Silk Road forums
Discussion => Security => Topic started by: Bazille on August 15, 2013, 06:28 pm
-
This tutorial explains step by step how to create an encrypted portable USB stick with Whonix, which you can start directly from Microsoft Windows without rebooting.
Don't be put off by having to type stuff in the command line, you will mostly only have to do this during installation.
Completing the tutorial produces a torified Linux installation, similar to Tails. The main advantage over Tails is complete encryption and complete persistence.
Furthermore, compared with Tails, Whonix makes it even harder for attackers to find out your real IP address by using root exploits against your browser, because the virtual desktop machine can't connect to the internet even when someone gets admin privileges.
As Whonix is based on good old Debian, you will receive (security) updates directly from the Debian servers, so you won't have to download a new version of Whonix all the time.
For a comparison between Tails and Whonix, have a look at this page:
http://zo7fksnun4b4v4jv.onion/wiki/Comparison_with_Others
Whonix feature list:
http://zo7fksnun4b4v4jv.onion/wiki/Features
Whonix preinstalled software:
http://zo7fksnun4b4v4jv.onion/wiki/Software
Whonix documentation:
http://zo7fksnun4b4v4jv.onion/wiki/Documentation
System requirements:
* Microsoft Windows XP or higher (it's possible to run it on Mac and Linux, if you're know what you're doing)
* 8GB USB stick or better
Time needed to complete the tutorial: 3+ hours
Don't send me private messages asking for support. Use this thread to ask your questions instead.
CC-BY Bernd Liefert, 15.08.2013
[WARNING]
After you've removed the USB stick from the machine, it may be possible to tell that you've used TrueCrypt and VirtualBox by looking at the Windows registry. However it's not possible to tell that Tor was used or what else was run from the USB stick. Putty, VirtualBox and TrueCrypt do not get installed onto your hard drive.
[/WARNING]
-
1. Prepare your 8GB USB stick or SD card
Format the USB stick either with NTFS (Windows Vista or later) or exFAT (Windows XP or later). Formatting the USB stick with FAT won't be sufficient due to file size limits.
2. Download software
2.1. TrueCrypt
Get the latest stable version of TrueCrypt for Windows from http://www.truecrypt.org/downloads
Start the installer and choose "Extract" instead of "Install". Choose your USB stick as destination.
If you don't want to use an USB stick, simply extract it to some folder.
2.2. VirtualBox (portable)
Get the portable version of VirtualBox from http://www.vbox.me/
(click "Download and run Portable-VirtualBox_xxxxx-Win_all.exe")
Run the installer and choose your USB stick as destination
2.3. Whonix
Download Whonix-Gateway.ova and Whonix-Workstation.ova from here:
https://whonix.org/wiki/Download
Don't put these files on your USB stick.
2.4. Putty (SSH)
As we may want to be able to copy + paste Tor configuration options into the gateway, we ned a SSH client.
Download this file and copy it to your USB stick:
http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
-
3. Installation and preparation
3.1. TrueCrypt
Start "TrueCrypt.exe" from your USB stick and click the "Create Volume" button
Click "Next" to create an encrypted file container
Click "Next" to make it a standard TrueCrypt volume
Click "Select File" and open your USB stick, enter filename: "crypt" and click "Save"
Optionally check "Never save history", or keep it unchecked for more convenience
Click "Next" to leave the encryption algorithm at its default values
Select MB and enter "7500" to have a encrypted container with 7.5GB size. If your USB stick is larger than 8GB you may want to increase the size, to have more room for snapshots and additional software
Enter a reasonably long password, preferably with more than 20 characters, and click "Next"
Click "Next" because we don't need large files
Click "Format" and wait until the container creation is complete.
Click "Exit" when done
Switch to the remaining TrueCrypt window or start TrueCrypt again and select a drive letter, in this tutorial it will be L:
Click "Select File", browse to your USB stick and select the "crypt" file you have created
Click "Mount" and enter the password of your TrueCrypt container
The TrueCrypt container will now appear as drive L: in your Computer. You will have to always use the same drive letter in future, or VirtualBox will not find the files.
