.

Let me know the title and place and I'll put something up.

Jan 23 2019, 9:59 AM · Whonix, user documentation

Jan 16 2019

Patrick closed T523: document identity correlation attacks and defenses / Removing Apache Recommendation as Resolved.
Jan 16 2019, 1:20 PM · Whonix 14, Whonix, user documentation, research

Jan 13 2019

HulaHoop added a comment to T523: document identity correlation attacks and defenses / Removing Apache Recommendation.

Done

Jan 13 2019, 1:56 AM · Whonix 14, Whonix, user documentation, research

Jan 6 2019

Patrick added a comment to T523: document identity correlation attacks and defenses / Removing Apache Recommendation.

https://www.whonix.org/wiki/Onion_Services#Step_1:_Install_Server_Software needs update.

Jan 6 2019, 8:24 AM · Whonix 14, Whonix, user documentation, research

Jan 4 2019

HulaHoop added a comment to T523: document identity correlation attacks and defenses / Removing Apache Recommendation.

Done. You can close this ticket once you agree with edits.

Jan 4 2019, 5:58 PM · Whonix 14, Whonix, user documentation, research

Jan 2 2019

Patrick added a comment to T523: document identity correlation attacks and defenses / Removing Apache Recommendation.

Sounds good!

Jan 2 2019, 1:54 PM · Whonix 14, Whonix, user documentation, research

Dec 28 2018

HulaHoop added a comment to T523: document identity correlation attacks and defenses / Removing Apache Recommendation.

From this size comparison on Debian wiki, I think the best and most secure option is the smallest and most minimal one: micro-httpd

Dec 28 2018, 8:31 PM · Whonix 14, Whonix, user documentation, research

Dec 22 2018

Patrick reopened T523: document identity correlation attacks and defenses / Removing Apache Recommendation as "Open".

We still have the warning on https://www.whonix.org/wiki/Onion_Services.

Dec 22 2018, 12:01 PM · Whonix 14, Whonix, user documentation, research

Dec 7 2018

Patrick removed a project from T588: improve Troubleshooting / Test: Whonix 15.
Dec 7 2018, 12:07 PM · user documentation, Whonix
Patrick removed a project from T547: add user documentation for Remote Administration, Keystroke Fingerprinting, Stylometry: Whonix 15.
Dec 7 2018, 12:06 PM · user documentation, Whonix
Patrick removed a project from T521: simplify https://www.whonix.org/wiki/Documentation: Whonix 15.
Dec 7 2018, 12:04 PM · Whonix, user documentation, usability
Patrick removed a project from T567: research: Single Tor-Gateway with Multiple Workstations vs Multiple Tor-Gateways mapped 1:1 to Workstation VMs: Whonix 15.
Dec 7 2018, 12:04 PM · research, Whonix, user documentation
Patrick closed T545: apt-get Qubes instructions as Resolved.
Dec 7 2018, 11:57 AM · Whonix, Whonix 15, user documentation, Qubes

Nov 26 2018

nusenu triaged T877: Control_Port_Filter_Proxy wiki page is outdated as Normal priority.
Nov 26 2018, 2:25 PM · design documentation, Whonix 15, Whonix

Oct 13 2018

HulaHoop added a comment to T567: research: Single Tor-Gateway with Multiple Workstations vs Multiple Tor-Gateways mapped 1:1 to Workstation VMs.

Proposed implementations for multi-Tor suggested here:

Oct 13 2018, 12:44 AM · research, Whonix, user documentation
HulaHoop added a comment to T567: research: Single Tor-Gateway with Multiple Workstations vs Multiple Tor-Gateways mapped 1:1 to Workstation VMs.

The short story is that things get worse very quickly, but there is hope.
The analysis below assumes only the adversary that runs guards and not the local adversary like the host OS or the Whonix processes themselves.
In my analysis I assume a hypothetical adversarial guard bandwidth of 10% of the entire network. This is an arbitrary number since we don't know the real number, but it serves to show the trends as we increase the guards per client and number of clients per user. I do the kind of analysis we do in the Conflux[1] paper which is very relevant here, especially Table 3 and its discussion in section 5.2. I update the numbers and extend that analysis for the scenarios you have described.

