Dev/videos

From Whonix
< Dev
Jump to navigation Jump to search

Video Drafts for Whonix

Upstream[edit]

Kicksecure: Perform these steps inside Kicksecure.

Instead the user should apply the instructions inside Whonix-Workstation.

Kicksecure for Qubes: Perform these steps inside Qubes kicksecure-17 Template.

Instead the user should apply the instructions inside whonix-workstation-17 Template.

Open Drafts[edit]

What does Open Drafts mean? - These are scripts for videos which have not been produced yet. Therefore any feedback (edit suggestions) are more likely to make it in the video which is due to be produced soon.

There may be some inaccuracies in the Open Drafts.

Open Drafts should not be considered Documentation or factual statements until finalized.

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Kloak[edit]

Problem[edit]

Being anonymous on the internet is not easy, there are many way to fingerprint web users. Today we will cover web fingerprinting via keystroke biometrics and defenses against this sort of attack.

Your typing manner is unique to you, it shows:

  • Keystroke rhythm, typing speed
  • Keystroke duration until a key is released
  • The duration pauses between keystrokes
  • Most common errors
  • Whether you are likely right or left-handed
  • Rapidity of letter sequencing, indicating user's likely native language
  • Keyboard layout

The way you type is one of the fingerprints you leave on the internet when using online platforms. This print you leave can be a way to track you.

With the rise of web applications over local applications, you have to interact with a Browser, to fill a form, write an e-mail. Those actions were not common to be made in a browser in the past, so the attack surface was smaller. If you are using browser based e-mail, you are typing to a web interface that responds to your inputs immediately to provide you with features such as word suggestion, but might be used to identify you.

Poor-man solution[edit]

You can circumvent keystroke fingerprinting by not using the web interface for typing, use a text editor, preferably on a offline machine. This is rather inconvenient, as you will need to paste back the text to the web interface later on.

Kloak[edit]

Whonix provides Kloak, a Keystroke-level online anonymization kernel, its primary objective: obfuscate typing behavior at the device level. Kloak is a cloak for your typing behavior.

Kloak is a privacy tool that makes keystroke biometrics less effective. This is accomplished by obfuscating the time intervals between key press and release events, which are typically used for identification.

Kloak obfuscate key press and release events time intervals by introducing a random delay between the physical key events and the arrival of key events at the application, for example, a web browser.

Technical explanation[edit]

Kloak grabs the input device and writes delayed key events to the output device. Grabbing the device disables any other application from reading the events. Events are scheduled to be released in a separate thread, where a random delay is introduced before they are written to a user-level input device

What Kloak is not[edit]

Kloak does not protect against all forms of keystroke biometrics that can be used for identification:

  • If the user sets Kloak delay option too small, Kloak is not effective
  • Key press repetition when keys are held down are not obfuscated. If your system has a unique rate, it may be used to identify you
  • Writing style (stylometry) is still apparent
  • Mouse movement, editing style.

Demonstration[edit]

Kloak demo https://github.com/vmonaco/kloak#try-it-out

Now, to the part you have been waiting for, the demonstration.

Navigate to a keystroke biometrics analysis platform such as

We will be using three testing methods:

  • Train without Kloak, test without Kloak
  • Train without Kloak, test with Kloak
  • Train with Kloak, test with Kloak

TODO: Find key tracking site as the one mentioned above is down (2023-05-01).

Finalized Drafts[edit]

What does Finalized Drafts mean? - These drafts are not very useful to modify because the video has already been produced, pending upload. Unless there are critical issues, no changes will be recorded.

Vid #003 : What is Whonix? - Your Internet Privacy Super Tool[edit]

Everywhere you go on the internet you're leaving a lot of personal information, data and your digital fingerprints. You might think you're safe, but you're not. Big companies have trackings scripts on almost every website. And their tracing bots follow you everywhere like digital stalkers. They know your postal address, your shopping list, your plans, your desires or even worse: business and personal secrets.

Imagine a giant bucket with your face and fingerprints on it. Almost every Big Tech company has such a bucket of you, filled with your data, your political associations, your health related search history, your opinions, plans, thoughts and interests. They know more about you than you know yourself.

Historically the first attempt to get rid of internet stalker bots has been to disguise the user's IP address. The IP address is your unique digital identification card. In the design of the internet unfortunately, every user must have an IP address so websites know where to send the requested data. But this is dangerous, because now you're like an open book to internet stalkers.

Only disguising your IP address, like Virtual Private Networks promise, is insufficient. Even if you can do it, it doesn't help because internet stalkers are working around the clock and have other ways to identify you. Hiding your identity is harder than just hiding your IP.

The stalkers bots use techniques such as analysing the fingerprints of your browser, tracking your typing behaviour and even noticing little millisecond variations of your system time to accurately identify you even if you use some other tools like VPNs. And then, business as usual, they put your data into their bucket with your face on it.

That's why we invented Whonix. Whonix is your open source gateway to anonymity, your identity protector, your digital anti-stalker spray, your internet privacy super tool. Whonix is free and it's a game changer, let us explain why.

What is Whonix and why is it great for your Internet privacy?

Whonix is a Linux distribution that runs like an app in every major operating system. You get maximum anonymity for everything online - when you communicate, send crypto, share files and consume content. And like with VPNs you have access to geo-blocked websites.

With Whonix your IP but also your identity are heavily protected. Even browser fingerprinting, typing analysis and time attacks are easily warded off. Your location and your data remain a secret. Your're really and truly anonymous!

And get this! You can even anonymously host your own web service while keeping your physical location hidden!

But how does Whonix do it?

Whonix is a two component super-tool that is trusted even by Edward Snowden.

The first component is the Whonix-Workstation. It encapsulates every application without exception - be it browser, e-mail, file sharing or crypto apps.

Second, from there all traffic with no chance of foul play is routed through the Whonix-Gateway. This gateway directs all traffic through an encrypted global anonymity network safely and anonymously to your destination and back to you.

And who is Whonix made for?

Whonix is made for and funded by privacy enjoyers like yourself. It's open source and free to use for everyone. For freedom lovers and secret protectors. For researchers and truth tellers who risk their lives to change the world. Travelers and IT professionals also greatly profit from using Whonix. And if you're a real life phantom, using Whonix will be a no-brainer for you!

Are you curious? - Visit www.whonix.org and check the links in the description. And if you want to stay updated on everything anonymity and security like this video and subscribe to our channel.

Thanks for watching, have a nice day and remember: Your privacy is a human right. It is also free and within your reach - with Whonix.

Show Extensive Script (Resource for longer video)

[ General: memes bucket with your face on it; stalking bots ]


[ B: show somebody browsing the internet and leaving fingerprints ]

[ B: collectors are collecting fingerprints and sticky notes and put them into a big bucket with your fingerprint or your face on it ]

Everywhere you go on the internet you're leaving a lot of personal information and your digital fingerprints. Big companies have tracking scripts on most websites and spy on you everywhere. Their bots stalk you and know almost everything you do online. Sometimes they're finding out your postal address, your shopping list, your passwords or even worse: business data or personal secrets.

[ B: ]

Historically the first attempt to get rid of internet stalkers has been to disguise the user's IP address. The IP address is your digital reference number, an identification card of sorts. In the design of the internet, every user must have an IP address so websites know where to send the requested data.

[ B: Point out a single person out of many. ]

Your IP address is unique.

[ B: Danger symbol. ]

And that is dangerous.

[ B: Open https://iplocation.io/archive.org in Tor Browser (to hide IP of video creator)]

[ B: https://whatismyipaddress.com/wp-content/uploads/geo-acc-map.jpgarchive.org ]

It leaks your approximate physical location, often down the street level.

And your Internet Service Provider (in short, ISP) also stores a link to your activities under your real IP. So your IP address is like a sign with your face on it.

Only disguising your IP address is insufficient. Even if you can do it, it doesn't help because internet stalkers are working around the clock and have other ways to identify you. Hiding your identity is harder than just hiding your IP.

[ B: table left side: IP-based tracking; right side: non-IP based (other) tracking techniques symbols and names ]

There are IP-based and non-IP based (other) tracking methods that are used by internet stalkers.

[ B: gloves protection ]

What is Whonix and why is it great for your Internet privacy? Let's find out together!

[ B: show icons, Windows, macOS, Linux ]

Whonix is a Linux distribution that runs like an app in every major operating system.

It is your gateway to privacy. You get maximum anonymity when you communicate, send crypto, share files and consume content and so forth. And you have access to geo-blocked websites.

[ B: https://www.whonix.org/wiki/Hosting_Location_Hidden_Servicesarchive.org ]

[ B: https://www.whonix.org/wiki/Onion_Servicesarchive.org ]

With Whonix, you can even anonymously host your own web service while keeping your physical location hidden.