3.2. VirtualBox
3.2.1. Import Whonix
Start "Portable-VirtualBox.exe" from the USB stick
Click File -> Preferences
Click "Default Machine Folder" and select "Other"
Browse to drive L: and click OK
Click OK to close the Settings window
Click File -> Import Appliance and click the Open appliance button
Browse to the folder you've downloaded the Whonix files to and select "Whonix-Gateway.ova"
Click Next, then click Import
Click File -> Import Appliance and click the Open appliance button
Browse to the folder you've downloaded the Whonix files to and select "Whonix-Workstation.ova"
Click Next, then click Import
Cook some coffee or roll a joint, because this will take a while. When both virtual machines show up in your VirtualBox Manager, proceed to the next step.
3.2.2. Configure virtual machines
3.2.2.1. Whonix Gateway
Select "Whonix-Gateway" and click it with the right mousebutton
Select "Settings" and click "System"
Click the "Processor" tab increase the number of cores
Select "Network" and click "Advanced"
Click the "Port Forwarding" button and click "+" (Insert new rule)
Enter these values by doubleclicking the empty fields:
Host IP: 127.0.0.1
Host Port: 2200
Guest Port: 22
Click OK to save the settings, click OK again to close the settings window
3.2.2.2. Whonix Workstation
Select "Whonix-Workstation" and click it with the right mousebutton
Select the Advanced tab and set "Shared Clipboard" to "Host-to-Guest" or "Bidirectional"
Select "System" and increase base memory size, if you keep lots of tabs open in your browser
Click the "Processor" tab increase the number of cores
(Optional) Select "Shared Folders" and click the "+" icon (Add Shared Folder)
(Optional) Select the folder you want to have access to from within the virtual machine and check "Auto-Mount"
Click OK to close the settings window and proceed to the next step.
-
4. Setting up Whonix
4.1. Gateway configuration
Select "Whonix-Gateway" and click the green Start arrow
After a few seconds a message should appear: "Starting whonixcheck in 60 seconds..."
Wait until this message appears: "Checking for operating system updates..."
Press enter so you can see the command prompt (user@host:~$ )
At any time, Press the right CTRL key on your keyboard to get back the mouse pointer.
4.1.1. (Optional) Keyboard layout
Whonix is using a US keyboard layout as default, which is quite a headache for some people outside the USA.
If you are from the USA, ignore this step and proceed to step 4.1.2.
At the command prompt enter this line (use the "-" character from the numpad if necessary)
sudo dpkg-reconfigure console-data
Enter the password "changeme" and use the cursor keys to "Select keymap from arch list"
Select appropriate keyboard layout
Select your language
Selet keyboard variant
Select keymap (any if you don't know what exactly you're using)
Your keyboard should work properly now. If it doesn't, enter the above command again.
4.1.2. Gateway passwords
At the command prompt again, type "passwd". Enter the default password "changeme", then enter a new password. This password doesn't need to be strong.
Type "su" and enter the root password ("changeme")
Enter a new password. You can use the same password as you've used above, as this doesn't add much security.
4.1.3. Gateway software update
Enter this line at the command prompt:
apt-get update && apt-get dist-upgrade
Enter Y to download the packages
When there is a question (*** something (Y/I/N/O/D/Z) [default=N] ?), press enter
When you see the command prompt (user@host:~$) again, proceed to the next step.
4.1.4. Allowing SSH connections from your desktop
Enter
nano /usr/local/bin/whonix_firewall
Press CTRL + w and enter "gateway_allow"
Change the line GATEWAY_ALLOW_INCOMMING_SSH=0
to GATEWAY_ALLOW_INCOMMING_SSH=1
Press CTRL + x, press "y" and enter
Back at the command prompt, enter this line and enter "y" if prompted:
apt-get install openssh-server
When you see the command prompt again, enter "reboot"
4.2. Workstation configuration
Select "Whonix-Workstation" and click the green Start arrow. When the KDE desktop finished booting, close the "whonixcheck" window.
