Protocol Leak and Fingerprinting Protection
Protection from IP Leaks, DNS Leaks, Protocol Leaks and Fingerprinting. Analysis of host hardware identifiers visible or hidden inside virtual machines.
Introduction[edit]
Whonix cannot do the impossible and magically prevent every kind of protocol leak and identifier disclosure:
Tor provides only anonymity for DNS and the transmission of the TCP stream. Everything inside the stream, the application protocol, needs to be scrubbed. For example, if the application uses advanced techniques to determine your real external IP and sends it over the anonymized TCP stream, then what you wanted to hide, your real external IP, isn't hidden.
...
Many applications can also leak other problematic and/or sensitive data, such as:
- Your real external non-Tor IP address, as described above
- Your time zone (for example: IRC clients through CTCP)
- Your user name (for example: ssh through login)
- The name and version of the client or server you are using (for example: Apache web server leaks software name and version number; IRC clients leak client name and client version number through CTCP)
- Metadata can be a risk. Click MAT and read 'What is a metadata?' and 'Why metadata can be a risk for your privacy?'
- Depending on your Mode Of Anonymity you obviously shouldn't mix your use of protected (anonymous) applications with applications not passing through the Tor network or some other form of anonymity. For example, if a login name or password of yours can be traced back to your personal identity, then you are defeating the purpose entirely. Tor can not protect you from this kind of activity
- Even sending the contents of your RAM can be dangerous. (For example: error reporting, leading to Transparent Proxy Leaks)
- A lot of information which the application sends on request from a server (for example: most web browsers beside the Tor Browser)
- Hardware serial numbers might be used for fingerprinting and in the worst case scenario, lead back to you.
- License keys of non-freedom software is often transmitted and might lead back to you.
Despite the many risks, Whonix is designed to offer multiple layers of defense for the best possible protection against inadvertent deanonymization.
Whonix Advantages[edit]
Protection Against Serious Leaks[edit]
Whonix protects against the most dangerous leak categories outlined below, which would otherwise divulge the user's real identity (remotely or directly):
- The real, external, non-Tor IP address is hidden due to the fundamental Whonix design, use of an isolated proxy, and the Whonix-Gateway Firewall. [1]
- The same applies for DNS[1] requests; they are safe. [2]
Numerous Default Applications are Pre-configured Against Leaks[edit]
Developers have taken care to prevent common applications from leaking information that could identify users, including:
- Stream Isolation: Configuring applications to use their own SocksPort, thus preventing Identity correlation through circuit sharing.
- Browser fingerprinting: Whonix includes Tor Browser by default. The browser fingerprint is as good (or bad) as using the normal Tor Browser bundle from torproject.org
- GPG:
/home/user/gpg.conf
is optimized for privacy; see footnote. [3] - ssh: Without Whonix, the syntax for ssh is user@hostname [...]. However, if a specific user is not nominated before @hostname, the operating system user name will be utilized instead. If that value is something identifiable, then anonymity is broken. Since Whonix defaults the user name to
user
, in the worst case only the usernameuser
can be leaked, which is harmless. [4] [5] - Default Application Policy
Many protocol leaks are already documented, see: Documentation and TorifyHOWTO for further information.
Identifiers[edit]
In addition to protocol leaks, there are also a range of identifiers that can be used for fingerprinting by adversaries for anonymity set reduction (for example, the time zone), or even for complete deanonymization (for example, if the user name was set to John Doe). Such identifiers are described below.
Software Identifiers[edit]
Table: Software Identifiers
Category | Description |
---|---|
Color depth | The default color depth is 24-bit for all Whonix users. [6] [7] |
Desktop Resolution | |
Fonts | All Whonix users have the same list of fonts installed. [10] [11] [12] |
Hostname | The hostname is set to host . [13]
|
Internal (virtual LAN) IP address |
|
Long host name (FQDN) | The long host name (FQDN) is set to host.localdomain [15] |
Operating system updates | Operating system (apt) updates are routed through their own circuit (Stream Isolation) to prevent accidental leakage of software packages and versions (if any custom software is installed) which could then be correlated with other anonymous activity. Also see: Software updaters and Software installation Whonix-Workstation. |
Time |
|
User name | The user name is set to user .
