I trust Whonix the same as I trust Qubes and TAILS, or Debian, Fedora, Xen. I don't have enough intelligence, that would convince me otherwise. And I do research quite often when periodically adjusting my FMECA. Which is just a professional deformation. Every project, however secret, secure, top notch it seems to be, is vulnerable this or that way, and will always remain so. Some of the attacks are common, some are specific. Once old attacks are covered, new emerge. That is life. Disregard a project, only because one of the emerging attacks, is pathetic (I know not your case, you have different reasons mentioned), as this attack (ausie law like, or malicious dev) is possible for every other project too, including your refrigerator, assembled on the production line with malicious guy, willing to do evil. Living somewhere in cave is not a solution.
Interestingly I don't have much problem with Whonix in Qubes, and I like it very much. Working very well. I use it on daily basis as my primary template in Qubes, for my company management, email, chat, browsing, research, and privately as well, because I believe that anonymity is a very strong security attitude to thread mitigation, even I understand well the limitations of Tor and Whonix as well. They are clear about what they can do and what not. Are they a magical wand, solving all problems of the world? No, and they don't claim that. Most of the time I try to prefer connections to .onion websites rather than clearnet, because I don't see any benefit from exposing myself to surveillance capitalism. I like v3 onions, and prefer to use it wherever possible. I love to see myself as a person, not as a product. When chatting on XMPP with OTR I use .onion server for my identity and ask the other site to do the same, as I don't see any benefit using clernet server. Tor allows me to mitigate some risks, and of course opening me to another ones. This comparison is still putting the weight *for-tor-whonix-in-qubes*. Others may have it different, depending on ones OPSEC and ones willingness to give his/her life away for free to any random observer. I hope Whonix will go on further with their excellent job, same as Qubes or TAILS or Torproject. I would just stress out the importance to include the high-risk, high-impact emerging threads into their thread model and try to mitigate these risks same way, as other risks included there already - recognized. If you set up your bullet-proof environment and than by crossing a nation border just breaks it down by one simple question of the officer, than resistance of your security setup is extremely weak and breakable any time. More and more states will go on with this attacks in the near future. Australia is only the first one to make it so clear. There are tools and ways available for mitigation, for Plausible Deniability for example, like Hidden Operating System, Hidden Volumes, but are not included in the standard package of the projects yet. If I was a programmer, I would sure contribute, but I am not. And so the only point is to mention it, and try to stress it enough, to motivate people with skill-set to contribute for all of us. Feb 20, 2019, 6:15 AM by raahe...@gmail.com: > I read that whonix thread. Still not sure why whonix doesn't have a canary. > What could it hurt? Any aspect of the project could be compromised for any > reason. Thats the same as people saying I have nothing to hide so why > worry. In the other thread Patrick says US laws affect all countries. > > And don't feel bad. Patrick banned me from the forums too once a long while > ago. I told him I'd never post there again and never did. lol. > > I was constantly having issues with whonix. You are a target just for using > it. You really have to pay attention when you are updating it. > > Sill never understood why the user qubes-whonix left the project in > flamboyant fashion claiming it was just a "cool experiment" and its "security > was not taken seriously" ... > > I stopped using whonix after the annoying clock issue. And then couldn't be > troubled to install the latest version and just removed it instead. > > I'm sure it has its purposes and some people need it. But I don't. The > websites I use qubes for ban tor or it just has no benefit. Anonymity is > different then privacy. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to > qubes-users+unsubscr...@googlegroups.com > <mailto:qubes-users+unsubscr...@googlegroups.com>> . > To post to this group, send email to > qubes-users@googlegroups.com > <mailto:qubes-users@googlegroups.com>> . > To view this discussion on the web visit > > https://groups.google.com/d/msgid/qubes-users/db18e185-a602-4b05-8111-0cae75355...@googlegroups.com > > <https://groups.google.com/d/msgid/qubes-users/db18e185-a602-4b05-8111-0cae75355cdd%40googlegroups.com>> > . > For more options, visit > https://groups.google.com/d/optout > <https://groups.google.com/d/optout>> . > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/LZ9BZNx--3-1%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