At any time, Press the right CTRL key on your keyboard to get back the mouse pointer.
4.2.1. (Optional) Keyboard layout
Users from the USA can skip this step, others may need to do this.
Click the start button at the bottom left of the desktop and select Applications -> Settings -> System Settings
Doubleclick Input Devices and select the Layouts tab
Check "Configure Layouts", click the +Add button and click the Layout dropdown selector
Choose the language of your keyboard and click OK
Select "us English (US)" and click Remove
Click Apply and close the window
4.2.2. Workstation passwords
Click the Konsole icon on the desktop
At the command prompt, type "passwd". Enter the default password "changeme", then enter a new password. This password doesn't need to be strong.
Type "su" and enter the root password ("changeme")
Enter a new password. You can use the same password as you've used above, as this doesn't add much security.
4.2.3. Workstation software update
Enter this line at the command prompt:
apt-get update && apt-get dist-upgrade
Enter Y to download the packages
Packages will be downloaded and installed, this can take 30+ minutes, depending on your location.
When there is a question (*** something (Y/I/N/O/D/Z) [default=N] ?), press enter.
When you see the command prompt (root@host:~$) again, proceed to the next step.
4.2.4. VirtualBox Guest Additions
To be able to use copy + paste, resize the desktop and use mouse pointer integration, we need to install the VirtualBox Guest additions.
In the Konsole window, enter this line:
apt-get install --no-install-recommends virtualbox-guest-dkms virtualbox-guest-utils
Enter "y" when prompted.
When you see the command prompt again, enter this line:
apt-get install virtualbox-guest-x11
When installation is done, enter "reboot".
Once the virtual machine rebooted and the desktop is loaded, you should be able to increase the desktop size by resizing the VirtualBox window.
Furthermore you should be able to copy + paste text from your Windows desktop to the KDE desktop, and the virtual machine should stop capturing your mouse pointer.
If that works, proceed right to step 5.
If that didn't work, then the VirtualBox Guest Additions weren't installed properly due to version issues. In that case we have to install them through VirtualBox itself.
Click the Konsole icon on the desktop and enter this line and enter your user password when prommpted:
sudo apt-get install build-essential linux-headers-$(uname -r)
When you see the command prompt again, enter these lines:
sudo mkdir /media/cdrom
sudo mount /dev/sr0 /media/cdrom
sudo /media/cdrom/VBoxLinuxAdditions.run
Enter "y" when prompted and reboot the virtual machine. You can do this by clicking the KDE start button and clicking "Leave".
-
5. Tor configuration
The Tor Server is running on the Whonix-Gateway virtual machine, which doesn't support copy + paste. To make the configuration of Tor easier, we have to use a SSH client on the Windows desktop.
Start putty.exe from the USB stick
Enter Hostname 127.0.0.1 and Port 2200, then click Open and increase the size of the Putty window
At the login prompt ("login as:") enter "user" and enter the user password you set during the Whonix-Gateway installation
5.1. Common Tor configuration
Enter this line at the command prompt (you can paste the text by clicking the right mousebutton inside the Putty window):
sudo nano /etc/tor/torrc
Press enter and enter your Whonix-Gateway user password when prompted
Scroll down to the bottom of the text by using the cursor keys or the Page Down key on your keyboard
Paste these lines into Putty:
AvoidDiskWrites 1
ClientOnly 1
StrictNodes 1
5.2. (Optional) Define exit node countries
Many people don't recommend this, because it may make you less anonymous, but I prefer to have my exit nodes in countries which are not part of the NSA's PRISM program.
If you don't set any exit nodes yourself, then Tor will randomly choose exit nodes for you. As there is a huge amount of exit nodes running in the USA and other PRISM partner countries,
you will often use exit nodes which can be sniffed by the NSA. However, as many websites are in the USA and PRISM partner countries, this is no ultimate protection against getting sniffed by the NSA.
