Protocol Leak and Fingerprinting Protection ‎

From Whonix
Jump to navigation Jump to search

Protection from IP Leaks, DNS Leaks, Protocol Leaks and Fingerprinting. Analysis of host hardware identifiers visible or hidden inside virtual machines.

Introduction[edit]

Whonix cannot do the impossible and magically prevent every kind of protocol leakarchive.org and identifier disclosure:

Tor provides only anonymity for DNS and the transmission of the TCP stream. Everything inside the stream, the application protocol, needs to be scrubbed. For example, if the application uses advanced techniques to determine your real external IP and sends it over the anonymized TCP stream, then what you wanted to hide, your real external IP, isn't hidden.

...

Many applications can also leak other problematic and/or sensitive data, such as:

  • Your real external non-Tor IP address, as described above
  • Your time zone (for example: IRC clients through CTCP)
  • Your user name (for example: ssh through login)
  • The name and version of the client or server you are using (for example: Apache web server leaks software name and version number; IRC clients leak client name and client version number through CTCP)
  • ​Metadata can be a risk. Click ​MAT and read 'What is a metadata?' and 'Why metadata can be a risk for your privacy?'
  • Depending on your Mode Of Anonymity you obviously shouldn't mix your use of protected (anonymous) applications with applications not passing through the Tor network or some other form of anonymity. For example, if a login name or password of yours can be traced back to your personal identity, then you are defeating the purpose entirely. Tor can not protect you from this kind of activity
  • Even sending the contents of your RAM can be dangerous. (For example: error reporting, leading to Transparent Proxy Leaks)
  • A lot of information which the application sends on request from a server (for example: most web browsers beside the Tor Browser)
  • Hardware serial numbers might be used for fingerprinting and in the worst case scenario, lead back to you.
  • License keys of non-freedom software is often transmitted and might lead back to you.

Despite the many risks, Whonix is designed to offer multiple layers of defense for the best possible protection against inadvertent deanonymization.

Whonix Advantages[edit]

Protection Against Serious Leaks[edit]

Whonix protects against the most dangerous leak categories outlined below, which would otherwise divulge the user's real identity (remotely or directly):

  • The real, external, non-Tor IP address is hidden due to the fundamental Whonix design, use of an isolated proxy, and the Whonix-Gateway Firewall. [1]
  • The same applies for DNS[1] requests; they are safe. [2]

Numerous Default Applications are Pre-configured Against Leaks[edit]

Developers have taken care to prevent common applications from leaking information that could identify users, including:

  • Stream Isolation: Configuring applications to use their own SocksPort, thus preventing Identity correlation through circuit sharing.
  • Browser fingerprinting: Whonix includes Tor Browser by default. The browser fingerprint is as good (or bad) as using the normal Tor Browser bundle from torproject.org
  • GPG: /home/user/gpg.conf is optimized for privacy; see footnote. [3]
  • ssh: Without Whonix, the syntax for ssh is user@hostname [...]. However, if a specific user is not nominated before @hostname, the operating system user name will be utilized instead. If that value is something identifiable, then anonymity is broken. Since Whonix defaults the user name to user, in the worst case only the username user can be leaked, which is harmless. [4] [5]
  • Default Application Policy

Many protocol leaks are already documented, see: Documentation and TorifyHOWTOarchive.org for further information.

Identifiers[edit]

In addition to protocol leaks, there are also a range of identifiers that can be used for fingerprinting by adversaries for anonymity set reduction (for example, the time zone), or even for complete deanonymization (for example, if the user name was set to John Doe). Such identifiers are described below.

