Discussion in 'privacy technology' started by wilder7500, Mar 3, 2014.
In your opinion, which is most anonymous, Tails or Whonix?
Setting the technical stuff aside it is hard to tell. Getting "caught" by "them" while using one and not the other will tell you the difference more than anything else.
Let's not set aside what heavily determines if you get " "caught" by "them" ", THE TECHNICAL STUFF.
Although both Tails and Whonix use the Tor network, their threat models are distinct.
Tails focuses on using Tor securely without memory (the amnesiac part of its name). It's basically a hardened LiveCD that securely uses Tor, runs the Tor-browser, and thoroughly wipes RAM at shutdown. Although it can save files when run from USB flash, that's rather contrary to its focus.
Whonix focuses on using Tor securely, and protecting against threats that break or bypass the Tor client. It isolates workspace and Tor client in separate VMs. There's nothing about being amnesiac.
Both use Tor browser hardening. But Tails uses standard Firefox, while Whonix uses Debian Iceweasel. Both do lie, and claim to be Windows Explorer. But still, Tails looks more like the Tor Browser Bundle, which is far more popular than either Tails or Whonix. So in that sense, Tails is arguably more anonymous. But Whonix protects better against exploits that seek to kill Tor and leak the ISP-assigned IP address. So in that sense, Whonix arguably provides more durable anonymity.
Thanks, that's a very good explanation. I think Tails uses Iceweasel, at least that's what it says when you click Help > About Torbrowser.
You mean more anonymous as in more people use the Tor Browser Bundle therefore you don't stand out as much, as opposed to more anonymous as in your IP will be better hidden in Tails (unless of course it is leaked) right?
What in your opinion would be a safe base distro to run the two Whonix VMs on?
Au contraire mon ami, Tails uses Iceweasel, not standard Firefox! Arguably, however, Iceweasel is in fact a Firefox derivative without the Firefox identities in its DNA, and ports the prefs.js from the Tor Browser Bundle if I am not mistaken.
I thought that I knew that. You can tell that I don't use Tails, I guess
Yes, that was my point, except that both use Iceweasel.
The concern is that a partial compromise of the setup would reveal that Iceweasel, rather than Firefox, was the actual browser. And so you would be revealed as using Tails/Whonix instead of TBB, and would be an anonymous member of a smaller crowd.
Unless there are bugs in Whonix, it hides your IP better than Tails does. With Tails, an exploit that rooted the OS would allow an adversary to mess with Tor and iptables, and see the ISP-assigned IP. If that happened in Whonix, the adversary would then have to (1) break out of the Whonix workstation VM, (2) get root on the host machine, and (3) mess with Tor and iptables in the Tor gateway VM. That's harder, no?
I'd go with Debian or CrunchBang (aka "#!"). CrunchBang is very much stock Debian, mostly using the Debian repositories. But it uses OpenBox as desktop, which takes some getting used to. All menu access involves right clicking on the desktop, although there are hotkeys. But it's very light, running well in ~500 MB.
Do you use CrunchBang because it starts up quicker than Debian, or do you feel it's more secure since, I guess, it contains less packages?
Do you feel this would be a secure setup: CrunchBang as base distro, the two Whonix VMs for anonymous surfing, another VM running Crunchbang for non anonymous stuff. Say you you use Whonix sometimes then other times you may not care that someone knows your IP, like if you watch a video and you just want the fast raw connection speed without the tor network. The base distro would never do anything other than update itself.
I'm not saying that CrunchBang is more secure than Debian. I'm just saying that it uses less resources, and that I doubt that it's less secure than Debian. When you're running a host OS and many VMs, being able to run well with 500 MB vs 700 MB starts adding up.
That would work, yes.
But VMs don't take much space, so you can have ten different Whonix instances, used for different things. They take about five minutes max to import, so you can use an instance once and then nuke it. You can have several pfSense VMs, with different VPN clients. And so on ...
Tails uses Debian Iceweasel.
Whonix uses the Tor Browser component of the Tor Browser Bundle (TBB), downloaded and verified directly from The Tor Project (TPO).
As far as Whonix is concerned, user agent is:
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
- same as TBB.
No. While Whonix uses Tor Browser, hence looks no same as Tor Browser, Tails' browser can be fingerprinted. They talk about it on this page:
(under "For the websites that you are visiting")
Iceweasel might be more popular among internet users, but Iceweasel over Tor (without leaks) wouldn't be more anonymous than TBB (source level patched Firefox + Firefox add-ons). This is because due to linkablity and browser fingerprinting Iceweasel can be easily tied down to the same pseudonym. Links to Tor Browser source level patching, linkablity and browser fingerprinting can be found here:
(Tails uses Tor Button as well, but as they say, fingerprint isn't same as TBB.)
For the reasons named above, I would argue, from browser fingerprinting viewpoint, Whonix is more anonymous. However, Tails has other advantages such as better multi language support, being amnesic, etc..
Thanks for correcting my errors.
I was very being distracted and careless.
what would theese be used for?
@adrelanos, thanks for the contrib
Is there anything else that could be added to the setup I described in post #10 that would make it more secure/anonymous?
They're firewall/router VMs. They work very well running OpenVPN (and IPSec), And they're designed with an easy to use interface for securing connections with routing and firewall rules.
I am not taking sides in this "do VPNs improve or worse anonymity" "left wing vs right wing" controversy. But a collection of these arguments for both sides has been written by me and extended by others a while ago:
Whonix's host operating system specific documentation can be found here:
It links to another page, which dismantles common long-lasting rumors about allegedly secure operating systems, not by making claims, but by asking the right questions, which no one who repeated such a rumor could ever come up with any answer:
Less packages or not, I wouldn't think that automatically makes it safer.
Just to be clear, I'm not claiming anything like that.
I've started using CrunchBang for practical reasons. It installs very quickly, about as fast as Debian does for a minimal non-GUI installation. And with OpenBox instead of KDE, it uses less disk, and less RAM. Also, I've found OpenBox much easier to use via high-latency RDP/TLS links.
Although CrunchBang waldorf does use its own "main" repository, it notes "Compatible with Debian Wheezy, but use at your own risk." It does use the Debian "wheezy main contrib non-free" and "wheezy/updates main" repositories. Conversely, Ubuntu uses only its own repositories.
Given that, is it accurate to say that CrunchBang is far more like Debian than Ubuntu is? Is that arguably so about security? Would it be better to do a minimal Debian installation, and then install OpenBox etc?
@adrelanos, do I understand this correctly, you can install anything you want in the Whonix workstation, even malicious code (not that I would), and it can't leak your IP to the gateway?
Could code not be written specifically to attack Whonix when the main structure of the setup is known?
Without an exploit, there can be no IP leaks. With enough exploits, an adversary can break out. See attack matrix:
Been running Whonix for a while, works great.
IMHO, the question is : what exactly are your needs ?
You can also build your own live-OS based on a more secure distribution and add a few more anonymity tools and remove all that stuff you will never use. And last but not least, it will be less ugly ! Then, you will get the best for you, and for you only.
Tails of course. Snowden used it.
Separate names with a comma.