  1. 1 guard/client, 1 client/user.

The adversary (i,e, the compromised guard) will have the ability to observe 10% of the clients and hence 10% users. This is the situation today.

  1. 2 guards/client, 1 client/user.

This is worse than 1 above. There is now a 18% probability that only one of the guards is compromised per client and a 1% chance that two guards are compromised per client. The probability of at least one bad guard is hence 19%. There really is not a real distinction between one or two bad guards from the user perspective since in both situations the client will go through a malicious guard in a short period of time, since the guard is picked uniformly at random from the guard set.

  1. 1 guard/client, 2 clients/user.

The observable clients again increase to 19% from the base 10% in 1 above. This means that if the user split her app (or group of apps) across the clients then there is a 19% chance that at least one of the app (groups) is compromised. However, for each client there is still only a 10% chance that a malicious guard is present. Is this configuration better than scenario 2 above? Perhaps, but let's look at the following scenario first.

  1. 2 guards/client, 2 clients/user.

The observable clients increases to 54%. This means that there is a 54% chance that at least one bad guard is present. This is worse than all the other scenarios above. However, if we fix apps (or groups of apps) to particular clients then we can compare to scenario 2 where the app group/client is analogous and the same analysis holds. Then, for each client there is again a 19% chance that there is a malicious guard present. If we compare to 3 above we can see that if we only use 1 guard/client then we can drop the exposure back down to 10% for that client and hence app group.
Taking the above into account we can get good results by keeping the guard set size to 1 and users spin up one client for each app. Then we can achieve at most 10% of apps compromised at *any given time* but not simultaneously. We can call this scenario (which is an extension of scenario 3) the 1 guard/app scenario (1G/A). See the appendix for more tweaks to decrease guard exposure.
If we want to consider 1G/A, then the next question for your user base is that is it better to either 1) have some portion of your apps compromised at *all* times (scenario 1G/A) or 2) have *all* your apps compromised some portion of the time (scenario 1). Tor tends to bend towards option 2, but then they have not considered the option of multi-client usage since it doesn't improve the situation in a non-compartmentalized setting, unlike the Whonix situation. I believe that option 2 is flawed because you never know if you are in fact currently compromised or not. It might be better to go ahead with assuming that you are compromised and mitigating that compromise to some portion of your network activity than all or nothing, which is what option 1 provides.
I hope that answers your questions. Please do not hesitate to get in touch again if you would like to discuss further. I think this is a very interesting problem area and would be happy to contribute to improving the situation.
Best regards,
Tariq Elahi
[1] http://cacr.uwaterloo.ca/techreports/2013/cacr2013-16.pdf
Appendix
We can do better if we allow a user's clients to look at each other's lists to exclude guards that are already picked. The benefit would be that once the bad bandwith has been assigned it can no longer affect subsequent guard selections. However, clients looking at each other's memory space will compromise your vision of process containment. A zero knowledge/oblivious method for comparing guard lists might work to avoid this problem, and indeed the adversarial response will be weak since the best they can do is spread their bad bandwidth over many relays and at best return to the original exposure rate (e.g. 10%) but now with added costs of running many more relays.

Oct 13 2018, 12:42 AM · research, Whonix, user documentation

Aug 17 2018

HulaHoop added a comment to T544: systemd-socket-proxyd instructions template.

Template created: https://www.whonix.org/wiki/Template:Systemd-socket-proxyd

Aug 17 2018, 8:39 PM · Whonix 15, user documentation, design documentation, Whonix

Aug 16 2018

HulaHoop closed T367: Mixmaster GUI Options as Wontfix.

Non-Debian dependencies and non materialization of TUF PyPi makes a secure way to obtain this package impossible.

