Whonix 14 has been Released Clearnet Link: https://forums.whonix.org/t/whonix-14-has-been-released/5404 Onion v3 Link: http://forums.dds6qkxpwdeubwucdiaor...wsyd.onion/t/whonix-14-has-been-released/5404
Been using Whonix 14 for about 2 weeks now. My only issue is this stuff popping up whenever I start the VMs. It's a minor annoyance, but it's nonetheless an annoyance. https://i.imgur.com/st7vykp.png
yes its known issue for whonix 14, you can easily overcome it by: https://forums.whonix.org/t/kdesudo-error-popup-window-sdwdate-gui/5642/13
That "fix" breaks sdwdate-gui though, as mentioned by the developer in the post below the one you linked.
The “System Settings” > “Startup and Shutdown” > “Desktop Session” > “Start with empty Session” solution from direct link https://forums.whonix.org/t/kdesudo-error-popup-window-sdwdate-gui/5642/13 don't break sdwdate-gui. ^adrelanos
Any news / discussion / social channels Whonix should set up? Any of telegram, whatsapp, gab.ai, d.tube, bitchute, peertube or anything else? ^adrelanos
For messaging, Briar and Ricochet are arguably the most secure and private options. Both are fully P2P, with no third-party servers involved. Each client runs a Tor .onion service, and there's end-to-end encryption. So users are mutually anonymous, except for their .onion addresses. Both are free and open-source. However, Briar is available only for Android. But Ricochet is available for Linux. Tox and Ring are also fully P2P, with no third-party servers involved. They're both end-to-end encrypted, with perfect forward secrecy. By default, users see each other's IP addresses. But maybe they'll work via Tor, if TCP-only mode is possible. They're both free and open-source, and available for Linux. Ring is reportedly less buggy than Tox. A key downside of fully P2P apps is that conversations are fully device-specific. Even if you have the app on your phone and your laptop, for example, conversations aren't shared between them. Also, P2P doesn't deal well with users being offline. For the rest, all bets are off. In their privacy policies, Signal,[0] Telegram,[1] and WhatsApp[2] say that they may disclose such account information as IP address and phone number when legally required. All three are available for Linux. Although account creation requires SMS or voice verification, there are more-or-less anonymous options for that. I don't know whether TCP-only mode is possible, for connecting via Tor. Signal is arguably the most secure and private mainstream messaging app. It's free, ad-free and open-source. It's end-to-end encrypted, with perfect forward secrecy, using a protocol that generates a new encryption key for each message. It has a P2P mode, and self-destructing messages are an option. WhatsApp is the most popular end-to-end encrypted-messaging app. It's not open-source, but it is free and ad-free. It now uses the same end-to-end encryption as Signal, and it supposedly doesn’t store messages on servers. However, it's owned by Facebook, which can log metadata. Telegram is, in many ways, much like Signal. However, although it's free and ad-free, it's not open-source. In "secret chat" mode, it's fully P2P (not via Telegram servers) with end-to-end encryption and perfect forward secrecy. Self-destructing messages are also an option. However, it uses custom MTProto symmetric encryption, which some argue is insecure. And it's closed-source, and so hasn't been independently audited. 0) https://www.signal.co/privacy-policy/ 1) https://telegram.org/privacy 2) https://www.whatsapp.com/legal/
Do you have a source for Secret Chat being P2P? Afaik they still go via their server. I'm a big disliker of Telegram. They advertise it as a secure messenger but end-to-end encryption is not used by default, is only available on 1 device and there is no e2e encrypted group chat. Chats without e2e are saved on their servers. There is some sort of visualized public key to protect e2e chats from MitM attacks, but it does not alert you if it changes, so it is useless unless you check it every time you communicate with it. Telegram also uploads your contacts phone numbers and full names to their servers(without hashing.) It is possible to block this but you and your contacts will probably end up on their servers anyway if just a few of your contacts don't block it. They claim they need this information to give users a notification like "Contact X is now using Telegram." First of all, it says a lot about them if they value something like that over privacy, secondly, it is not even necessary because it the contact information can also be compared locally, like Signal does.