[ B: https://www.whonix.org/wiki/File:Elite_Spy_Defense_1.pngarchive.org ]

[ B: https://www.whonix.org/wiki/File:Elite_Spy_Defense_2.pngarchive.org ]

Whonix comes with an Elite Spy Defense and provides a full spectrum anti-tracking protection.

But why do you need Whonix? Isn't everything pretty safe with HTTPS already?

No. The Internet wasn't designed with privacy in mind let alone with all the sophisticated commercial data harvesting companies. And it shows. Even with HTTPS you're still as transparent as can be.

[ B: (the S in green colors) (make some space between http and s)] [ B: show URL bar http vs https ]

HTTPS is the evolution of the Internet Protocol HTTP. The S in https stands for secure which means the connection between your browser and the website is encrypted. Most websites nowadays support https.

But even with HTTPS your internet service provider knows which websites you visit. For one, because every website server has an IP address which is necessarily well known due to the design of the internet.

Furthermore, even if multiple websites are reachable on the same IP address, your ISP can accurately guess the sites you're visiting by a process called website traffic fingerprinting.

Every external service on a website can know your identity too, through techniques such as browser fingerprinting, typing analysis and time based tracking. This means even your computer's time can be exploited for the purpose of following you everywhere on the internet.

So you're thinking, you google something and then once you clicked on the website, you have a bit of privacy from Google. Unfortunately, most likely not so. Each link from Google isn't a normal link to a website. It's a specific tracking link so Google knows which links you clicked. But at least then when you're on a website, do you have a bit of peace from Google stalking you? - If you click another link on the website that you just visited and go to another link? Unfortunately, most likely also not so.

[ B: Google adsense statistics link ]

Google Adsense runs on over 38 million websites.

[ B: https://w3techs.com/technologies/details/ta-googleanalyticsarchive.org ]

And if it's not Google Adsense, it might be Google Analytics, Google Analytics which is used by 85 % of all websites. Even if you happen to find a website without adsense or analytics, there's Google Fonts or any of the many other Google APIs. Since Google has some sort of script on almost all websites, Google gets your IP address every time and can paint an almost complete picture of your online activities.

[ B: Big bucket with face and fingerprint. Stalking bots throw in papers ]

The big data harvesters can know everything you do on those websites and once you have been identified they add it to their gigantic virtual profile of you, a big bucket with your face on it. And that's just Google. Imagine Facebook, Twitter, YouTube and every other small or big embedded service then you have an idea how secure and private you really are. You are not.

[ B: Whonix promo image ]

That's why we developed Whonix - a security hardened privacy first application for your desktop, available on all major operating systems. Whonix anonymizes everything you do online. Whonix routes your internet traffic through a globally distributed anonymity network, called Tor. It also prevents leaky or scammy applications from leaking your IP to malicious third parties.

Who is Whonix made for?

The short answer: Everyone who likes to remain secure and anonymous on the Internet.

  • This might be a casual YouTube viewer who doesn't like the algorithm to know them better than they know themselves.
  • This might be a business owner or CEO securing or sharing sensitive work data.
  • Could be a traveler enjoying his favorite content from other countries.
  • Or a researcher trying to circumvent censorship.
  • It might be an expert in a café overcoming unreasonable Wi-Fi restrictions to take part in a critical business meeting.
  • Or it may be a journalist working under an autocratic regime who needs anonymity or their life could be in jeopardy.
  • It could also be someone who doesn't like to have their search engine decide what they should or shouldn't see based on their virtual profile.

Whonix already has a sizable user base and a ten years history of success. And we strive to keep it that way.

How does Whonix work?

Whonix runs in a virtualizer and encapsulates every application in the Whonix-Workstation - be it browser, e-mail, file sharing or crypto apps. From there all traffic without exception and with no chance of foul play is routed through the Whonix-Gateway and a global anonymity network safely and anonymously to your destination.

[ B: https://www.whonix.org/wiki/Why_does_Whonix_use_Tor#Onion-Layered_Encryptionarchive.org ]

Your data travels inside a digital tunnel where no one can see what is happening from the outside thanks to onion-layered encryption.

That way you don't need to worry about internet stalkers and mass data harvesting businesses.

Your IP address is disguised, which is the relatively easier part but also non-IP based (other) tracking techniques are stopped, which is the hard part.