Software Identifiers[edit]

Table: Software Identifiers

Category Description
Color depth The default color depth is 24-bit for all Whonix users. [6] [7]
Desktop Resolution
  • Non-Qubes-Whonix VM users: The desktop resolution setting set to 1920x1080 with the (virtual) refresh rate set to 60. [8] Virtualizer will scale down resolution deepening on host screen resolution.
  • Qubes-Whonix VM users: up to dom0 setting.
  • [9]
Fonts All Whonix users have the same list of fonts installed. [10] [11] [12]
Hostname The hostname is set to host. [13]
Internal (virtual LAN) IP address
Long host name (FQDN) The long host name (FQDN) is set to host.localdomain [15]
Operating system updates Operating system (apt) updates are routed through their own circuit (Stream Isolation) to prevent accidental leakage of software packages and versions (if any custom software is installed) which could then be correlated with other anonymous activity. Also see: Software updatersarchive.org and Software installation Whonix-Workstation.
Time
  • Whonix-Workstation, Whonix-Gateway and the host time are all different from each other.
  • Time zone (local time) is set to UTC. [16]
  • The hardware clock is set to UTC.
  • See Whonix Time Synchronization Mechanism for further information.
User name The user name is set to user.
RAM In the worst case scenario, if RAM contents are leaked -- such as error reporting software phoning home, RAM dump if infected with malware, or Transparent Proxy Leaksarchive.org) -- this would "only" contain the RAM of the Whonix-Workstation. All non-anonymous material on the host remains safe.
Qubes Virtualbox KVM
Identical software packages [17] Differs from Non-Qubes-Whonix Differs from Qubes-Whonix Differs from Qubes-Whonix

Hardware Identifiers[edit]

These identifiers are less important because an adversary can only collect them if the user installed malicious software (for example, some copyright enforcement and anti-cheat tools collect them), or if the adversary achieves remote access by compromising a user or in some cases the root account.

Hardware identifiers are virtualizer specific issues were all virtualizers are affected and therefore unspecific to Whonix.

Table: Hardware Identifiers that require local code execution

Qubes VirtualBox KVM
Hidden CPU model and capabilities No No [18] No [19] [20] [21]
Hidden hardware serial numbers [22] [23] Yes Yes Yes
Hidden Kicksecure logo CPUID Onion Version (CPU model and capabilities) processor instruction No No No
Hidden graphic card information Yes [24] Yes [25] ?
Same amount of RAM assignment Dynamically assigned Yes, fixed Yes, fixed
Hidden sensor information [26] [27] [28] Yes Yes Yes
Hidden battery information [29] Yes No Yes
Hidden BIOS DMI information [30] Yes Yes Yes
Hidden virtual BIOS DMI information and Virtual HDD and CD serial numbers [30] [31] Yes, only virtual ones Yes, only virtual ones Yes, only virtual ones
Hidden VM UUID [32] [33] Yes Yes Yes
Hidden SLIC tablearchive.org [34] Yes, not implemented Yes, empty by default Yes, not present
HDD UUIDs are different from the host [35] Yes Yes Yes
CD-ROM UUID is identical for all Whonix users [36] Yes Yes Yes
Hidden disk UUIDs [37] Yes Yes Yes
Hidden EDIDarchive.org [38] Yes [39] Yes [40] [41] Yes [42]
See Also VM Fingerprinting
Category Description
MAC address The MAC addressarchive.org is different from the host. See also MAC Address. [43] [44]

Metadata[edit]

See Metadata.

Identifiers Design Goals[edit]

(In response to Some Linux systems (including Whonix) have a unique identifier called machine-id that doesn't change. Here is how to change it.archive.org)

Should identifiers such as /etc/machine-id:

  • A) be shared among all Whonix users all the time, OR
  • B) be unique per user per boot?

Whonix design, at the time of writing, is A). [45] It may be possible to make arguments for either option. However, upon consideration, it seems clear that A) is better.

The threat model here is that software running inside Whonix-Workstation might read the machine ID and send it to remote servers, which could then use it to fingerprint the user. This could be considered privacy-invasive software that should be avoided or even malicious software.

A) leaks "it is a Whonix user." However, the fact that "it is a Whonix user" is being leaked is realistically unavoidable. For details on why this is the case, refer to the VM Fingerprinting page and the Kicksecure logo System Identity Camouflage Onion Version wiki pages. This is a general issue and unspecific to Whonix. If an application or malware intends to track users, such applications, in most cases, could generate their own unique ID for tracking purposes. Therefore, taming identifiers such as /etc/machine-id does not help much.

The approach of Tor and the Tor Browser Bundle is also similar to A). Tor and Tor Browser do not attempt to create a fresh, random pseudonym per session. Rather, Tor and Tor Browser attempt to make all users look the same. The Tor Project coined this Anonymity Loves Company (a good web search term). Whonix attempts to be an extension of Tor and therefore follows similar design principles.

B) would not leak "it is a Whonix user," but attempting to hide that is realistically impossible as per VM Fingerprinting.

There is also an optimization conflict between perfect fingerprinting resistance against locally running malware and security hardening settings. Security hardening of the system unfortunately leaks the fact (fingerprintable) that the system has been hardened. One cannot have both perfect fingerprinting resistance and security hardening at the same time. Since perfect local fingerprinting resistance cannot realistically be established, Whonix chooses security hardening whenever such a conflict arises.

When not using VMs, locally running privacy-invasive or malicious software has even more possibilities for fingerprinting users due to direct access to hardware identifiers.

For a related wiki page on identifiers, see: Protocol Leak Protection and Fingerprinting Protection‎.

Forum discussion: Anonymize /etc/machine-idarchive.org

CPU Output Tests[edit]

TNT_BOM_BOM generated /proc/cpuinfo output which was posted to the Whonix forumsarchive.org and copied here.

CPU Test One[edit]

These are the results before running VBoxManage modifyvm Whonix-Workstation --cpuidremoveall.

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 37
model name      : Intel(R) Core(TM) i5 CPU       M 580  @ 2.67GHz
stepping        : 5
microcode       : 0x616
cpu MHz         : 2659.899
cache size      : 3072 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc xtopology nonstop_tsc pni monitor lahf_lm
bogomips        : 5319.79
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

CPU Test Two[edit]

These are the results after running VBoxManage modifyvm Whonix-Workstation --cpuidremoveall and shutting down the workstation.

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 37
model name      : Intel(R) Core(TM) i5 CPU       M 580  @ 2.67GHz
stepping        : 5
microcode       : 0x616
cpu MHz         : 2660.690
cache size      : 3072 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc xtopology nonstop_tsc pni monitor lahf_lm
bogomips        : 5321.38
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

KVM Whonix-Workstation 12 /proc/cpuinfo[edit]

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.1.2
stepping        : 3
microcode       : 0x1
cpu MHz         : 2659.914
cache size      : 4096 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 4
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm
bogomips        : 5319.82
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.1.2
stepping        : 3
microcode       : 0x1
cpu MHz         : 2659.914
cache size      : 4096 KB
physical id     : 1
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 1
initial apicid  : 1
fdiv_bug        : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 4
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm
bogomips        : 1945.60
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

KVM Whonix-Workstation 13 /proc/cpuinfo[edit]

> processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cache size : 4096 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm
bogomips : 1185.79
clflush size : 32
cache_alignment : 32
address sizes : 40 bits physical, 48 bits virtual
power management:

> processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cache size : 4096 KB
physical id : 1
siblings : 1
core id : 0
cpu cores : 1
apicid : 1
initial apicid : 1
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm
bogomips : 1173.50
clflush size : 32
cache_alignment : 32
address sizes : 40 bits physical, 48 bits virtual
power management:

KVM Whonix-Workstation 17 /proc/cpuinfo[edit]