|
RAM | In the worst case scenario, if RAM contents are leaked -- such as error reporting software phoning home, RAM dump if infected with malware, or Transparent Proxy Leaks) -- this would "only" contain the RAM of the Whonix-Workstation. All non-anonymous material on the host remains safe. |
Qubes | Virtualbox | KVM | |
Identical software packages [17] | Differs from Non-Qubes-Whonix | Differs from Qubes-Whonix | Differs from Qubes-Whonix |
Hardware Identifiers[edit]
These identifiers are less important because an adversary can only collect them if the user installed malicious software (for example, some copyright enforcement and anti-cheat tools collect them), or if the adversary achieves remote access by compromising a user or in some cases the root account.
Hardware identifiers are virtualizer specific issues were all virtualizers are affected and therefore unspecific to Whonix.
Table: Hardware Identifiers that require local code execution
Qubes | VirtualBox | KVM | |
Hidden CPU model and capabilities | No | No [18] | No [19] [20] [21] |
Hidden hardware serial numbers [22] [23] | Yes | Yes | Yes |
Hidden CPUID (CPU model and capabilities) processor instruction | No | No | No |
Hidden graphic card information | Yes [24] | Yes [25] | ? |
Same amount of RAM assignment | Dynamically assigned | Yes, fixed | Yes, fixed |
Hidden sensor information [26] [27] [28] | Yes | Yes | Yes |
Hidden battery information [29] | Yes | No | Yes |
Hidden BIOS DMI information [30] | Yes | Yes | Yes |
Hidden virtual BIOS DMI information and Virtual HDD and CD serial numbers [30] [31] | Yes, only virtual ones | Yes, only virtual ones | Yes, only virtual ones |
Hidden VM UUID [32] [33] | Yes | Yes | Yes |
Hidden SLIC table [34] | Yes, not implemented | Yes, empty by default | Yes, not present |
HDD UUIDs are different from the host [35] | Yes | Yes | Yes |
CD-ROM UUID is identical for all Whonix users [36] | Yes | Yes | Yes |
Hidden disk UUIDs [37] | Yes | Yes | Yes |
Hidden EDID [38] | Yes [39] | Yes [40] [41] | Yes [42] |
See Also | VM Fingerprinting |
---|
Category | Description |
---|---|
MAC address | The MAC address is different from the host. See also MAC Address. [43] [44] |
Metadata[edit]
See Metadata.
Identifiers Design Goals[edit]
(In response to Some Linux systems (including Whonix) have a unique identifier called machine-id that doesn't change. Here is how to change it.)
Should identifiers such as /etc/machine-id
:
- A) be shared among all Whonix users all the time, OR
- B) be unique per user per boot?
Whonix design, at time of writing, it is A). [45] It may be possible that arguments for either option could be made. However, upon consideration it seems clear that A) is clearly better.
The threat model is here that software running inside Whonix-Workstation might read machine id and send it to remote servers which would then use it to fingerprint the user. That could be considered privacy invasive software which should be avoided or even malicious software.
A) leaks "it is a Whonix user". But the fact that "it is a Whonix user" is being leaked is realistically unavoidable anyhow. For details, why that is, refer to the VM Fingerprinting as well as the
System Identity Camouflage
wiki pages. This is a general issue and unspecific to Whonix. If an application or malware intents to track users, such applications in most cases could generate their own unique ID for tracking purposes. Therefore taming identifiers such as /etc/machine-id
does not help much.
The approach of Tor and the Tor Browser Bundle is also similar to A). Tor and Tor Browser do not attempt to create a fresh, random pseudonym per session. Rather, Tor and Tor Browser attempt to make all users look the same. The Tor Project coined this Anonymity Loves Company
(good web search term). Whonix attempts to be an extension of Tor. Therefore follows similar design principles.
B) Would not leak "it is a Whonix user" but then attempting to hide that is realistically impossible anyhow as per VM Fingerprinting.