Your data is encrypted and hidden from your service provider and malicious third parties.

In contrast to VPNs, Whonix not only does have a strict no-logs policy, it also has a no-logs design, so even if we wanted to know, we just cannot. Your online activity is your and only your business.

Whonix features keystroke anonymization which prevents trackers and profilers to recognize you based on your typing behavior. Whonix also has defenses against time anti-anonymization, against browser and website traffic fingerprinting. It's very hard if not outright impossible to identify you even for elite profilers when you're using Whonix.

When and where should you use Whonix?

If you're conducting business that no third parties should know, start up Whonix and enjoy secure and anonymous internet activities such as web browsing.

If you don't want to be tracked, analysed and manipulated based on what the website knows about you, use Whonix.

If you want to access blocked websites or watch your favorite but geo-locked content, start up Whonix and go through a remote server in another country.

If you often use extremely unsecure connections like public Wi-Fi where your data can be stolen or malware can be injected in your device, use Whonix.

If you want to avoid unlawful corporate or government surveillance, start up Whonix.

If you want to legally use file-sharing but your service provider throttles your traffic anyway, avoid it by using Whonix.

What makes Whonix special?

Whonix was developed based on the latest Free and Open Source security and anonymity research. Best practices are constantly updated and known vulnerabilities closed.

Whonix provides high speed and security — and it works like a charm. We claim Whonix is the superior Internet privacy solution for good reason. It may not be as well known as VPNs yet, but in the matter of security and anonymity it surpasses them easily. Whonix solves a lot of problems that VPNs don't even think about. And while it's powerful it's also fast and easy to install. Meticulous user can also audit and debug Whonix, because everything is Open Source and Freedom Software, so you don't need to trust, you can check for yourself.

How do I install Whonix?

It's easier than you think. - Get Whonix. - And you're ready to go. Start Whonix whenever you want to be secure and anonymous on the Internet.

Your internet security journey starts with only one click. Get Whonix today!

Thanks for watching, have a nice day and remember: Your privacy is a human right. It is also free and within your reach - with Whonix. To give Whonix a try [pause 0.01s] visit www. whonix .org . Or watch [pause 0.01s] this [pause 0.01s] featured video.

Vid #002 : Whonix - Superior Internet Privacy[edit]

Show Script

Welcome to Whonix - The Superior and Free Internet Privacy Solution!

Say you're writing an email to a business partner regarding business secrets and customer data. Would you want this information to go through Big Tech servers analysing everything for their own gain?

Say you're buying products with crypto currency. Would you want someone to spy out your crypto keys using known vulnerabilities in your browser and operating system?

Say you're visiting websites and you are active on social media. Would you like internet tracking companies to track, analyse and profile your every move and sell your digital record to advertisers and scammers?

[ B: https://www.whonix.org/#vpnarchive.org ]

Certainly you've heard of VPNs. But virtual private networks aren't nearly as save and anonymous as they claim. They hardly solve one problem while creating others. The cannot truly hide your identity. And some of them lost or even voluntarily compromised user data.

Enter Whonix. With 12 years of experience and thousands of satisfied users we claim to be the superior Internet privacy solution. For good reasons.

Whonix is a fully featured, Linux based, security hardened operation system that runs like an app in your current operating system. Install a virtualizer, run Whonix like an app and you're good to go.

[ B: https://www.whonix.org/wiki/Why_does_Whonix_use_Tor#Need_to_Know_Architecturearchive.org ]

Browse the way it is meant to be - in the most anonymous way possible - with Whonix. Your IP address is hidden not by 1, not by 2, but by 4 servers with a bulletproof cloaking system on a need to know basis. We make sure that no application can make unsafe Internet connections because we force every connection originating from your Whonix-Workstation without exception through your secure Whonix-Gateway. VPNs cannot accomplish this. Whonix can.

We round this up with top-notch anti-tracking features, anti-keystroke-tracking measures, anti-time-attack defenses, an advanced firewall, a read-only live mode, kernel hardening features and so much more.

So what do you pay for Whonix? - Whatever and whenever you feel like it. Because Whonix is free. Whonix is not only Open Source and Freedom software. Whonix is also free and independently funded by anonymity enjoyers like yourself.

We hope you give it a try at www.whonix.org - because privacy is a human right.

