Security Reviews and Feedback
Donate
This is a list of notable reviews and feedback about Whonix security.
Reviews[edit]
- corelight Bright Ideas Blog: Profiling Whonix
- Not an audit of Whonix but an audit of software which is based on Whonix:
- ”SecureDrop [1] Journalist Workstation environment for submission handling is based on Qubes-Whonix.”
- Third party audit of integrated SecureDrop Workstation completed
- ”SecureDrop
- Cursory check of TorBOX by the creator of JanusVM (TorBOX was later renamed to Whonix)
- Quote rustybird, author of corridor, a Tor traffic whitelisting gateway:
Happy to report no leaks observed, ever.
Discussions[edit]
Tor-talk[edit]
There are a few older threads on the Tor Talk Mailing List concerning the security of Whonix / transparent proxy:
- tor-talk: Operating system updates / software installation behind Tor Transparent Proxy
- tor-talk: Obtain real IP behind Tor transparent proxy; was: Operating system updates / software installation behind Tor Transparent Proxy
- tor-talk: Risk with transparent proxy mode (was Re:Operating system updates / software installation behind Tor Transparent Proxy) - In summary,
coderman(developer of TorVM / JanusVM) had some concerns, which could be dispelled. "Looks fine from a cursory check."
Older References[edit]
This section is for older, general Whonix discussion references. It is useful to capture people's thoughts and feedback concerning the project, even if feedback is secondhand and not provided directly. Most links are found by searching for "TorBOX".
TorBOX
- Dev/ArchivedDiscussion/QUESTIONS
- Whonix on wilderssecurity.com; a few threads exist
- ra's blog; negative feedback - search for "TorBOX that they have"
- LulzSec / AntiSecOp: Want to be a ghost on the internet?; Whonix (TorBOX) is a part of their instructions
Early TorBOX and Whonix Releases
- reddit: torbox critical issue help; this only applied to
0.1.3. A workaround was provided and a fix was announced and available from0.2.0onwards - October 2012 - Whonix 0.4.5 release announcement
- tor-talk Mailing List: Whonix ALPHA 0.4.5 - Anonymous Operating System released; in summary, no answers were provided
- on debian-derivatives Mailing list: Whonix ALPHA 0.4.5 - Anonymous Operating System released; in summary it was mentioned that if VirtualBox is exploited, it is game over. This is true and already mentioned in the attack matrix
- tor-talk Mailing List: Whonix ALPHA 0.4.5 - Anonymous Operating System released
General Discussions
October 2012 - Discussions:
- Wilders Security Forum: Anonymous operating system Whonix; in summary, only questions were asked and no concerns raised
- Qubes OS Mailing List: qubes vs Whonix virtualization solution; in summary, Qubes OS is deemed safer than VirtualBox. Other than that point, no complaints were raised
- Qubes OS Mailing List: Whonix: VirtualBox vs Qubes OS; in summary, it was agreed that Qubes OS is safer than VirtualBox
Footnotes[edit]
- ↑
SecureDrop is an open source whistleblower submission system that media organizations and NGOs can install to securely accept documents from anonymous sources. It was originally created by the late Aaron Swartz and is now managed by Freedom of the Press Foundation
. SecureDrop is available in 20 languages.
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2024 ENCRYPTED SUPPORT LP
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!