[workstation user ~]% cat /proc/cpuinfo
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 37
model name	: Intel(R) Core(TM) i5 CPU       M 580  @ 2.67GHz
stepping	: 5
microcode	: 0x7
cpu MHz		: 2659.828
cache size	: 16384 KB
physical id	: 0
siblings	: 1
core id		: 0
cpu cores	: 1
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology cpuid pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes hypervisor lahf_lm cpuid_fault pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid tsc_adjust arat umip flush_l1d arch_capabilities
vmx flags	: vnmi preemption_timer invvpid ept_x_only ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest shadow_vmcs
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs mmio_unknown
bogomips	: 5319.65
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual
power management:

from Whonix 12 WS - qubes Q3 "cat /proc/cpuinfo" (**different PC**)[edit]

processor    : 0
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 1
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 2
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 3
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 4
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 5
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 6
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

> processor    : 7
vendor_id    : GenuineIntel
cpu family    : 6
model        : 60
model name    : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
stepping    : 3
microcode    : 0x17
cpu MHz        : 2494.312
cache size    : 6144 KB
physical id    : 0
siblings    : 8
core id        : 2
cpu cores    : 1
apicid        : 4
initial apicid    : 4
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs        :
bogomips    : 4988.62
clflush size    : 64
cache_alignment    : 64
address sizes    : 39 bits physical, 48 bits virtual
power management:

KVM vs Qubes[edit]

KVM[edit]

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.1.2
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm

Qubes[edit]

processor    : 0
vendor_id    : GenuineIntel
cpu family   : 6
model        : 60
model name   : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
flags        : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt

get-edid output[edit]

EDID[edit]

Install package(s) read-edid following these instructions

1 Platform specific notice.

2 Kicksecure logo Update the package lists and upgrade the system Onion Version .

sudo apt update && sudo apt full-upgrade

3 Install the read-edid package(s).

Using apt command line Kicksecure logo --no-install-recommends option Onion Version is in most cases optional.

sudo apt install --no-install-recommends read-edid

4 Platform specific notice.

5 Done.

The procedure of installing package(s) read-edid is complete.

sudo get-edid ; echo $?

Qubes[edit]

This is read-edid version 3.0.1. Prepare for some fun.
Attempting to use i2c interface
Looks like no busses have an EDID. Sorry!
Attempting to use the classical VBE interface

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0
        Function unsupported
        Call failed

        VBE version 0
        VBE string at 0x0 "O"

VBE/DDC service about to be called
        Report DDC capabilities

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0
        Function unsupported
        Call failed

Reading next EDID block

VBE/DDC service about to be called
        Read EDID

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0
        Function unsupported
        Call failed

The EDID data should not be trusted as the VBE call failed
Error: output block unchanged
I'm sorry nothing was successful. Maybe try some other arguments
if you played with them, or send an email to Matthew Kern <pyrophobicman@gmail.com>.
1

VirtualBox[edit]

get-edid: get-edid version 2.0.0

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0
        Function supported
        Call successful

        VBE version 200
        VBE string at 0xc7f10 "VirtualBox VBE BIOS https://www.virtualbox.org/"

VBE/DDC service about to be called
        Report DDC capabilities

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0
        Function unsupported
        Call failed

Reading next EDID block

VBE/DDC service about to be called
        Read EDID

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0
        Function unsupported
        Call failed

The EDID data should not be trusted as the VBE call failed
Error: output block unchanged
1

KVM[edit]

get-edid: get-edid version 2.0.0

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0
halt_sys: file ��y�*+, line -1216758308
        Function unsupported
        Call successful

        VBE version 300
        VBE string at 0xc4f55 "SeaBIOS VBE(C) 2011"

VBE/DDC service about to be called
        Report DDC capabilities

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0
halt_sys: file ��y�*+, line -1216720908
        Function unsupported
        Call successful

Reading next EDID block

VBE/DDC service about to be called
        Read EDID

        Performing real mode VBE call
        Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0
halt_sys: file ��y�*+, line -1216720908
        Function unsupported
        Call successful

The EDID data should not be trusted as the VBE call failed
Error: output block unchanged
1

Testing[edit]

For users and researchers that wish to reproduce, verify the output of the analysis tools used on this page, could install the following packages.