By adding the next line to the bottom of /etc/tor/torrc we make Tor only use ExitNodes in Asia, South Africa and Russia:
ExitNodes {hk},{tw},{za},{in},{id},{th},{vn},{cn},{ru}
You can find a list of more country codes here (these are not always the same as internet top level domains)
http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
Note that not all countries have a large amount of ExitNodes, and that it's better if Tor has more than 20 ExitNodes to choose from. Most ExitNodes in this example will most likely be slow, except the ones in China (probably run by their secret service) and Russia. South Korea and Japan also has a lot of ExitNodes, but they may be too friendly with the NSA, so they haven't been added to the list.
5.3. (Optional) Define entry node countries
If there are enough Tor relays in your country, you should only use EntryNodes in your country. If you are in the USA, add this line to the end of /etc/tor/torrc:
EntryNodes {us}
If you are not from the USA, check the above list of country codes to find out which code your country uses. These are not internet top level domains.
If you want to use specific trusted EntryNodes in your country, e.g. because you always want to have a fast entry node with large bandwidth, then you can specify those by using fingerprints.
In this case You should at least add 3 EntryNodes then, better more.
manning2.torservers.net, bolobolo1.torservers.net and manning1.torservers.net are among the fastest EntryNodes in the USA (and the world) right now, so you may want to use them, if you live in the USA.
Instead of using the above EntryNodes example, you'd have to use something like this:
EntryNodes $D0236B1908B3CC686DB0A361F4931073A25793F1,$9F7A37446BC034B4FDB27CAE2C6CAAB83A40A361,$073F27934762FF8BA956FFCE136AAC1CCF45EA13
To get more fingerprints of servers, go to http://torstatus.blutmagie.de/ and click on the servernames. Copy the fingerpint line and add a $ in front of each fingerprint. Seperate individual fingerprints in the config with commas. Remove spaces in the fingerprints. You should use at least 3-10 fingerprints as entry nodes.
5.4. (Optional) Tor bridges
Instead of using public EntryNodes you may want to use Tor bridges, but this may not help against NSA sniffing. They may know the bridges from https://bridges.torproject.org/ anyway. To have a very secret bridge you'd have to use hidden bridges run by your friends. As with the EntryNodes, you should use at least 5-10 bridges.
To use bridges you'd have to add the line
UseBridges 1
to the end of your /etc/tor/torrc. To get a list of bridges, go to https://bridges.torproject.org/bridges and copy the list of IP addresses it shows you. Paste the addresses at the end of your /etc/tor/torrc text file and add "Bridge " (note the space) before each IP address.
This will however not show you only bridges from your country, but from random countries. When you connect to a bridge in another country, then it is more likely that one or more secret services sniff your traffic. This would allow them to do time/size correlation when you browse clearnet websites.
It may be best if you skip the Tor bridges part and only use the EntryNodes part of this tutorial, unless you know how to find out in which countries those bridges are hosted. If you do use bridges, then the EntryNodes line will be ignored by Tor.
Once you're done with the Tor configuration text file, save it by pressing CTRL + x followed by pressing "y" the enter key
-
6. Preparing Tor Browser
Do not use the "Update Tor Browser" icon on the KDE desktop to update the browser, unless you're ok with losing all your browser settings.
If you don't mind losing your browser settings and bookmarks every time you update the browser, and you don't want to use Vidalia, ignore step 6.1.
Click the "Start Tor Browser" icon on the desktop and
[IMPORTANT]
DEACTIVATE JAVASCRIPT
[/IMPORTANT]
by clicking the "S" icon next to the green onion icon in the browser and selecting "Forbid Script Globally"
You can then configure your browser as desired, but don't change the language. Otherwise you may become more pseudonymous than anonymous.
6.1. Updating Tor Browser
After starting the Tor Browser, follow the link to the download page
Download "Tor Browser Bundle for GNU/Linux"
Click Launch Application and OK
Click Save
Click < User > to change the download folder to your home folder
Click Save
Close the browser window
Click the Konsole icon on the KDE desktop and type "ls"
Select the filename of the downloaded archive by holding the left mousebutton (something like "tor-browser-gnu-linux-i686-2.3.25-12-dev-en-US.tar.gz")
Click the selection with the right mouse button and select Copy
Type "tar -zxf " (with trailing space), click inside the Konsole window with the right mouse button and select Paste
When you see the command prompt again and no error message gets displayed, then the browser has been updated
Use the "Start Tor Browser" button, because "Tor Browser Recommended" will most likely cease to function. You can delete this icon, and the "Update Tor Browser" icon from the KDE desktop to avoid confusion.
