From f25c2a330972d61a3fb0eed45e875062dc29dfd2 Mon Sep 17 00:00:00 2001 From: Tommy Date: Sun, 2 Feb 2025 21:11:53 -0700 Subject: [PATCH] Add sentence that a Whonix would be better off on a different base --- .../linux/Choosing Your Desktop Linux Distribution/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/linux/Choosing Your Desktop Linux Distribution/index.md b/content/posts/linux/Choosing Your Desktop Linux Distribution/index.md index 228434c..1c0f35f 100644 --- a/content/posts/linux/Choosing Your Desktop Linux Distribution/index.md +++ b/content/posts/linux/Choosing Your Desktop Linux Distribution/index.md @@ -88,6 +88,6 @@ Fedora Atomic Desktop's European counterpart. openSUSE Aeon is a rolling release [Whonix](https://www.whonix.org/) is a distribution focused on anonymity based on [Kicksecure](https://www.whonix.org/wiki/Kicksecure). It is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden. It is currently the best solution that I know of if your threat model requires anonymity. -Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [boot clock randomization](https://www.kicksecure.com/wiki/Boot_Clock_Randomization), [encrypted swap](https://github.com/Whonix/swap-file-creator), hardened boot parameters, and hardened kernel settings. One downside of Whonix is that it still inherits outdated packages with lots of downstream patching from Debian. +Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [boot clock randomization](https://www.kicksecure.com/wiki/Boot_Clock_Randomization), [encrypted swap](https://github.com/Whonix/swap-file-creator), hardened boot parameters, and hardened kernel settings. One downside of Whonix is that it still inherits outdated packages with lots of downstream patching from Debian. It would be better if Whonix gets reimplemented on top of a more sensible base like SecureBlue, although no such system publicly exists yet. Although Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has [various disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors.