1 00:00:00,858 --> 00:00:02,379 Let’s consider the weaknesses 2 00:00:02,477 --> 00:00:06,392 and things that Whonix simply isn’t designed to do. 3 00:00:06,594 --> 00:00:10,893 So first thing, it’s obvious to an observer that you are using TOR 4 00:00:11,223 --> 00:00:12,926 when you are using Whonix. 5 00:00:12,986 --> 00:00:16,835 It may also be obvious to an observer that you’re using Whonix itself 6 00:00:16,999 --> 00:00:20,453 based on fingerprint information that it may give away. 7 00:00:20,639 --> 00:00:23,914 Whonix won’t encrypt your document by default, 8 00:00:23,987 --> 00:00:26,733 it’s just simply not supposed to do that. 9 00:00:26,978 --> 00:00:30,579 It doesn’t clear the metadata out of your documents. 10 00:00:30,766 --> 00:00:35,396 It doesn’t encrypt the subject or the headers of your emails, 11 00:00:35,536 --> 00:00:39,163 encrypted emails, because that’s not what it’s designed to do. 12 00:00:39,413 --> 00:00:43,714 Whonix doesn’t separate your different contextual identities. 13 00:00:44,034 --> 00:00:46,393 It is not advisable, as I previously said, 14 00:00:46,503 --> 00:00:50,636 to use the same Whonix workstation to perform two tasks 15 00:00:50,760 --> 00:00:53,356 or endorse two contextual identities 16 00:00:53,691 --> 00:00:56,795 that you really want to keep separate from each other. 17 00:00:56,941 --> 00:01:01,623 It probably won’t protect you against firmware rootkits or bios attacks. 18 00:01:01,857 --> 00:01:04,775 It won’t protect you from hardware compromises 19 00:01:04,963 --> 00:01:09,895 like the SURLYSPAWN hardware key logo in the NSA ANT Catalog 20 00:01:10,330 --> 00:01:15,126 and the RAGEMASTER, the VGA cable retro reflector. 21 00:01:15,324 --> 00:01:18,462 It won’t protect you against hardware compromises like that. 22 00:01:18,601 --> 00:01:21,263 As is the same with any operating system and application, 23 00:01:21,430 --> 00:01:23,777 there could be security vulnerabilities 24 00:01:23,909 --> 00:01:26,337 and even a backdoor through either deliberate, 25 00:01:26,397 --> 00:01:29,154 coerced or accidental methods. 26 00:01:29,155 --> 00:01:31,093 But this is unlikely because Whonix 27 00:01:31,395 --> 00:01:33,863 essentially is really just a bunch of scripts, 28 00:01:34,146 --> 00:01:37,276 and as far as I’m aware, there’s no actual compiled code. 29 00:01:37,440 --> 00:01:39,305 Whonix is more difficult to set up 30 00:01:39,425 --> 00:01:43,019 compared to say for example the TOR browser on its own, 31 00:01:43,040 --> 00:01:46,785 or Tails if you’re just using it as a live CD. 32 00:01:47,161 --> 00:01:49,236 It requires that you have virtual machines, 33 00:01:49,336 --> 00:01:54,211 so therefore you need a hypervisor or you have spare hardware to run it on. 34 00:01:54,426 --> 00:01:58,002 It also requires higher maintenance than live CDs, 35 00:01:58,153 --> 00:02:00,359 as live CDs are just static. 36 00:02:00,617 --> 00:02:04,016 One of the most significant potential weaknesses in Whonix, 37 00:02:04,422 --> 00:02:08,921 if you need that feature, is that it is not an Amnesic system. 38 00:02:09,109 --> 00:02:11,337 So let me read from the website. 39 00:02:11,517 --> 00:02:15,927 "Unlike Tails, Whonix is not an Amnesic Live CD. 40 00:02:16,008 --> 00:02:18,014 If you install Whonix on your computer 41 00:02:18,094 --> 00:02:21,492 this will leave local traces on the harddrive, 42 00:02:21,545 --> 00:02:24,261 that you installed Whonix on that device. 43 00:02:24,562 --> 00:02:28,462 Any files you create will still exist after powering off 44 00:02:28,548 --> 00:02:34,657 or rebooting unless you securely wiped all signs of their previous existence. 45 00:02:34,730 --> 00:02:38,280 There are no special measures to limit what is written to disk. 46 00:02:38,368 --> 00:02:42,437 This includes user created files, backup files, temporary files, 47 00:02:42,527 --> 00:02:45,414 swap, chat history, browser history and so on. 48 00:02:45,525 --> 00:02:49,030 Whonix acts like an ordinary installed operating system." 49 00:02:49,138 --> 00:02:53,266 It also does not prevent the host memory swaps to the host disk, 50 00:02:53,345 --> 00:02:57,858 as we discussed in the section on VM weaknesses and data leaks. 51 00:02:58,512 --> 00:03:02,714 If you want an Amnesic system or a system that forgets, 52 00:03:02,812 --> 00:03:06,813 much like Tails, there are a couple of potential workarounds. 53 00:03:07,007 --> 00:03:08,936 You could use Snapshots 54 00:03:09,099 --> 00:03:14,369 and then restore back to a clean VM after you’ve finished your activities, 55 00:03:14,635 --> 00:03:18,542 and another option is encrypting the host operating system 56 00:03:18,642 --> 00:03:20,508 with full-disk encryption. 57 00:03:20,652 --> 00:03:24,158 These will help mitigate local forensic examination, 58 00:03:24,283 --> 00:03:25,399 but they are not as good 59 00:03:25,459 --> 00:03:28,239 as not having the information there in the first place. 60 00:03:28,787 --> 00:03:33,757 But Whonix isn’t designed to protect against local forensic examination. 61 00:03:33,817 --> 00:03:37,279 That is not the threat model that it is trying to mitigate. 62 00:03:37,461 --> 00:03:41,612 If this is your main concern, then Whonix is not the best option. 63 00:03:41,990 --> 00:03:44,598 The threats that Whonix is best suited to mitigate 64 00:03:44,768 --> 00:03:48,912 are protocol-level leaks and ISP snooping. 65 00:03:49,056 --> 00:03:54,107 Whonix is not a one-click security, privacy and anonymity solution. 66 00:03:54,263 --> 00:03:57,688 I recommend Whonix for the more technical person 67 00:03:57,803 --> 00:03:59,973 or for anyone who’s willing to spend some time 68 00:03:59,983 --> 00:04:01,923 really understanding how it works. 69 00:04:02,070 --> 00:04:05,429 Then customize it to your personal needs. 70 00:04:05,559 --> 00:04:09,764 The documentation is excellent and goes into lots of detail about security, 71 00:04:09,824 --> 00:04:12,066 privacy and anonymity generally. 72 00:04:12,214 --> 00:04:15,284 So, a thank you to the Whonix team for a great solution. 73 00:04:15,465 --> 00:04:18,091 Check it out if you haven’t checked it out already.