I’m curious if whonix actually provides any value rather than just running tor locally?

Like has there ever been a case when because tor was run locally on someones computer over using whonix for tor that they were compromised?

  • redbookOP
    link
    fedilink
    arrow-up
    3
    ·
    3 years ago

    Qubes is good and the approach that it has is in my view the best approach to security, security by compartmentalizing and is the same security tactic that certain three letter agencies use to stop leaks from happening.

    Daniel the guy that does GrapheneOS basically says that its compartmentalizing garbage because linux isn’t built with security in mind.

    And also Qubes isn’t a silver bullet at all - it uses the xen hypervisor which has had vulnerabilities in the past https://www.cvedetails.com/vulnerability-list.php?vendor_id=6276&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=296&sha=7354f1cd84d744aba90e37868d68b6095ad317f5

    Plus the hardware compatibility makes it almost impossible to use on the majority of devices.

    • AgreeableLandscape
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      3 years ago

      Qubes is good for security between computing contexts on the machine itself (though, not perfect as you mentioned), but by itself isn’t meant to anonymize you on the internet.

      Daniel the guy that does GrapheneOS basically says that its compartmentalizing garbage because linux isn’t built with security in mind.

      Is Linux not designed for security? I’d have assumed it’s one of the more mature kernels security wise due to its prevalence in servers.

      Either way, I guess you can use BSD in the containers if that’s a real concern. Though, this is why I wish there was a viable desktop microkernel OS. Such an OS might even be able to replace the need for a hypervisor like in Qubes, if it has built-in compartmentalization for userspace programs.

      • redbookOP
        link
        fedilink
        arrow-up
        2
        ·
        3 years ago

        Yeah I think that BSD is the most secure operating system to-date and these are the guys that created ssh, the service that is used by most people in the world for connecting to theirs servers. So the folks that develop BSD really know what they are doing when it comes to security.

        I’ve not actually tried openBSD myself, but I can already tell you that having that setup correctly so that you have containers that use openBSD instead of linux will be a pain in the ass for compatibility and is likely going to be extremely difficult to setup correctly on qubes. But in my view is likely the most secure you can get with Qubes OS.

        • AgreeableLandscape
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          3 years ago

          For people who don’t want to or aren’t knowledgeable enough to go through all that trouble, what would you think about just having multiple bootable partitions (presumably with BSD ideally), each independently encrypted with a different password? That way in theory if a single OS instance is compromised, it can’t access the information on any of the other instances since ideally only the currently booted partition is decrypted. You can probably pull it off with some GRUB fu.