sdwdate: Secure Distributed Web Date
Donate
sdwdate - Secure Distributed Web Date - in Whonix
sdwdate Documentation[edit]
- Introduction: Whonix Documentation Introduction, User Expectations, Footnotes and References, User Expectations - What Documentation Is and What It Is Not
- Whonix is based on Kicksecure™: Whonix inherits many features and principles from Kicksecure.
- Kicksecure is based on Debian: Kicksecure builds upon the stability of Debian.
- Inheritance: Therefore, Whonix is also based on Debian.
- Debian is GNU/Linux-based: Debian primarily uses the GNU/Linux as its foundation.
- Shared documentation benefits: Because one distribution is based on another:
- Inherited documentation: Little specific documentation is required for each layer.
- Shared principles: Features and principles often remain consistent across forks. Users can often follow the same instructions for both Whonix and Kicksecure.
- Keep using Whonix: This does not mean the user should switch to Kicksecure.
- Where to apply the instructions: The instructions should be applied inside Whonix.
- Wiki editors notice: This box is wiki template upstream_wiki. (Pages that link to it.)
- Comparison: Whonix versus Kicksecure
- Documentation compatibility: Since Whonix is based on Kicksecure, the user can follow these instructions for
Sdwdate
. Apply the instructions inside Whonix, not Kicksecure. - Note: Re-interpretation...
Kicksecure: Perform these steps inside Kicksecure.
Instead the user should apply the instructions inside Whonix-Workstation.
Kicksecure for Qubes: Perform these steps inside Qubes
kicksecure-17Template.
Instead the user should apply the instructions inside whonix-workstation-17 Template.
Whonix specific[edit]
Whonix sets the configuration option RANDOMIZE_TIME=true through the package anon-apps-config
in the file /etc/sdwdate.d/40_anon-apps-config.conf with the line RANDOMIZE_TIME=true.
Prerequisite knowledge: Timezone
Do sdwdate issues impact anonymity?[edit]
sdwdate failing doesn't mean deanonymization.
Even if sdwdate does not work, there is still Boot Clock Randomization.
To put it into perspective, Tor Browser Bundle on the host operating system (unrelated to Whonix) has neither sdwdate nor Boot Clock Randomization.
This is similar to asking, "How secure is Whonix?" See: Security Overview and Whonix Protection against Real World Attacks.
sdwdate-gui makes Tor issues more visible due to its graphical indication and easily accessible logs. It would be an unsubstantiated conclusion to deduce that sdwdate is the cause of Tor issues.
The timing of sdwdate issues matters. If sdwdate fails:
- A) during its first run after boot, then that's worse than
- B) sdwdate failing during any subsequent runs.
In case of A), the user would only be protected by
Boot Clock Randomization
.
In case of B), it is less of an issue because it is only for timekeeping in long-running VMs. For example, if sdwdate succeeded after boot but then only succeeded once per day in long-running VMs, that might still be good enough.
Planned sdwdate-gui enhancements include:
- Only showing sdwdate failure if sdwdate failed after boot and multiple times in long-running VMs.
- Making Tor log output (
anon-log) more accessible. This might help redirect the often misplaced attention from sdwdate to Tor.
See Also[edit]
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2024 ENCRYPTED SUPPORT LP
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!