Hi, I am making this topic because I am curious about the current safety status of using Kicksecure to run a Tor hidden service under default configurations, and what mitigations against entry-guard attacks are currently recommended and supported, if any.
I understand that Tor itself is baked-in with Vanguards Lite, but unless I am misunderstanding the documentation, this is not appropriate for a hidden service that is intended to be active for more than one month. (I would provide this documentation for review, but the board will not let me post a link).
From searches on the Whonix forums, I have seen it suggested to downgrade Tor and then re-enable Vanguards? (Again, I can’t include the link to this…)
Is this correct, and are there any special requirements for re-enabling Vanguards or does it simply need to be installed and enabled via systemctl?
Thanks.
Same as Tor on Debian. Nothing special because it’s Kicksecure. Self Support First Policy for Kicksecure applies.
Not development focus for Kicksecure. As per:
Therefore this is unsupported.
Apologies, I appreciate the self-support first policy, but I also seem to have confused the Kicksecure and Whonix design goals. Since this is an anonymity issue, should I create a topic for this on the Whonix forums instead, or would that also be more or less an unsupported feature? I want to clarify because the documentation I referred to seemed to suggest that it once was a feature enabled by default in Whonix, but I mistakenly thought that meant that would/should carry into Kicksecure as well. I have followed some of the discussion about the issue on the Whonix forums, but there seems to be the suggestion that since Vanguards Lite is baked into Tor by default that there’s no need to address it as an anonminity issue. However I am still curious if this is going to end up being something that gets re-enabled with the goal of supporting the anonminity of Whonix users running “long-term” hidden services and if you would rather answer that here than have me create an entirely different topic?
Thanks
What’s unclear about Privacy Goals and Non-Goals of Kicksecure?
This forum is only about Kicksecure.
And I doubt a new forum thread in Whonix forums is required.
Right.
If “full” vanguards was fixed, maintained upstream (original developers), then maybe Kicksecure could install it by default. Since that isn’t the case, that’s not possible.
True.
The value of “full” vanguards is questionable if not fixed/maintained upstream.
Doesn’t belong into Kicksecure forums.
And no new forum thread in Whonix forums needed either.
- Would it be nice? Yes, good in theory. But many things would be good in theory but don’t exist either.
- Is it available? No. Not fixed/maintained upstream.
As long as that is as that, it remains unsupported. What that means and your only options are documented here: