[Whonix-devel] [qubes-users] Re: [qubes-devel] Qubes Project gets OTF funding to integrate Whonix, improve UX

Mon Jun 8 21:05:43 CEST 2015

On Mon, Jun 08, 2015 at 02:01:00PM +0000, Patrick Schleizer wrote:
> Unman:
> > On Sat, Jun 06, 2015 at 07:14:53AM -0400, cprise wrote:
> >> On 06/05/15 21:23, Unman wrote:
> >>> On Thu, Jun 04, 2015 at 01:12:52PM +0200, Joanna Rutkowska wrote:
> >>>> Hello,
> >>>>
> >>>> Here is some great news:
> >>>> http://blog.invisiblethings.org/2015/06/04/otf-funding-announcement.html
> >>>>
> >>>> In other news: Qubes Canary #3 has been published yesterday:
> >>>> https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-003-2015.txt
> >>>>
> >>>> Thanks,
> >>>> joanna.
> >>>>
> >>> Great news on the funding, congratulations.
> >>>
> >>> It isn't clear to me what features the whonix gateway provides that the
> >>> torvm/torfw combo doesn't - can someone on the whonix side help me out on
> >>> this?
> >>>
> >>> cheers
> >>>
> >>> unman
> >>>
> >>
> >> They have a detailed comparison here:
> >>
> >> https://www.whonix.org/wiki/Comparison_with_Others
> >>
> >> If you want to use non-browser apps over Tor then Whonix is better because
> >> they test for leaks and each app benefits from stream isolation. It also
> >> protects against fingerprinting, and sets up TorBrowser as the default
> >> browser (last I checked in TorVM, you had to use regular Firefox or go
> >> through a special TorBrowser setup process that isn't described in the
> >> wiki).
> >>
> > I've read that comparison and I've ploughed through lots of the whonix
> > documentation. What i haven't seen is a design document or specification
> > for the whonix gateway.
> > 
> > On the points you mention, the torvm provides stream isolation, and the
> > setup of TBB is pretty trivial and (now) well documented. I thought that
> > it was the whonix ws which provided protection against fingerprinting -
> > is this a function performed by the gateway too?
> > As for the testing, do you mean that there's some packet inspection in
> > the gateway to guard against metadata leakage or something like that? Or
> > do you mean that whonix-qubes is tested in some way that qubes isn't? If it's
> > the latter then we can pretty easily fix that.
> > 
> > There's a comment in the documentation that the whonix templates may
> > provide a more usable and robust solution for torifying traffic. As I
> > don't encounter any problems with the torvm, and haven't seen many
> > reported in the lists, I don't know what to make of this.
> > 
> > What I was looking for was some detail on what the whonix gateway
> > provides that the torvm/torfw combo doesn't. The reason why I think it's
> > important is that if there are features then I think they should be
> > ported to the torvm so that users who don't want to use
> > whonix will still benefit from them.
> > Also the advantage of a simpler system, only one code base to maintain
> > etc etc. And if there were a unified tor gateway solution the devs could
> > focus on the whonix workstation template, which is, I think, where most
> > of the anonymising configuration in the apps takes place.
> > 
> > Anyone help me out?
> > 
> > unman
> > 
> 
> For a list what Whonix does, go to https://github.com/Whonix and check
> the short summaries. ~7 pages with ~20 packages. From there you can
> click any package and view the long description, from there perhaps dig
> deeper. See also:
> - https://www.whonix.org/wiki/Dev/Design-Detailed
> - https://www.whonix.org/wiki/Design
> 
> Cheers,
> Patrick
> 
Thanks Patrick,
I was looking specifically at the whonix-gw: as I've said I've looked at
the documentation.
I think I will have to dig in to the code, and  cant seem to do this on
github as its configured. I'll clone and review.
Cheers
u