Install package(s) x11-utils lshw usbutils hddtemp lm-sensors acpi mesa-utils following these instructions

1 Platform specific notice.

2 Kicksecure logo Update the package lists and upgrade the system Onion Version .

sudo apt update && sudo apt full-upgrade

3 Install the x11-utils lshw usbutils hddtemp lm-sensors acpi mesa-utils package(s).

Using apt command line Kicksecure logo --no-install-recommends option Onion Version is in most cases optional.

sudo apt install --no-install-recommends x11-utils lshw usbutils hddtemp lm-sensors acpi mesa-utils

4 Platform specific notice.

5 Done.

The procedure of installing package(s) x11-utils lshw usbutils hddtemp lm-sensors acpi mesa-utils is complete.

See Also[edit]

Footnotes[edit]

  1. 1.0 1.1 This does not cover application vulnerabilities and exploits, which escalate from the virtual machine to the host. See: Attacks. However, by design the Whonix-Workstation does not know its own external non-Tor IP address.
  2. /etc/resolv.conf in Whonix-Workstation is configured to use the Whonix-Gateway as the DNS resolver, which is routed through Tor.
  3. Adhering to recommendationsarchive.org as per the torbirdy github repositoryarchive.org, which prevents leakage of the operating system version (no-emit-version) and other variables (on githubarchive.org).
  4. In this case it may appear that the syntax was simply copied from the manpage.
  5. The Tails OS similarly sets the username to amnesia, which is a default value not set by the user and therefore safe.
  6. To check the color depth run the following command in console. xdpyinfo
  7. Do not rely on https://ip-check.infoarchive.org or similar websites to check the desktop resolution and color depth, because Tor Button changes these values to improve anonymity; refer to the TorButton specification and Tor trac for further details. See also Browser Tests. In order to check the list of installed fonts, run. fc-list
  8. https://github.com/Kicksecure/vm-config-dist/blob/master/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/displays.xmlarchive.org
  9. To check the desktop resolution and refresh rate, run the following command in console. xrandr
  10. So long as the user or any additional software packages do not install further packages.
  11. Only three common fonts (monospace, serif, times new roman) can be detected for all Tor Browser users.
  12. Robert Ransom previously suggested Whonix should share the same list of fonts as Tails if possible. Since Tor Browser no longer leaks which fonts are installed, lead Whonix developer Patrick Schleizer does not see any advantage of this action (follow-up enquiry ignored).
  13. To check the hostname, run. host
  14. To check the internal (virtual LAN) IP address, run. sudo ifconfig
  15. To check the long host name, run. hostname --fqdn
  16. To check the time zone, run. cat /etc/timezone
  17. By default, all Whonix users have the same set of software packages installed. However, if additional software packages are installed, this advantage is lost. See also: Software updatersarchive.org.
  18. These were hidden by VirtualBox "Synthetic CPU" in the past but that feature was removed from VirtualBox. (Even then the clock speed of your host CPU was visible to all code (applications or malware) inside Whonix-Workstation.) The parameters --cpuid-portability-level or --cpuidremoveall have been tested and do not hide CPU model and capabilities either.archive.org
  19. https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/403archive.org
  20. https://phabricator.whonix.org/T449archive.org
  21. This is due to the design of virtualization platforms (VirtualBox, KVM, Xen, Qubes, VMware, etc.). Most virtualization platforms leak CPU model, capabilities and clock speed. Check. cat /proc/cpuinfo A workaround in theory could be to use an emulator instead of a virtualizer such as QEMU or bochsarchive.org. In practice however, unfortunately such emulators are slow and there might be other limitations. (Does Bochs support internal networking?)
  22. Hardware serial numbers which any applications could collect are hidden due to the Virtual Machine.
  23. It is possible to check the visible hardware yourself with the following commands. sudo lshw and sudo lspci If USB devices are attached, run. sudo lsusb Then compare the results with your host.
  24. sudo lshw -C display
      *-display
           description: VGA compatible controller
           product: SVGA II Adapter
           vendor: VMware
           physical id: 2
           bus info: pci@0000:00:02.0
           version: 00
           width: 32 bits
           clock: 33MHz
           capabilities: vga_controller bus_master rom
           configuration: driver=vmwgfx latency=64
           resources: irq:18 ioport:d000(size=16) memory:e0000000-e7ffffff memory:f0000000-f01fffff memory:c0000-dffff
    