If necessary you can still start the other browser by using the KDE start menu.
6.2. Testing the browser configuration
Go to http://ip-check.info and click START TEST!
All attributes should be green or orange.
Go to http://panopticlick.eff.org and click TEST ME
You should see something like "Within our dataset of several million visitors, only one in 642 browsers have the same fingerprint as yours."
6.3. (optional) Uptodate version of Firefox
If Torbrowser annoys you, you can additionally install the latest version of Firefox. It will automatically get torified by Whonix. The configuration files are stored in another place than those of Tor Browser.
Using Torbrowser is probably safer however.
To do this, start Konsole from the desktop and enter "sudo su", enter your user password when prompted.
Then paste these lines:
echo -e "\ndeb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main" | tee -a /etc/apt/sources.list > /dev/null
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C1289A29
apt-get update
apt-get install firefox-mozilla-build
You can now start Firefox through the KDE start button -> Applications -> Internet -> Browser
To make it more anonymous than pseudonymous, complete step 7 of my other tutorial (Xubuntu). Unfortunately the language part in about:config doesn't seem to work in this installation.
Link to the other tutorial step 7: http://dkn255hz262ypmii.onion/index.php?topic=201405.msg1445799#msg1445799
7. Preparing PGP
7.1. Install PGP tools
KPGP doesn't work in the current version of Whonix. Let's use Seahorse and Geany instead.
Click the Konsole icon on the KDE desktop and enter
apt-get install seahorse geany geany-plugin-pg pinentry-gtk2 gpa
Enter your user password when prompted, and enter "y" when prompted.
Start Development -> Geany from the KDE start button
In the Geany window, open Tools menu -> Plugin Manager, check "GeanyPG" and click "OK"
7.2. Creating your PGP key
You can skip this step if you already have a GnuPG keyring from another Linux machine. Simply copy the .gnupg folder to /home/user
Click the start button and enter "seahorse" into the search box
Click "Passwords and Keys" with the right mouse button and select "Add to Desktop"
Start Passwords and Keys from the start menu or from the desktop
Click "+" and select PGP key
Enter a fake name, fake email and click Advanced key options
Set Key Strength to 4096 and click Create
-
8. Using Whonix
Congratulations. The installation of Whonix is complete. You can now create snapshots in VirtualBox if you like. However it is not recommended (by overly paranoid people) to use the Restore Snapshoot feature of VirtualBox every time, instead you should properly shutdown the virtual machines (start button on desktop or "sudo halt" on the command line/gateway) and boot them normally when you want to use Whonix again. Especially the snapshot of the Whonix-Gateway should not get restored every time you use Whonix. Instead you should restore the snapshot only if you broke something or you think you may have been under attack by malware.
[WARNING]
If you restore a snapshot, all changes made after the snapshot will be lost. So if you've made important changes to Whonix or the browser, you may want to create another snapshot and delete the old one.
[/WARNING]
Before taking the snapshot you may also want to disable the Shared Clipboard feature from the Devices menu in VirtualBox. Overly paranoid users do not recommend to have this turned on all the time.
To create a snapshot, click the "Machine" menu in the running virtual machine window and select "Take Snapshot". You can basically create an unlimited number of snapshots, this is only limited by the size of your TrueCrypt container. Deleting a snapshot will merge it with the previous machine state, so the changes you made before taking the snapshot will be made permanent.
