I recently visited the Whonix community website for an unrelated purpose and discovered something that I think in honest to good faith deserves public discussion.
I was alarmed and shocked to see my post abruptly deleted and my account permanently disabled.
I would like to post my thoughts here to the Qubes User community for further scrutiny and discussion and perhaps maybe get the attention of the project maintainer who I do see regularly participate on this channel.
Below is a copy paste of the submission which was deleted from the Whonix community forum.
[Quote]
This post is in no way doubting the integrity or calling into question the character of Mig5 the new sysadmin for the whonix project.
But I do feel it is necessary to point out that the new sysadmin is Australian (or resides in Australia). Under Australian law, he can be compelled through threat of imprisonment to cooperate with the Australian government. This law is designed to compel individuals that work on projects such as Whonix to insert or write code that permits lawful access. If a person is served with such enforcement, they are required to keep it secret or risk imprisonment.
This law was only recently introduced and is already being used to great effect according to recent reports.
While Whonix is an open-source project it is important to remember that open source does not imply greater security. One only needs to consider one of the most widely used and scrutinized open source projects (OpenSSL) had a backdoor that went undetected for several years. It was just two lines of code. It literally broke the internet.
I deeply regret having to bring this to the attention of the community please do not interpret my thoughts here as a question of Mig5's character. I value all contributions but believe the circumstances and severity of the consequences warrant public discussion. The bottom line is, as the law is written, he would be required to cooperate and in secret. I think someone like him, in a position he now occupies, represents a textbook example of why this law was written in the first place. In my opinion, it is not a question of "if" he is compelled but rather just a matter of "when".
Unfortunately it is not uncommon for Whonix to be encountered by forensic analysts who have the regrettable job of investigating computer equipment seized by suspects charged with child abuse related offenses. At least not in Australia. I can say with certainty this project already has high visibility among specific cyber investigative divisions within both state and federal AG. I do not have any classified information I can share and if I did I would not share it but I can provide some information in private to Patrick that taken to its logical conclusion would suggest this project is likely to be a high priority target for these new laws.
[/Quote]
Great effect? Where are your sources? I can't take you seriously without proper sources. Gut feelings, suspicions, it all means nothing without evidence. Should we all bust out the tin foil while we're here, too?
In what ways could Whonix be modified to pose a threat to us? They can't modify Tor, and any change they do to the OS is in clear visibility. How will they back door it? Any existing case examples?
And don't feel bad. Patrick banned me from the forums too once a long while ago. I told him I'd never post there again and never did. lol.
I was constantly having issues with whonix. You are a target just for using it. You really have to pay attention when you are updating it.
Sill never understood why the user qubes-whonix left the project in flamboyant fashion claiming it was just a "cool experiment" and its "security was not taken seriously" ...
I stopped using whonix after the annoying clock issue. And then couldn't be troubled to install the latest version and just removed it instead.
I'm sure it has its purposes and some people need it. But I don't. The websites I use qubes for ban tor or it just has no benefit. Anonymity is different then privacy.
Ok well then I banned myself before flipping out lol. I'm sure I have more threads then that.
But I for one wouldn't trust you the same as trusting someone like Marek. And thats what it boils down to. You are a little too emotional and have multiple agendas in your life. But at least you're not as bad as the subgraph os guy. And hey I wouldn't trust me if I was running a project either lol.
Nor would I trust it as much as a project like debian that has so many more free software eyes on it.
Everytime I came to you with a problem you had an attitude. I never experienced that on qubes forums. And updating whonix is so sketchy and such a pain in the ass I gave up on it. I have no need for it. I think it creates more security problems then it solves in qubes.
You could live like a monk. Which is the only way to be truly secure, but you would be missing out on many life experiences. But to each his own.
LIke I said, I was using tor to check certificates and update my qubes. But its so dam slow, the whonix qubes is always so sketchy with errors, and there isn't much support help for it. So I stopped using it.
