----- Forwarded message from adrelanos ----- Date: Sat, 12 Oct 2013 18:53:38 +0000 From: adrelanos To: liberationtech Subject: [liberationtech] Whonix Anonymous Operating System Version 7 Released! Message-ID: <52599AB2.5070305@riseup.net> Reply-To: liberationtech -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and the principle of security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP. Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. Download: https://www.whonix.org/wiki/Download Users of Whonix 0.5.6 and below: There is no upgrade path from Whonix 0.5.6 to Whonix 7. You have to manually download new Whonix images. Call for Help: If you know shell scripting (/bin/bash) and linux sysadmin, please join us! There are plenty of ways to make Whonix safer. We are also looking for an https direct download mirror. Whonix 7 Changelog: * Updated Tor to 0.2.4. * Installed obfs3 by default. (for obfsproxy bridges) * New Identity button on Tor Browser is now functional thanks to the Control Port Filter Proxy (#3). * Tor Browser is now the system default browser (#86). In addition, when opening a link or an html file it will ask for confirmation to avoid accidental linking. (configurable) * Graphical Whonix-Gateway (#26). Optionally, if you reduce Whonix-Gateway RAM to below 500 MB, let's say to 128 MB, you automagically end up with the usual non-graphical Whonix-Gateway. (configurable) * Whonix now includes an updater. It can not be promised that you will never have to download a new image for next stable releases, but we are on that way. Interested testers may have to download images of testing releases from time to time. * Tor networking is disabled for the first start of Whonix-Gateway. The connection wizard (whonixsetup) will automatically start to help enabling Tor or setting up bridges. This is useful for people using bridges to connect to the Tor network to hide the fact that they are using Tor. * The current Tor Browser Bundle (TBB) Alpha, which will soon become the new TBB stable, will work out of the box in Whonix, even if you download and install it manually from torproject.org. This is useful for the case that the Whonix Tor Browser updater breaks due to changes on torproject.org. Tor over Tor situation will be automatically prevented on manual installs. * Boot Clock Randomization. * Time Sanity Check. * Higher console resolution: 1024x768 (without X). * Disabled the throw-keyids option on gpg.conf due to usability issues. Enable it manually if you need it. * Fixed uwt. To do certain tasks such as installing the Adobe Flash plugin or running update-command-not-found you no longer need to "chmod -x /usr/local/bin/curl". * Deactivated the kgpg tray icon by default (#10), not perfect, but less confusing, since it will now start in foreground by default and no longer as tray icon (which was automatically and confusingly hidden by default). * Downloading Tor Browser and signature from idnxcnkne4qt76tg.onion instead of torproject.org for better security when run inside Whonix. * Time Privacy wrapper (optional). * Enable "apparmor=1 security=apparmor" by default (didn't enable enforce mode or add any useful profiles yet). * Manpages for scripts which come with Whonix. * Flexible modular .d style configuration folders: /etc/whonix.d/, /etc/whonix_firewall.d/, /etc/controlportfilt.d/. * Moved blog to wordpress.com, better than sourceforge, because wordpress.com supports SSL, closed #23. * Lots of other improvements and bug fixes which can be found under the git log. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSWZqwAAoJEJwTGtNxOq7vH9YP/jwBuyMyFZ4hP9AMgPHjMTHG uxYRy7mHzJIum9goghWrAgYTys3oGyHDSMTuhErcJ+bEV4jb2WAqifUa+iId8rs/ 6HeHfssctY7fHoxbaKbapMlCJ6JN0pU23RtsWsZcn5jXaldmtVHMlS4PWMuU56Mh oSuH2cw6KvsKo/QO3F7xVnYy4VNX28oEeF3dWf4keZN8Sr+Nezlci0nPYYuHCNv/ DUwv1kpSW5B5+Ki5xJW9CgiGeOtw7kwL2w4gbcI7yAywEWytCkVeDHCF/sHdqYf/ PcCpQ23FQmRBB3MKLNF1qr47uj1ninbM+EPLtZQV9vVx3Qpgcv9mnMEV2zu1/geu ydjXMZv+v3UmFvG//Uttciga7Dk4XXpY8HKglS0YkRY0E7KLOkdRvO2Y2G57EQMC Pp2UoSWv43gBtoeKNIJXwjrm7UDPvhB6UHavORIB7feeBI4ke0FN6vJ81jpwUvIm PV2yBXfBguByZvG2oRUbQbgKFcg/OfD+ydOG+SJwcqNops28VjJ7qcgsUFb4vk/m v83DzogQOB0Wz0iWBlZkBTH8OI7+HebX+ocrLuGQif9z2OHGQ2UzeKgFlg97gj6N l2rD0JWHbqPhXvLKJIzNZAWN9QAuIo0QCPPcpBWKvlaQTKalxnFsm7Gz4Pg5eSdZ cgSrquvrMEOLlNGRagZ9 =nyvS -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5