There is also an optimization conflict of perfect fingerprinting resistance against locally running malware versus security hardening settings. Security hardening of the system unfortunately leaks the fact (fingerprintable) that the system has been hardened. Once cannot have both, perfect fingerprinting resistance and security hardening at the same time. Since perfect local fingerprinting resistance cannot realistically be established, Whonix will choose security hardening whenever there is such a conflict.
When not using VMs: locally running privacy invasive / malicious software has even more possibilities of fingerprinting users. Direct access to hardware identifiers.
Related wiki page on identifiers: This wiki page from the top, Protocol Leak Protection and Fingerprinting Protection.
forum discussion: Anonymize /etc/machine-id
CPU Output Tests[edit]
TNT_BOM_BOM generated /proc/cpuinfo
output which was posted to the Whonix forums and copied here.
CPU Test One[edit]
These are the results before running VBoxManage modifyvm Whonix-Workstation --cpuidremoveall
.
processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 37 model name : Intel(R) Core(TM) i5 CPU M 580 @ 2.67GHz stepping : 5 microcode : 0x616 cpu MHz : 2659.899 cache size : 3072 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fdiv_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 11 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc xtopology nonstop_tsc pni monitor lahf_lm bogomips : 5319.79 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management:
CPU Test Two[edit]
These are the results after running VBoxManage modifyvm Whonix-Workstation --cpuidremoveall
and shutting down the workstation.
processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 37 model name : Intel(R) Core(TM) i5 CPU M 580 @ 2.67GHz stepping : 5 microcode : 0x616 cpu MHz : 2660.690 cache size : 3072 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fdiv_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 11 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc xtopology nonstop_tsc pni monitor lahf_lm bogomips : 5321.38 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management:
KVM Whonix-Workstation 12 /proc/cpuinfo[edit]
processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 6 model name : QEMU Virtual CPU version 2.1.2 stepping : 3 microcode : 0x1 cpu MHz : 2659.914 cache size : 4096 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fdiv_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 4 wp : yes flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm bogomips : 5319.82 clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 6 model name : QEMU Virtual CPU version 2.1.2 stepping : 3 microcode : 0x1 cpu MHz : 2659.914 cache size : 4096 KB physical id : 1 siblings : 1 core id : 0 cpu cores : 1 apicid : 1 initial apicid : 1 fdiv_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 4 wp : yes flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm bogomips : 1945.60 clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management:
KVM Whonix-Workstation 13 /proc/cpuinfo[edit]
> processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 6 model name : QEMU Virtual CPU version 2.1.2 stepping : 3 microcode : 0x1 cache size : 4096 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fdiv_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 4 wp : yes flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm bogomips : 1185.79 clflush size : 32 cache_alignment : 32 address sizes : 40 bits physical, 48 bits virtual power management: > processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 6 model name : QEMU Virtual CPU version 2.1.2 stepping : 3 microcode : 0x1 cache size : 4096 KB physical id : 1 siblings : 1 core id : 0 cpu cores : 1 apicid : 1 initial apicid : 1 fdiv_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 4 wp : yes flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm bogomips : 1173.50 clflush size : 32 cache_alignment : 32 address sizes : 40 bits physical, 48 bits virtual power management:
KVM Whonix-Workstation 17 /proc/cpuinfo[edit]
[workstation user ~]% cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 37 model name : Intel(R) Core(TM) i5 CPU M 580 @ 2.67GHz stepping : 5 microcode : 0x7 cpu MHz : 2659.828 cache size : 16384 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 11 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology cpuid pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes hypervisor lahf_lm cpuid_fault pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid tsc_adjust arat umip flush_l1d arch_capabilities vmx flags : vnmi preemption_timer invvpid ept_x_only ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest shadow_vmcs bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs mmio_unknown bogomips : 5319.65 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management:
from Whonix 12 WS - qubes Q3 "cat /proc/cpuinfo" (**different PC**)[edit]
processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz stepping : 3 microcode : 0x17 cpu MHz : 2494.312 cache size : 6144 KB physical id : 0 siblings : 8 core id : 2 cpu cores : 1 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt bugs : bogomips : 4988.62 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: > processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz stepping : 3 microcode : 0x17 cpu MHz : 2494.312 cache size : 6144 KB physical id : 0 siblings : 8 core id : 2 cpu cores : 1 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt bugs : bogomips : 4988.62 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: > processor : 2 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz stepping : 3 microcode : 0x17 cpu MHz : 2494.312 cache size : 6144 KB physical id : 0 siblings : 8 core id : 2 cpu cores : 1 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt bugs : bogomips : 4988.62 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: > processor : 3 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz stepping : 3 microcode : 0x17 cpu MHz : 2494.312 cache size : 6144 KB physical id : 0 siblings : 8 core id : 2 cpu cores : 1 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt bugs : bogomips : 4988.62 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: > processor : 4 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz stepping : 3 microcode : 0x17 cpu MHz : 2494.312 cache size : 6144 KB physical id : 0 siblings : 8 core id : 2 cpu cores : 1 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt bugs : bogomips : 4988.62 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: > processor : 5 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz stepping : 3 microcode : 0x17 cpu MHz : 2494.312 cache size : 6144 KB physical id : 0 siblings : 8 core id : 2 cpu cores : 1 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt bugs : bogomips : 4988.62 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: > processor : 6 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz stepping : 3 microcode : 0x17 cpu MHz : 2494.312 cache size : 6144 KB physical id : 0 siblings : 8 core id : 2 cpu cores : 1 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt bugs : bogomips : 4988.62 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: > processor : 7 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz stepping : 3 microcode : 0x17 cpu MHz : 2494.312 cache size : 6144 KB physical id : 0 siblings : 8 core id : 2 cpu cores : 1 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt bugs : bogomips : 4988.62 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management:
KVM vs Qubes[edit]
KVM[edit]
processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 6 model name : QEMU Virtual CPU version 2.1.2 flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm
Qubes[edit]
processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
get-edid output[edit]
EDID[edit]
Install package(s) read-edid
following these instructions
1 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: In Template.
2 Update the package lists and upgrade the system .
sudo apt update && sudo apt full-upgrade
3 Install the read-edid
package(s).
Using apt
command line
--no-install-recommends
option
is in most cases optional.
sudo apt install --no-install-recommends read-edid
4 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: Shut down Template and restart App Qubes based on it as per Qubes Template Modification .
5 Done.
The procedure of installing package(s) read-edid
is complete.
sudo get-edid ; echo $?
Qubes[edit]
This is read-edid version 3.0.1. Prepare for some fun. Attempting to use i2c interface Looks like no busses have an EDID. Sorry! Attempting to use the classical VBE interface Performing real mode VBE call Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0 Function unsupported Call failed VBE version 0 VBE string at 0x0 "O" VBE/DDC service about to be called Report DDC capabilities Performing real mode VBE call Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0 Function unsupported Call failed Reading next EDID block VBE/DDC service about to be called Read EDID Performing real mode VBE call Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0 Function unsupported Call failed The EDID data should not be trusted as the VBE call failed Error: output block unchanged I'm sorry nothing was successful. Maybe try some other arguments if you played with them, or send an email to Matthew Kern <pyrophobicman@gmail.com>. 1
VirtualBox[edit]
get-edid: get-edid version 2.0.0 Performing real mode VBE call Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0 Function supported Call successful VBE version 200 VBE string at 0xc7f10 "VirtualBox VBE BIOS https://www.virtualbox.org/" VBE/DDC service about to be called Report DDC capabilities Performing real mode VBE call Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0 Function unsupported Call failed Reading next EDID block VBE/DDC service about to be called Read EDID Performing real mode VBE call Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0 Function unsupported Call failed The EDID data should not be trusted as the VBE call failed Error: output block unchanged 1
KVM[edit]
get-edid: get-edid version 2.0.0 Performing real mode VBE call Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0 halt_sys: file ��y�*+, line -1216758308 Function unsupported Call successful VBE version 300 VBE string at 0xc4f55 "SeaBIOS VBE(C) 2011" VBE/DDC service about to be called Report DDC capabilities Performing real mode VBE call Interrupt 0x10 ax=0x4f15 bx=0x0 cx=0x0 halt_sys: file ��y�*+, line -1216720908 Function unsupported Call successful Reading next EDID block VBE/DDC service about to be called Read EDID Performing real mode VBE call Interrupt 0x10 ax=0x4f15 bx=0x1 cx=0x0 halt_sys: file ��y�*+, line -1216720908 Function unsupported Call successful The EDID data should not be trusted as the VBE call failed Error: output block unchanged 1
Testing[edit]
For users and researchers that wish to reproduce, verify the output of the analysis tools used on this page, could install the following packages.
