Feb 23, 2019, 12:17 AM by raahe...@gmail.com:
> On Wednesday, February 20, 2019 at 4:17:45 AM UTC-5, qube...@tutanota.com
> wrote:
>
>> I trust Whonix the same as I trust Qubes and TAILS, or Debian, Fedora, Xen.
>> I don't have enough intelligence, that would convince me otherwise. And I do
>> research quite often when periodically adjusting my FMECA. Which is just a
>> professional deformation.
>> Every project, however secret, secure, top notch it seems to be, is
>> vulnerable this or that way, and will always remain so. Some of the attacks
>> are common, some are specific. Once old attacks are covered, new emerge.
>> That is life. Disregard a project, only because one of the emerging attacks,
>> is pathetic (I know not your case, you have different reasons mentioned), as
>> this attack (ausie law like, or malicious dev) is possible for every other
>> project too, including your refrigerator, assembled on the production line
>> with malicious guy, willing to do evil. Living somewhere in cave is not a
>> solution.
>>
>> Interestingly I don't have much problem with Whonix in Qubes, and I like it
>> very much. Working very well. I use it on daily basis as my primary template
>> in Qubes, for my company management, email, chat, browsing, research, and
>> privately as well, because I believe that anonymity is a very strong
>> security attitude to thread mitigation, even I understand well the
>> limitations of Tor and Whonix as well. They are clear about what they can do
>> and what not. Are they a magical wand, solving all problems of the world?
>> No, and they don't claim that.
>> Most of the time I try to prefer connections to .onion websites rather than
>> clearnet, because I don't see any benefit from exposing myself to
>> surveillance capitalism. I like v3 onions, and prefer to use it wherever
>> possible. I love to see myself as a person, not as a product. When chatting
>> on XMPP with OTR I use .onion server for my identity and ask the other site
>> to do the same, as I don't see any benefit using clernet server. Tor allows
>> me to mitigate some risks, and of course opening me to another ones. This
>> comparison is still putting the weight *for-tor-whonix-in-qubes*. Others may
>> have it different, depending on ones OPSEC and ones willingness to give
>> his/her life away for free to any random observer.
>>
>> I hope Whonix will go on further with their excellent job, same as Qubes or
>> TAILS or Torproject.
>>
>> I would just stress out the importance to include the high-risk, high-impact
>> emerging threads into their thread model and try to mitigate these risks
>> same way, as other risks included there already - recognized. If you set up
>> your bullet-proof environment and than by crossing a nation border just
>> breaks it down by one simple question of the officer, than resistance of
>> your security setup is extremely weak and breakable any time. More and more
>> states will go on with this attacks in the near future. Australia is only
>> the first one to make it so clear. There are tools and ways available for
>> mitigation, for Plausible Deniability for example, like Hidden Operating
>> System, Hidden Volumes, but are not included in the standard package of the
>> projects yet. If I was a programmer, I would sure contribute, but I am not.
>> And so the only point is to mention it, and try to stress it enough, to
>> motivate people with skill-set to contribute for all of us.
>>
>>
>>
>>
>> Feb 20, 2019, 6:15 AM by >> raahe...@gmail.com <mailto:raahe...@gmail.com>>>
>> :
>>
>> > I read that whonix thread. Still not sure why whonix doesn't have a
>> > canary. What could it hurt? Any aspect of the project could be
>> > compromised for any reason. Thats the same as people saying I have
>> > nothing to hide so why worry. In the other thread Patrick says US laws
>> > affect all countries.
>> >
>> > And don't feel bad. Patrick banned me from the forums too once a long
>> > while ago. I told him I'd never post there again and never did. lol.
>> >
>> > I was constantly having issues with whonix. You are a target just for
>> > using it. You really have to pay attention when you are updating it.
>> >
>> > Sill never understood why the user qubes-whonix left the project in
>> > flamboyant fashion claiming it was just a "cool experiment" and its
>> > "security was not taken seriously" ...
>> >
>> > I stopped using whonix after the annoying clock issue. And then couldn't
>> > be troubled to install the latest version and just removed it instead.
>> >
>> > I'm sure it has its purposes and some people need it. But I don't. The
>> > websites I use qubes for ban tor or it just has no benefit. Anonymity is
>> > different then privacy.
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups
>> > "qubes-users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an
>> > email to > >> qubes-users+unsubscr...@googlegroups.com
>> > <mailto:qubes-users+unsubscr...@googlegroups.com>>> <mailto:>>
>> > qubes-users+unsubscr...@googlegroups.com
>> > <mailto:qubes-users+unsubscr...@googlegroups.com>>> >> .
>> > To post to this group, send email to > >> qubes-users@googlegroups.com
>> > <mailto:qubes-users@googlegroups.com>>> <mailto:>>
>> > qubes-users@googlegroups.com <mailto:qubes-users@googlegroups.com>>> >> .
