Qubes Project gets OTF funding to integrate Whonix, improve UX

[Joanna Rutkowska]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Here is some great news:
http://blog.invisiblethings.org/2015/06/04/otf-funding-announcement.html

In other news: Qubes Canary #3 has been published yesterday:
https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-003-2015.txt

Thanks,
joanna.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJVcDK0AAoJEDOT2L8N3GcYri0P/3nz8NW3UWfdS59/6ShI0nnd
woC4QZBUZjrFI2XxEotFQSGXZTk9DUmEwPUms04pY7Qe7PfUGK9DY8vxHXT8Cc0N
C8PyMUkXNthKPiNWU4RtzSLzZBUTUFUsbLszlSA1VfczQUftgUGmqMIhOG5tbeTf
LrZUPfl0wEmn8fC4AKK+lg031H9DqbSJZgRVTsyToh8/KZcLCDFMMy1on/05oT5B
CMKl2KFTV6mVg5ZTEeUXKbsI8Je+LVR+EWuLXK4x8kyylNXUqCbPdXpXanJSl3Kd
cA3Qskn5YY8f8KB3QTtwYRcLoswB9S4rAJWEem0v5vaA8pQ340qTk3YwMeLo66yn
ObwS2mZar8Y4xbrE4vL5XxvIOa8HamAlCOwK8K4KUMfJE1wTde1UP7gDF58C6YBk
z8LkJmSiENxyk/vw+gQ1hY4kj9XES/kRlW05Gu22KaBqmVskRSWndMJYIN6L9bwo
z1QCbNLPOGBF7rakglQp8q3g6MCbC+2oPbzXdDKrJtvxn2ire6NLKlr5HF9zDZ1G
L03xc/Ak6mzhEWedBQUfbFalprRIU1eL96kVbN1671Q4Lnw5pMDsmxTr7gOlLKlX
R1kfMv1C0/AKcYO3NnJko06PobD7wJ9rkzqvVofqPA3sSLejuVgPloi7EzXrpYzj
54gzhojcNFhkxtumUcTh
=Q1lS
-----END PGP SIGNATURE-----

[Franz]

On Thu, Jun 4, 2015 at 8:12 AM, Joanna Rutkowska <joa...@invisiblethingslab.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Here is some great news:
http://blog.invisiblethings.org/2015/06/04/otf-funding-announcement.html

In other news: Qubes Canary #3 has been published yesterday:
https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-003-2015.txt

Thanks,
joanna.

Congratulations Joanna really great news. Most of all it is a beginning. Perhaps it is a path that may expand with other sponsors. Such an expansion would also solve the problems you mentioned about acception a USG funding. What matters is to avoid a total dependency from a single source of funding.

Bes

Fran            

-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJVcDK0AAoJEDOT2L8N3GcYri0P/3nz8NW3UWfdS59/6ShI0nnd
woC4QZBUZjrFI2XxEotFQSGXZTk9DUmEwPUms04pY7Qe7PfUGK9DY8vxHXT8Cc0N
C8PyMUkXNthKPiNWU4RtzSLzZBUTUFUsbLszlSA1VfczQUftgUGmqMIhOG5tbeTf
LrZUPfl0wEmn8fC4AKK+lg031H9DqbSJZgRVTsyToh8/KZcLCDFMMy1on/05oT5B
CMKl2KFTV6mVg5ZTEeUXKbsI8Je+LVR+EWuLXK4x8kyylNXUqCbPdXpXanJSl3Kd
cA3Qskn5YY8f8KB3QTtwYRcLoswB9S4rAJWEem0v5vaA8pQ340qTk3YwMeLo66yn
ObwS2mZar8Y4xbrE4vL5XxvIOa8HamAlCOwK8K4KUMfJE1wTde1UP7gDF58C6YBk
z8LkJmSiENxyk/vw+gQ1hY4kj9XES/kRlW05Gu22KaBqmVskRSWndMJYIN6L9bwo
z1QCbNLPOGBF7rakglQp8q3g6MCbC+2oPbzXdDKrJtvxn2ire6NLKlr5HF9zDZ1G
L03xc/Ak6mzhEWedBQUfbFalprRIU1eL96kVbN1671Q4Lnw5pMDsmxTr7gOlLKlX
R1kfMv1C0/AKcYO3NnJko06PobD7wJ9rkzqvVofqPA3sSLejuVgPloi7EzXrpYzj
54gzhojcNFhkxtumUcTh
=Q1lS
-----END PGP SIGNATURE-----

--
You received this message because you are subscribed to the Google Groups "qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20150604111252.GA8110%40work-mutt.
For more options, visit https://groups.google.com/d/optout.