I hadn't seen the issue about Telegram uploading contacts to their servers. If that's the case, they're not a secure and private option. Do you have a cite for that? What about Signal? Is it clear that they don't upload contacts? https://www.tomsguide.com/us/pictures-story/761-best-encrypted-messaging-apps.html#s4 But that's distinct from "secret chats", which are apparently P2P. https://heimdalsecurity.com/blog/the-best-encrypted-messaging-apps/ I don't believe that either Signal nor Telegram offer P2P end-to-end encrypted group chats. And actually, I don't recall seeing any apps with P2P end-to-end encrypted group chats. Even Briar, Ricochet, Tox or Ring. Do you know of any?
Yes: https://news.ycombinator.com/item?id=6915194 https://telegram.org/privacy Signal only uploaded SHA256 hashes of phone numbers. The problem with that is that there are a limited amount of phone numbers, so the hashes could be reversed. Now they're doing the serverside stuff in a SGX secure enclave so the servers has no access: https://signal.org/blog/private-contact-discovery/ I'm not reading that as that they're P2P, but as your messages are not saved on the server so you don't have the convenience as with normal messages: standard Telegram chats are saved on the server/cloud, so when you add a new device, it can access your entire message history. Indeed, Signal does offer E2E encrypted group chats contrary to Telegram, but not P2P. Tox does offer group chat, but I don't know if it is also P2P like their normal chats.
OK, it sounds like Telegram is insecure. And Signal is iffy. So we're left with Ricochet, and maybe Tox and Ring.
Signal has groups but it's not possible to mute/kick people so it's unsuitable for a public chat group. > Any news / discussion / social channels Whonix should set up? Clarification: that refers to a public chat room. So ricochet for example is nice for private chats but not really suitable for a public chat, modern IRC replacement. Telegram looks better but I agree with all the issues mentioned here. I don't think Tox / Ring are used for public group chats either?
Ah. I thought that you were talking about pre-installing on Whonix. What about hosting a secure IRC channel, and making sure it's accessible via Tor? I've seen a few sites use Discord for group chat. And Everipedia uses Telegram for chat, and Reddit for discussion. Maybe another option is Keybase Teams. But I've never used it.
Hardened Debian - Security Focused Linux Distribution based on Debian - In Development - Feedback Wanted! https://forums.whonix.org/t/hardene...on-debian-in-development-feedback-wanted/5943 ^TNT
Ring doesnt support Tor connection yet (on work) https://git.ring.cx/savoirfairelinux/ring-project/issues/495 Tox stopped supporting Debian , which is whonix based on https://blog.tox.chat/2018/02/shutdown-of-the-debian-and-ubuntu-package-repository/ ^TNT
I'm not so familiar with public chat alternatives, sorry. [Offtopic] Is Briar not a maybe or does it have downsides?(I'm not familiar with it)
I was thinking that Briar is available only for Android, and so it's not relevant for Whonix. But this is for chat about Whonix, not necessarily using Whonix, so But still, most Whonix users are on PCs, so Android-only is perhaps unworkable.
whonix can be useful in torrifying android based OS running inside virtual machine (vbox,kvm,qubes ..etc) by connecting Whonix Gateway to X OS (X could be any OS even the malware OSs like windows/mac..etc) ^TNT
preload to increase system performance? https://forums.whonix.org/t/preload-to-increase-system-performance/5364 ^TNT
Yes, that would be very useful. For Tails, when running on hardware, wiping RAM at shutdown suffices. But I don't believe that VMs can wipe host RAM. So encrypting RAM in the VM would work as an alternative. Even so, there are probably other traces left on hosts after VMs run. Best practice is using FDE on hosts, including all swap space, and shutting them down when not in use. And configuring them to wipe RAM at shutdown wouldn't hurt
Removed from Whonix meta packages dependencies due to Debian issue. Enigmail 2.0 needed in Stretch after Thunderbird 60 upload https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909816 2 Workaround: manually install Thunderbird etc. sudo apt-get install thunderbird https://forums.whonix.org/t/sudo-ap...ges-will-be-removed-enigmail/5968/9?u=patrick