  25. sudo lshw -C display Expected output: No output, which is good.
  26. CPU temperature, HDD temperature, S.M.A.R.T.archive.org
  27. Fortunately virtualizers hide them from the guest VM by not implementing them.
  28. To check the sensor information, run. Using hddtemp.
    • Qubes: sudo hddtemp /dev/xvda
    • VirtualBox: sudo hddtemp /dev/sda
    • KVM: sudo hddtemp /dev/vda
    Using sensors-detect. sudo sensors-detect
  29. To check the battery information, run. acpi -V
  30. 30.0 30.1 To check the BIOS DMI information, run. sudo dmidecode
  31. To see disk ids that are in use, run. sudo ls -la /dev/disk/by-id/ sudo ls -la /dev/disk/by-uuid/ Then compare the result with the host.
  32. As in explained in VBoxManage modifyhdarchive.org, this value has no relation to the host by default.
  33. To check the VM UUID, run. sudo dmidecode
  34. To check the SILC table, run. sudo cat /sys/firmware/acpi/tables/SLIC Inside the virtualizer and on the host. On the host there may or may not be not be a SLIC table. If there is none, it cannot leak into your virtualizer. If there is one, the value will not be mirrored in VirtualBox, which is fine.
  35. To check the HDD UUID, run.
    • Qubes: sudo hdparm -i /dev/xvda
    • VirtualBox: sudo hdparm -i /dev/sda
    • KVM: sudo hdparm -i /dev/vda
  36. To check the CD-ROM UUID, run. udisks --show-info /dev/cdrom
  37. Real hardware UUIDs are hidden by the virtualizer.
  38. Virtualizers routinely hide extended display identification data.
  39. See: Qubes EDID.
  40. See: VirtualBox EDID.
  41. See: KVM EDID.
  42. To check Whonix-Workstation's MAC address, run. sudo ifconfig Inside Whonix-Workstation and then compare it with the host.
  43. Disadvantages if a shared MAC Addresses would be used by all Whonix-Workstation:
    • Multiple Whonix-Workstation cannot use the Internet at the same time if they are using the same MAC address. It leads to confusing connection interruptions in either of the virtual machines.
    • The project contributors need to explain and defend the design, which takes a lot of time for little gain. (Again, it is important not to expose the host's real MAC address, but so long as the one inside the virtual machine is different, everything is in an acceptable state.)
    Advantages if a shared MAC Addresses would be used by all Whonix-Workstation:
    • It may be easier to develop ARP spoofing defense to implement authenticated connections between Whonix-Gateway and Whonix-Workstation. (This is only useful when using Multiple Whonix-Workstation.) To understand the context, please read Connections between Gateway and Workstation.
    • In some cases, applications gather the MAC address and send it to a remote server (proprietary license checks use the MAC for hardware fingerprinting). In this case a shared MAC address might be better for privacy. It however might also break the proprietary license check as this expects different MAC addresses for different customers of the proprietary software. See also VM Fingerprinting.
    • There might be an advantages of sharing MAC addresses among all Whonix versions. That would be useful in the event an application leaks the MAC address or if Whonix-Workstation was compromised. On the other hand, this would identify the user as a Whonix user.
  44. https://github.com/Whonix/dist-base-filesarchive.org

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!