[ndbuc...@gmail.com]

congratulations! I have been using qubes for about 3 months and I LOVE it!

[Unman]

On Thu, Jun 04, 2015 at 01:12:52PM +0200, Joanna Rutkowska wrote:
> Hello,
>
> Here is some great news:
> http://blog.invisiblethings.org/2015/06/04/otf-funding-announcement.html
>
> In other news: Qubes Canary #3 has been published yesterday:
> https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-003-2015.txt
>
> Thanks,
> joanna.
>

Great news on the funding, congratulations.

It isn't clear to me what features the whonix gateway provides that the
torvm/torfw combo doesn't - can someone on the whonix side help me out on
this?

cheers

unman

[cprise]

They have a detailed comparison here:

https://www.whonix.org/wiki/Comparison_with_Others

If you want to use non-browser apps over Tor then Whonix is better
because they test for leaks and each app benefits from stream isolation.
It also protects against fingerprinting, and sets up TorBrowser as the
default browser (last I checked in TorVM, you had to use regular Firefox
or go through a special TorBrowser setup process that isn't described in
the wiki).

[Unman]

I've read that comparison and I've ploughed through lots of the whonix
documentation. What i haven't seen is a design document or specification
for the whonix gateway.

On the points you mention, the torvm provides stream isolation, and the
setup of TBB is pretty trivial and (now) well documented. I thought that
it was the whonix ws which provided protection against fingerprinting -
is this a function performed by the gateway too?
As for the testing, do you mean that there's some packet inspection in
the gateway to guard against metadata leakage or something like that? Or
do you mean that whonix-qubes is tested in some way that qubes isn't? If it's
the latter then we can pretty easily fix that.

There's a comment in the documentation that the whonix templates may
provide a more usable and robust solution for torifying traffic. As I
don't encounter any problems with the torvm, and haven't seen many
reported in the lists, I don't know what to make of this.

What I was looking for was some detail on what the whonix gateway
provides that the torvm/torfw combo doesn't. The reason why I think it's
important is that if there are features then I think they should be
ported to the torvm so that users who don't want to use
whonix will still benefit from them.
Also the advantage of a simpler system, only one code base to maintain
etc etc. And if there were a unified tor gateway solution the devs could
focus on the whonix workstation template, which is, I think, where most
of the anonymising configuration in the apps takes place.

Anyone help me out?

unman

[Jason M]

No packet inspection.
 

There's a comment in the documentation that the whonix templates may
provide a more usable and robust solution for torifying traffic. As I
don't encounter any problems with the torvm, and haven't seen many
reported in the lists, I don't know what to make of this.

Pretty much everything out of the box is torified. Updates to TemplateVM  are also performed over Tor.

What I was looking for was some detail on what the whonix gateway
provides that the torvm/torfw combo doesn't. The reason why I think it's
important is that if there are features then I think they should be
ported to the torvm so that users who don't want to use
whonix will still benefit from them.  

Also the advantage of a simpler system, only one code base to maintain
etc etc. And if there were a unified tor gateway solution the devs could
focus on the whonix workstation template, which is, I think, where most
of the anonymising configuration in the apps takes place.

Anyone help me out?

I sent a message to Patrick, the creator of Whonix to see if he would pop by to answer this question. Whonix contains many packages to maximize privacy and anonymity (I just counted 118 of them being built during my last build).

[Jon Solworth]

Joanna,

 Congratulations on the grant.  It will, I hope, be the first of many.

Jon Solworth