8.1. Booting the virtual machines
Plug the USB stick into a Windows computer, open the USB drive folder and start Truecrypt.exe
Select the drive letter you used while creating the TrueCrypt container (in this tutorial we used drive letter L:)
Click the "Select File" button and choose the "crypt" file on your USB stick
Click "Mount" and enter your TrueCrypt password
Start Portable-VirtualBox.exe from the USB stick
If it displays an error message you can usually ignore it
Click the green Start arrow to start Whonix-Gateway and wait until it's booted
Click the green Start arrow to start Whonix-Workstation
8.2. Using PGP
[IMPORTANT]
PGP is broken in the current version of this tutorial. You can encrypt messages, but you can't decrypt them.
Until this has been fixed you can use GPG4USB to create a key and to encrypt/decrypt text.
Download GPG4USB from http://gpg4usb.cpunk.de to the /home/user folder
Click the Konsole icon on the desktop and enter the following line
sudo apt-get install unzip
Click the "Dolphin File Manager" icon in the KDE task bar
Click gpg4usb-xxxx.zip with the right mousebutton and select Extract -> Extract Archive Here
You can start the program by using the Dolphin File Manager and clicking the "start_linux" icon in the gpg4usb folder.
[/IMPORTANT]
You can either use GNU Privacy Assistant or Seahorse to manage PGP keys. GPA can be started by click the start button -> Applications -> GNU Privacy Assistant.
Seahorse (Passwords and Keys) can be started from the icon you created on the desktop.
8.2.1. Adding public PGP keys to your keyring
To add a public PGP key to your list, copy it to your clipboard and start Passwords and Keys from the KDE desktop
Open the "Edit" menu and click "Paste"
To see the newly added key, click View -> Show any
(Important) Click the newly imported key with your right mousebutton, select Properties, click the Trust tab and click the "Sign this Key" button
(Important) In the "Sign Key" window select "Casually" or "Very Carefully", click the "Sign" button and enter your PGP passphrase
You can now close the "Passwords and Keys" window again or add some more keys. The last 2 steps are important because otherwise Geany will refuse to encrypt your messages later.
8.2.2. Encrypting text with Geany
Start Development -> Geany and type or paste your text into the editor
Select the whole text, either with Edit -> Select All or by pressing CTRL + A
Open Tools -> GeanyPG -> Encrypt, select the recipient(s) and click the "OK" button
Select the encrypted text and copy it to your clipboard.
8.2.3. Decrypting text with Geany
This is broken in the current version of this tutorial.
Start Development -> Geany and paste the encrypted text into the editor
Select the whole text, either with Edit -> Select All or by pressing CTRL + A
Open Tools -> GeanyPG -> Decrypt/Verify and enter your PGP passphrase
8.2.4. Copying your own public PGP key to the clipboard with Seahorse
Start Settings -> Passwords and Keys and select the "My Personal Keys" tab
Click the key you want to copy with the right mousebutton and select "Copy"
You can now paste the key into your browser, text editor etc.
8.3. Changing Tor configuration
You can change the configuration of Tor by using Vidalia on the Whonix-Workstation, if you installed the Tor Browser update as suggested in this tutorial.
However it may be better to make those changes on the Whonix-Gateway instead, by using Putty as described in step 5.
8.4. Using shared folders
If you specified shared folders at step 3.2.2.2., have a look at this page to understand how to access them:
http://zo7fksnun4b4v4jv.onion/wiki/VirtualBox_Guest_Additions#Shared_Folder
8.5. Updating Whonix
You have to update both, Whonix-Workstation and Whonix-Gateway seperately.
Whonix-Workstation: Open Konsole and enter "sudo apt-get update && apt-get upgrade"
Whonix-Gateway: Open Konsole and enter "sudo apt-get update && apt-get upgrade"
If you want to upgrade not only the software, but the whole OS, you have to use "apt-get dist-upgrade" instead.
See this page on how to upgrade the OS in an overly paranoid way:
http://zo7fksnun4b4v4jv.onion/wiki/Install_Software#How_to_install_or_update_with_most_caution.3F
Do you have any suggestions or questions about this tutorial? Was there any problem during installation?
Post it in this thread. Don't send me a private message.
