My aim is to avoid outgoing clearnet traffic.
Is it right that in the default installation of Kicksecure only the following outgoing traffic is torified?
- automatic and manual updates from Kicksecure repository or using sudo apt-get dist-upgrade
- using sudo apt update
- using sudo apt full-upgrade
- installing new software with sudo apt install
Is it correct that when not starting any apps that open a connection there won’t be any outgoing clearnet traffic, i.e. after starting Kicksecure and leave it idle or only installing and updating software there will be no outgoing clearnet traffic?
That should be the case.
But, quote Network, Browser and Website Fingerprint
Non-Existing Network Fingerprint Research and Implementation
What does not exist according to publicly available information:
- A) No phone home research: A research term that continuously verifies that no software installed by default (or usually installed) in Kicksecure exhibits any phone home activity over clearnet by default.
- B) No fingerprint research: A research term that continuously analyzes the network fingerprints of Microsoft Windows, Debian, TBB, Tails, Whonix, Kicksecure, etc., across different hardware setups, and publishes the results.
- C) No fingerprint emulation development team: Based on the above research, a development team aiming to emulate popular network fingerprints.
And.
Kicksecure: Might get a feature to restrict outgoing traffic to specific Linux user accounts and/or IP addresses. But it’s not yet implemented. For latest status, see ticket: Kicksecure Firewall
1 Like
Thanks a lot. Is my understanding right that following traffic is also torified by default?
- updatecheck
- System check
- Checking for updates via Kicksecure Repository Wizard
- Checking for updates via System Maintenance Panel
These are just different front-ends using the same backend. (APT)
Logs / CLI output of all tools shows that.
Doesn’t exist. No connectivity.
Run it from CLI to de-mystify what it does. That goes for all tools. Check CLI output / log.
Any major action is self-documenting. These tools say what they do.
Strictly technically speaking, APT isn’t torified. It would be wrong to say “APT is torified”.
What’s actually done is described here. torified updates It’s worded very carefully.
This means all default APT package manager source files are set to only update over the Tor anonymity network.
default APT package manager source files
It doesn’t include non-default, user-added APT sources.list files.
But no description is perfect and can replace looking up the actual /etc/apt/sources.list file and files in /etc/apt/sources.list.d folder.
Maybe APT, flatpak should be torified in a future version. Though, when Kicksecure Firewall gets implemented (and this feature activated), should do what you want.
But the certainty degree of avoiding clearnet leaks won’t be as good as Whonix. (Reliable IP Hiding - with Whonix - The All Tor Operating System)
1 Like
Much appreciated! Thanks for taking time answering my questions and referencing me to the according descriptions.
I like this certainty which you have with Whonix. Trying to run everything through it but wanted some clarity regarding Kicksecure updates about how they work specifically in terms of outgoing traffic. Thanks again.
You would need to manually create a transparent Tor proxy firewall preferably with nftables (I plan to make a guide)