Install package(s) x11-utils lshw usbutils hddtemp lm-sensors acpi mesa-utils
following these instructions
1 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: In Template.
2 Update the package lists and upgrade the system .
sudo apt update && sudo apt full-upgrade
3 Install the x11-utils lshw usbutils hddtemp lm-sensors acpi mesa-utils
package(s).
Using apt
command line
--no-install-recommends
option
is in most cases optional.
sudo apt install --no-install-recommends x11-utils lshw usbutils hddtemp lm-sensors acpi mesa-utils
4 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: Shut down Template and restart App Qubes based on it as per Qubes Template Modification .
5 Done.
The procedure of installing package(s) x11-utils lshw usbutils hddtemp lm-sensors acpi mesa-utils
is complete.
See Also[edit]
Footnotes[edit]
- ↑ 1.0 1.1 This does not cover application vulnerabilities and exploits, which escalate from the virtual machine to the host. See: Attacks. However, by design the Whonix-Workstation™ does not know its own external non-Tor IP address.
- ↑
/etc/resolv.conf
in Whonix-Workstation is configured to use the Whonix-Gateway™ as the DNS resolver, which is routed through Tor. - ↑ Adhering to recommendations as per the torbirdy github repository, which prevents leakage of the operating system version (no-emit-version) and other variables (on github).
- ↑ In this case it may appear that the syntax was simply copied from the manpage.
- ↑
The Tails OS similarly sets the username to
amnesia
, which is a default value not set by the user and therefore safe. - ↑ To check the color depth run the following command in console. xdpyinfo
- ↑ Do not rely on https://ip-check.info or similar websites to check the desktop resolution and color depth, because Tor Button changes these values to improve anonymity; refer to the TorButton specification and Tor trac for further details. See also Browser Tests. In order to check the list of installed fonts, run. fc-list
- ↑ https://github.com/Kicksecure/vm-config-dist/blob/master/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/displays.xml
- ↑ To check the desktop resolution and refresh rate, run the following command in console. xrandr
- ↑ So long as the user or any additional software packages do not install further packages.
- ↑ Only three common fonts (monospace, serif, times new roman) can be detected for all Tor Browser users.
- ↑ Robert Ransom previously suggested Whonix should share the same list of fonts as Tails if possible. Since Tor Browser no longer leaks which fonts are installed, lead Whonix developer Patrick Schleizer does not see any advantage of this action (follow-up enquiry ignored).
- ↑ To check the hostname, run. host
- ↑ To check the internal (virtual LAN) IP address, run. sudo ifconfig
- ↑ To check the long host name, run. hostname --fqdn
- ↑ To check the time zone, run. cat /etc/timezone
- ↑ By default, all Whonix users have the same set of software packages installed. However, if additional software packages are installed, this advantage is lost. See also: Software updaters.
- ↑
These were hidden by VirtualBox "Synthetic CPU" in the past but that feature was removed from VirtualBox. (Even then the clock speed of your host CPU was visible to all code (applications or malware) inside Whonix-Workstation.) The parameters
--cpuid-portability-level
or--cpuidremoveall
have been tested and do not hide CPU model and capabilities either. - ↑ https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/403
- ↑ https://phabricator.whonix.org/T449
- ↑ This is due to the design of virtualization platforms (VirtualBox, KVM, Xen, Qubes, VMware, etc.). Most virtualization platforms leak CPU model, capabilities and clock speed. Check. cat /proc/cpuinfo A workaround in theory could be to use an emulator instead of a virtualizer such as QEMU or bochs. In practice however, unfortunately such emulators are slow and there might be other limitations. (Does Bochs support internal networking?)
- ↑ Hardware serial numbers which any applications could collect are hidden due to the Virtual Machine.
- ↑ It is possible to check the visible hardware yourself with the following commands. sudo lshw and sudo lspci If USB devices are attached, run. sudo lsusb Then compare the results with your host.
- ↑
sudo lshw -C display
*-display description: VGA compatible controller product: SVGA II Adapter vendor: VMware physical id: 2 bus info: pci@0000:00:02.0 version: 00 width: 32 bits clock: 33MHz capabilities: vga_controller bus_master rom configuration: driver=vmwgfx latency=64 resources: irq:18 ioport:d000(size=16) memory:e0000000-e7ffffff memory:f0000000-f01fffff memory:c0000-dffff
- ↑ sudo lshw -C display Expected output: No output, which is good.
- ↑ CPU temperature, HDD temperature, S.M.A.R.T.
- ↑ Fortunately virtualizers hide them from the guest VM by not implementing them.
- ↑ To check the sensor information, run.
Using
hddtemp
.- Qubes: sudo hddtemp /dev/xvda
- VirtualBox: sudo hddtemp /dev/sda
- KVM: sudo hddtemp /dev/vda
sensors-detect
. sudo sensors-detect - ↑ To check the battery information, run. acpi -V
- ↑ 30.0 30.1 To check the BIOS DMI information, run. sudo dmidecode
- ↑ To see disk ids that are in use, run. sudo ls -la /dev/disk/by-id/ sudo ls -la /dev/disk/by-uuid/ Then compare the result with the host.
- ↑ As in explained in VBoxManage modifyhd, this value has no relation to the host by default.
- ↑ To check the VM UUID, run. sudo dmidecode
- ↑ To check the SILC table, run. sudo cat /sys/firmware/acpi/tables/SLIC Inside the virtualizer and on the host. On the host there may or may not be not be a SLIC table. If there is none, it cannot leak into your virtualizer. If there is one, the value will not be mirrored in VirtualBox, which is fine.
- ↑ To check the HDD UUID, run.
- Qubes: sudo hdparm -i /dev/xvda
- VirtualBox: sudo hdparm -i /dev/sda
- KVM: sudo hdparm -i /dev/vda
- ↑ To check the CD-ROM UUID, run. udisks --show-info /dev/cdrom
- ↑ Real hardware UUIDs are hidden by the virtualizer.
- ↑ Virtualizers routinely hide extended display identification data.
- ↑ See: Qubes EDID.
- ↑ See: VirtualBox EDID.
- ↑
- ↑ See: KVM EDID.
- ↑ To check Whonix-Workstation's MAC address, run. sudo ifconfig Inside Whonix-Workstation and then compare it with the host.
- ↑
Disadvantages if a shared MAC Addresses would be used by all Whonix-Workstation:
- Multiple Whonix-Workstation cannot use the Internet at the same time if they are using the same MAC address. It leads to confusing connection interruptions in either of the virtual machines.
- The project contributors need to explain and defend the design, which takes a lot of time for little gain. (Again, it is important not to expose the host's real MAC address, but so long as the one inside the virtual machine is different, everything is in an acceptable state.)
- It may be easier to develop ARP spoofing defense to implement authenticated connections between Whonix-Gateway and Whonix-Workstation. (This is only useful when using Multiple Whonix-Workstation.) To understand the context, please read Connections between Gateway and Workstation.
- In some cases, applications gather the MAC address and send it to a remote server (proprietary license checks use the MAC for hardware fingerprinting). In this case a shared MAC address might be better for privacy. It however might also break the proprietary license check as this expects different MAC addresses for different customers of the proprietary software. See also VM Fingerprinting.
- There might be an advantages of sharing MAC addresses among all Whonix versions. That would be useful in the event an application leaks the MAC address or if Whonix-Workstation was compromised. On the other hand, this would identify the user as a Whonix user.
- ↑ https://github.com/Whonix/dist-base-files
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!