You may also use the Whonix forum to ask your questions, anonymous posting is allowed:
http://zo7fksnun4b4v4jv.onion/wiki/Special:AWCforum/sf/id5/General_Discussion.html
-
[WARNING]
1. For some unknown reason PGP makes problems in Whonix (Whonix is experimental software). You can encrypt messages, but you can't decrypt them. So unfortunately this tutorial is mostly useless for vendors right now.
The tutorial will be updated once a fix has been found.
I couldn't even launch Kpgp, but GPG4USB works well in the Whonix Workstation, or on any 32 bit Linux. A lot of people already have experience with it, too. It's portable, so just download, extract, and use as normal.
-
I just figured out Kgpg actually does run, but it hides/minimizes to the tray after start. Fucking KDE desktop. I think I'll add a "replace KDE with Xfce" step to the guide. Will also have a look at GPG4USB.
Edit:
The tutorial has been updated. There is now a way to decrypt PGP messages with GPG4USB. The downside is that you can't copy your .gnupg folder from another installation (e.g. Tails). You'd have to import your keys in another way. See step 8.2. for more information about how to install GPG4USB.
I've also removed the warnings about clearnet traffic. I was under the impression that Whonix updates software packages through the clearnet, but this is not the case. I used an IP traffic monitor (iptraf) to see what connections Whonix makes to the internet and saw that it uses Tor to update software packages.
-
Good tutorial also if a bit over-complicated for a beginner imo (but naturally the complication is a point in the favor of the tutorial if are more advanced).
I actually prefer Chrome over Firefox so I use it instead in in my Whonix Guest (another benefit of Whonix) with almost all plug-ins + JavaScript disabled and history blocked. All the "complicacy" about adding the TOR bundle as in this tutorial gets removed in this way.
P.S.: Concerning the old astor's thread about Whonix, he wrote there that you need to create maps or onion addresses cannot be resolved on their own but I found out that it actually was not so and they worked by themselves (not immediately but the browser "corrected" the address and then entered permanently - this with Chrome) and actually creating addresses made it so that certain sites didn't work (as for example Atlantis because it considered the attempt as phishing site).
-
I just figured out Kgpg actually does run, but it hides/minimizes to the tray after start. Fucking KDE desktop. I think I'll add a "replace KDE with Xfce" step to the guide.
Son of a bitch, was that it? Yeah, I don't like KDE either. It's the main reason I use my own Workstations in Whonix.
The tutorial has been updated. There is now a way to decrypt PGP messages with GPG4USB... See step 8.2. for more information about how to install GPG4USB.
That should be useful for many people. A largish percentage of this community uses GPG4USB, to the point that they run it in Tails, which already comes with a GUI PGP program (by way of the Gedit text encryption plugin). They're just used to GPG4USB.
-
I just figured out Kgpg actually does run, but it hides/minimizes to the tray after start. Fucking KDE desktop. I think I'll add a "replace KDE with Xfce" step to the guide.
Son of a bitch, was that it? Yeah, I don't like KDE either. It's the main reason I use my own Workstations in Whonix.
The tutorial has been updated. There is now a way to decrypt PGP messages with GPG4USB... See step 8.2. for more information about how to install GPG4USB.
That should be useful for many people. A largish percentage of this community uses GPG4USB, to the point that they run it in Tails, which already comes with a GUI PGP program (by way of the Gedit text encryption plugin). They're just used to GPG4USB.
I have you to thank for learning basics of PGP (you are the one with the tutorial, I think/hope?). :)
-
Awesome, I've been meaning to try this out
-
Another step has been added. Step 6.3. explains how to install the latest version of Firefox.
I could also write another tutorial how to make a bootable USB stick with Whonix virtual machines on it. However that couldn't be accessed from the Windows desktop. You'd have to reboot your computer every time to use it, like Tails. It would work on any computer with modern AMD and Intel CPU, including Macs. Anyone interested?
I'm still using the Xubuntu with Firefox 23 from my first tutorial btw. But I'm not a vendor, and I'm not posting anything on the clearnet which could get LE interested in me. If I was a vendor I would use a bootable Whonix USB stick, or physically isolated Whonix installations on 2 computers. At least until I copied all the important features of Whonix to my Xubuntu.