>> > To view this discussion on the web visit > >>
>> > https://groups.google.com/d/msgid/qubes-users/db18e185-a602-4b05-8111-0cae75355...@googlegroups.com
>> >
>> > <https://groups.google.com/d/msgid/qubes-users/db18e185-a602-4b05-8111-0cae75355...@googlegroups.com>>>
>> > <>>
>> > https://groups.google.com/d/msgid/qubes-users/db18e185-a602-4b05-8111-0cae75355...@googlegroups.com
>> >
>> > <https://groups.google.com/d/msgid/qubes-users/db18e185-a602-4b05-8111-0cae75355cdd%40googlegroups.com>>>
>> > >> .
>> > For more options, visit > >> https://groups.google.com/d/optout
>> > <https://groups.google.com/d/optout>>> <>>
>> > https://groups.google.com/d/optout <https://groups.google.com/d/optout>>>
>> > >> .
>> >
>>
>
> You could live like a monk. Which is the only way to be truly secure, but
> you would be missing out on many life experiences. But to each his own.
>
> LIke I said, I was using tor to check certificates and update my qubes. But
> its so dam slow, the whonix qubes is always so sketchy with errors, and
> there isn't much support help for it. So I stopped using it.
>
> I'm a gamer and I'm talking to you from a non hardened windows 10 machine
> right now lmao.. Qubes is my family machine and for more sensitive tasks.
> And mostly for sites that block tor. Like banking, I shop online for
> example, download files from USB disks, its for daily tasks besides
> entertainment.
>
> Don't most IRC networks even block tor now? Tor to me is almost dangerous
> to use.
>
> I'd only use tor as my daily connection right now if I was fearing for my
> life or fear of imprisonment. And then I'd probably be using tails with a
> disposable flash drive.
>
> I think alot of the problems in society stem from the fact we apply different
> principals and morals to the physical world from the digital realm. They
> really are not different at all no matter how much people treat them
> differently. Now these false sense of entitlements are carrying over to the
> physical world and its scary. When it really should be the other way
> around.
>
> The reason why I say privacy and anonymity are two diff things. And way
> apart from security. is For example if I log into a facebook .onion site.
> Its still my identity. All that information about you is still being sold to
> ad agencies. Governments are still watching it. The only benefit I can
> see, is again, people hiding their location for fear of their life or
> imprisonment.
>
> And actually be using it you are using up bandwidth those people could be
> using, just to feel special.
>
Regarding your issues with whonix, maybe it is about your HW or SW settings. I
actually have no issue at all here. I only struggled to move from whonix-13 to
whonix-14 bit, but I got support here, so now it is just perfectly smooth.
My mindset is maybe a bit different from that of yours. I consider my life and
all its emissions to be private, owned by me, and valuable. So I have to have a
very good reason to share any of it with someone. I use services which dont
have problem with Tor. If they do, I dont use it. IRCs block certain exit nodes
so you need to switch identity till it works.
Tor and a danger to use it comes from your threat model and what poses more
risk for you - to be potentially flagged as a Tor user, or to be completely
exposed and profiled by unknown amount of entities, organizations, individuals
and having your life shared, traded or potentially even "adjusted", for later
misuse. For example, I dont have any benefit from feeding the AI of Cambridge
Analytica like orgs, so they can manipulate elections with it. So my default
setup is to be consciously anonymous, or semi-anonymous, unless I have a good
reason not to be.
To your Facebook example. If you use Facebook (even over its .onion), you are
exposed to the service, as it is case in all other services. Now if you use the
Facebook service, you already show your trust to it, and you had to consider
their behavior in your trust model. You use it, means you somehow trust them.
In this scenario you try only to mitigate the risk to be exposed to your ISP or
any random entity monitoring your dataflow. So it is perfectly ok. Using .onion
you get there. If you believe Facebook will sell your data, which they
absolutely do, no kind of tech will help you - not a Tor or Whonix issue.
Morals are very important. I mean the real morals, executed freely without
fear, matter only. Therefore I believe that morals that are executed based on
fear of others, fear of society reaction, fear of law, fear to be ostracized,
and similar auto censorship reasons, are just a useless false facades, posing a
huge threat to the understanding of the true state in which the society really
is.
Tor and also its .onions make possible to be yourself, to express what you
really feel and think, without any artificial sefl-regulation. And so I see the
real state of the society is much more reflected in the anonymous channels,
than in Facebook-like spaces, with its manipulations and social engineering and
trying to paint the world with their pink. And no amount of their apologism can
ever justify that.
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to > qubes-users+unsubscr...@googlegroups.com
> <mailto:qubes-users+unsubscr...@googlegroups.com>> .
> To post to this group, send email to > qubes-users@googlegroups.com
> <mailto:qubes-users@googlegroups.com>> .
> To view this discussion on the web visit >
> https://groups.google.com/d/msgid/qubes-users/7670d567-71f4-4b07-a3a1-27601f860...@googlegroups.com
>
> <https://groups.google.com/d/msgid/qubes-users/7670d567-71f4-4b07-a3a1-27601f860629%40googlegroups.com>>
> .
> For more options, visit > https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>> .
>
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/L_8BtPH--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.