I'm a gamer and I'm talking to you from a non hardened windows 10 machine right now lmao.. Qubes is my family machine and for more sensitive tasks. And mostly for sites that block tor. Like banking, I shop online for example, download files from USB disks, its for daily tasks besides entertainment.
Don't most IRC networks even block tor now? Tor to me is almost dangerous to use.
I'd only use tor as my daily connection right now if I was fearing for my life or fear of imprisonment. And then I'd probably be using tails with a disposable flash drive.
I think alot of the problems in society stem from the fact we apply different principals and morals to the physical world from the digital realm. They really are not different at all no matter how much people treat them differently. Now these false sense of entitlements are carrying over to the physical world and its scary. When it really should be the other way around.
The reason why I say privacy and anonymity are two diff things. And way apart from security. is For example if I log into a facebook .onion site. Its still my identity. All that information about you is still being sold to ad agencies. Governments are still watching it. The only benefit I can see, is again, people hiding their location for fear of their life or imprisonment.
And actually be using it you are using up bandwidth those people could be using, just to feel special.
Meanwhile you are taking up bandwidth from people who are fearing for their life or imprisonment. Maybe you're getting someone killed to stick it to the ad agencies. Seems selfish and silly to me, and not a reason to be using tor.
Meanwhile without ad agencies we wouldn't prolly even have an internet. I can get into that if you want lol. But i'm more worried about my medical history being sold. My credit and personal and financial information... Not what I browse or shop for. come on...
well thats a good point. and you do need people around the world to use it I guess even in countries of people that do not fear imprisonment.
The thing is so slow though that i'm sure people die every day relying on it.
Why is it so painfully slow then. It doesn't seem practical to use at all for daily activities. Even using it to update fedora was horrible. Not to mention whonix constantly timing out. I can't be alone in thinking this.
If you are actually waiting 5 mins to log into facebook, you better be fearing for your life. Not trying to stop google from tracking you lmao...
10 mins can also cost a life.
I can't be anonymous online I guess is my point for most of my daily activites, and nobody is hunting my physical location. And even if they were they could find me easily.
I care more about performance for sure. And the security of my hardware and data from remote attacks.
You say tor has plenty of bandwidth to go around, but it certainly doesn't feel like that. and I don't want to be using up bandwidth somebody else truly needs.
I was using tor sometimes for updating qubes, but it was too slow. I was using tor to go to youtube, so videos I watched didn't pop up on my family's screen on the same ip.
But from this day forth i will abstain from using tor in the future.
Issues like having to manually update all the time to new versions by reinstalling is a real pain. Not very user friendly. Fact I was getting clock errors, etc. But most of the issues have to do with tor. Dns not matching, updates taking long time or timing out, invalid signatures. Its because tor users are targeted.
If you notice I'm not afraid to express myself without Tor. Anonymity in this way is cowardly and usually a bad thing. Leads to people acting and behaving and ways they normally wouldn't because they know they are not respectful. some examples are why e-sports is not a billion dollar industry like athletic sports. Its why social media has had overly negative impacts in recent years.
If people aren't accountable for their actions we wouldn't be living in a very nice world.
IMO the internet is now called facebook, instagram, twitter and youtube. because its the corner Americans have been backed into. But now that is also under attack, and the negatives are starting to outweight the positives, so it will be interesting what the future holds.
Just like Tsutomu Shimomura, I believe the same morals and principles we apply in the physical realm need to be applied to the digital realm before anything changes for the better. People feel way too entitled and untouchable.
But before that happens its probably only going to get worse.
I unreservedly apologize to Patrick and mig5 for making this post. The work you do on the whonix project is of incredible value and I think my post here has lead to a discussion that I now regret instigating. None of the broader issues I raised are whonix specific. It was unfair to single out Patrick and his fantastic team. My post was reactive and without much thought.
More broadly I do advocate the position that if a country passes anti-sec laws the global tech community should attach a price to such action. The cost of exclusion from potential job markets and opportunities would not only put pressure on Australia reconsider it's position but deter future countries from following same path which has in my view got no good outcome.