Vid #001 : Whonix vs VPNs[edit]

Show Script

Superior anonymity - Whonix vs. VPNs (Virtual Private Networks)

Being anonymous on the Internet is a challenge. On the surface it seems easy: HTTPS protects normal users, the paranoid use a VPN, everything is fine, end of story.

For those who pay attention however the story flips to the opposite. It almost seems impossible to be anonymous on the Internet today.

Your IP leaves traces of you on every server it touches. Your Internet service provider knows who you are and what you consume. Your browser becomes a digital billboard with your face on it. And every scammer, corporation and government agency can track, trace, analyze and exploit your data.

Enter: Virtual private networks. VPN providers have quickly conquered the anonymity market with the promise of Internet security and privacy. But how good are VPNs? Do they really protect you or is it all marketing? And most importantly: Is there a better solution?

The short answer: They are not as good as they claim. And yes, there is a way safer alternative called Whonix.

Let's look at VPNs first. They hide your IP and they are fast, true. But while they provide data privacy protection from your Internet Service Provider, they themselves are completely aware of both what you send and who you are - which means they could be forced or bribed by powerful players into handing over your information.

[ B: https://theintercept.com/document/2014/03/12/vpn-voip-exploitation-hammerchant-hammerstein/archive.org ]

Anyone who hacks their servers also knows this info.

[ B: https://www.whonix.org/wiki/Fingerprint#Website_Traffic_Fingerprintingarchive.org ]

Website Traffic Fingerprinting: The HTTPS tunnels of your VPN cannot hide the features of the webpages you visit. Advanced spies can exploit this and thereby detect what you are doing even inside your VPN connection.

[ B: https://www.whonix.org/wiki/Data_Collection_Techniquesarchive.org ]

Browser Fingerprinting: Your browser is the equivalent of a chatty partner. It tells every server on the Internet about its house, its children and what it had for lunch. Profiling servers use this specific data to recognize your browser and therefore recognize YOU everywhere you go on the Internet even without knowing your IP.

This is usually done with super-cookies and other techniques. But this kind of profiling goes so far that they can identify you only based on your system time because it might vary a couple of milliseconds from other users.

[ B: https://www.whonix.org/wiki/Keystroke_Deanonymizationarchive.org ]

Even your keystrokes, your pattern of typing can be used to identify you.

And VPNs also cannot protect you from applications that trick your browser into connecting to them directly and not through the VPN tunnel. This is called "clearnet risk".

[ B: https://arstechnica.com/information-technology/2019/10/hackers-steal-secret-crypto-keys-for-nordvpn-heres-what-we-know-so-far/archive.org ]

VPNs are also vulnerable to "Man in the middle" and other hacker attacks.

[ B: https://www.whonix.org/wiki/The_World_Wide_Web_And_Your_Privacyarchive.org ]

But most importantly: As the VPN hides a lot of your data from your Internet service provider now the VPN provider becomes the keeper of your little Internet secrets instead.

[ B: https://www.whonix.org/wiki/Whonix_versus_VPNsarchive.org ]

Good VPN providers of course will keep those secrets to themselves.

[ B: https://www.computerweekly.com/news/252466203/Top-VPNs-secretly-owned-by-Chinese-firmsarchive.org ]

But the bad ones will sell them to the same corporations and government agencies from whom you were hiding them in the first place.

[ B: https://www.whonix.org/#vpnarchive.org (Whonix VPN comparison table on the Whonix homepage) ]

Whonix does it differently. Where VPNs are anonymous by policy Whonix is anonymous by design. Where VPNs need your trust Whonix offers you to verify its legitimacy.

[ B: scroll through https://www.whonix.org/wiki/Reasons_for_Freedom_Softwarearchive.org ]

Whonix is Open Source, Freedom Software. It is the most watertight privacy operating system in the world with an already sizable user base. Our team has a 10 year success story of development, research and checking every security leak, every vulnerability, every hack regarding OS and Internet security. We harden Whonix again and again to make it the best privacy and anonymity solution available.

[ B: https://www.un.org/en/about-us/universal-declaration-of-human-rightsarchive.org scroll down to Article 12 ]

Thanks for watching, have a nice day and remember: Your privacy is a human right. It is also free and within your reach.

[ B: https://www.whonix.orgarchive.org ]

To give Whonix a try visit www.whonix.org .

[ Youtube Link to Whonix Vid#1 ]

Or learn more about what makes Whonix special and how it works in this video ...

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!