Aug 16 2018, 5:42 PM · user documentation, research, Whonix, usability
Patrick placed T560: finish RetroShare over Tor port redirection instructions up for grabs.
Aug 16 2018, 5:36 PM · user documentation, Whonix
HulaHoop lowered the priority of T560: finish RetroShare over Tor port redirection instructions from Low to Wishlist.
Aug 16 2018, 5:27 PM · user documentation, Whonix

Aug 15 2018

Patrick updated the task description for T560: finish RetroShare over Tor port redirection instructions.
Aug 15 2018, 1:15 PM · user documentation, Whonix

Jul 24 2018

Patrick renamed T388: document Spoof the Initial Virtual Hardware Clock Offset for KVM (biossystemtimeoffset) from document Spoof the Initial Virtual Hardware Clock Offset for KVM to document Spoof the Initial Virtual Hardware Clock Offset for KVM (biossystemtimeoffset).
Jul 24 2018, 11:52 AM · user documentation, enhancement, security, Whonix, KVM

Jul 16 2018

Patrick closed T141: reorganize 'Computer Security Education' vs 'Post Install Advice' vs 'Security Guide' vs 'Advanced Security Guide' as Resolved.
Jul 16 2018, 4:31 PM · Whonix, user documentation

Jul 15 2018

Patrick updated the task description for T811: document multiple Qubes TemplateVMs.
Jul 15 2018, 12:18 PM · Whonix, Qubes, user documentation
Patrick triaged T811: document multiple Qubes TemplateVMs as Normal priority.
Jul 15 2018, 12:16 PM · Whonix, Qubes, user documentation

May 16 2018

Patrick added a comment to T544: systemd-socket-proxyd instructions template.

HulaHoop (HulaHoop):

HulaHoop added a comment.
seems self explanatory.

May 16 2018, 5:34 PM · Whonix 15, user documentation, design documentation, Whonix
HulaHoop added a comment to T544: systemd-socket-proxyd instructions template.

All socat mentions here with 7 results, less if we want the relevant pages only: https://www.whonix.org/w/index.php?title=Special%3ASearch&profile=default&fulltext=Search&search=socat

May 16 2018, 2:09 PM · Whonix 15, user documentation, design documentation, Whonix
HulaHoop added a comment to T544: systemd-socket-proxyd instructions template.

@Patrick seems self explanatory. How are we doing on RAM use? Is it any more or less efficient than socat after you cut down the number of spawned instances?

May 16 2018, 2:04 PM · Whonix 15, user documentation, design documentation, Whonix
HulaHoop closed T696: 32-bit OpenJDK on 64-bit Stretch as Wontfix.

I went ahead and reverted clflush restrictions to open the way for I2P by default without extra fiddling needed.

May 16 2018, 2:01 PM · user documentation, Whonix

May 9 2018

Patrick added a comment to T544: systemd-socket-proxyd instructions template.

Can you make head or tail of https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/etc/anon-ws-disable-stacked-tor.d/30_anon-dist.conf ?

May 9 2018, 11:35 AM · Whonix 15, user documentation, design documentation, Whonix
Patrick added a comment to T544: systemd-socket-proxyd instructions template.

Done. Updated package not uploaded yet.

May 9 2018, 11:35 AM · Whonix 15, user documentation, design documentation, Whonix

May 8 2018

Patrick added a comment to T544: systemd-socket-proxyd instructions template.

We'll no longer use socat. Whonix 14 will use systemd-socket-proxyd.

May 8 2018, 9:33 PM · Whonix 15, user documentation, design documentation, Whonix
Patrick renamed T544: systemd-socket-proxyd instructions template from socat instructions template to systemd-socket-proxyd instructions template.
May 8 2018, 9:31 PM · Whonix 15, user documentation, design documentation, Whonix
HulaHoop triaged T794: wiki template / broken gpg command updated as Normal priority.
May 8 2018, 1:43 AM · Whonix, user documentation