Torified updates in Kicksecure

So when I update, does it go over tor? or am I going to have to do more like this https://www.kicksecure.com/wiki/Onionizing_Repositories ? I noticed it was under this tor+https but is that also applying for updates manually through the terminal?

Apt is configured to download software updates from the Debian and Kicksecure repositories over TOR by default. See:

By default, non-onion repos are used since these are more reliable. This should not present a security or privacy risk for the end user. Onionizing repositories uses a Tor hidden service instead of going through an exit node, which is less reliable but comes with some additional security benefits.

1 Like

TY @arraybolt3, would you say stay as it is or go for the other way? Im just trying to make it as secure as possible.

I see the “Onionizing repositories uses a Tor hidden service instead of going through an exit node, which is less reliable but comes with some additional security benefits.”

From your prospective would you just leave it as default setup or change it to the pure tor?

1 Like

“Wiki is the Primary Source of Information vs Forums

The goal of the wiki is to provide an up-to-date source of information. Should that not be possible, at least appropriate notices will be posted on top of the wiki page. In no case are users expected to read long forum threads and find instructions in forum posts on how to perform actions such as installing applications. This is because posts are seldom edited and kept up-to-date due to forums being a different medium of information sharing than a wiki. Users are advised to view the wiki as the primary source of information.

The forums are used to ask for clarifications in case wiki instructions are unclear. The goal of forum discussions should be, if possible, on topic and appropriate, and eventually result in an improved wiki page on that topic. Forum posts will likely and inevitably be outdated over time. It’s better to check if the related wiki page has been updated meanwhile.

The wiki should always provide better instructions because collaborative editing of the wiki should result in higher quality documentation. Anyone can contribute. Improve the Documentation / Edit the Kicksecure Wiki.

This is in accordance with the Self Support First Policy”

All be sure to dive into this also, TY you guys for all your hard work.

2 Likes

Depends on your threat model. If you don’t expect to be the target of an attacker who is willing to both:

  • Coerce either us or Debian to ship malicious updates to specific targeted users, and either
    • Run enough Tor entry, relay, and exit nodes to trace your connection across every hop and deanonymize you that way, thus allowing them to actually know who you are and deliver malicious updates to you specifically, or
    • bypass TLS and deliver malicious updates to you or a large swath of users by acting as a man in the middle between your Tor exit node and either us or Debian…

…then there is no further security advantage to doing system updates through an onion service that I know of. If you do think you’re going to be targeted by such an attacker, then enabling the onion repos is probably a good idea, because that doubles the number of relays your Tor connection will use, and thus makes the deanonymization part of the first attack a lot harder. It also uses encryption separate from TLS encryption, which avoids the problems of a malicious certificate authority.

2 Likes

As user that use kicksecure daily I recommend you to leave default apt configuration through tor. It’s a good layer of anonimity and security, anyone just you should know what applications and programs you have installed, from what IP, location and from what device.

All this telemetry could be used for a good motive or by a malicious bad actor, like for example spread malware to users in specific locations if they gain access to update infraestructure. We saw it not too much time ago with notepad++ Notepad++ Supply Chain Attack: Update Hijack Analysis & Remediation | Orca Security

But what about flatpak? These updates/installation doesn’t go through tor right?

1 Like

Thank you for your insights.

Downloading through flatpack isn’t torified and nether are apt updates. They are only tariffed if I go the outlined way of doing it. If I go to terminal, I skip the tor wrapper, I believe.

Thats all fine, im just trying to fully understand this.

You guys have been awesome! ty for all the help! If I got anything wrong, please let me know lol.

As far as the article, that is my worry. That is the reason why im trying out this OS.

I haven’t put in enough time but from what I know, I fill very secure with it. First dive back into the linux world sence the 2000s. It has changed a lot from the old days but also hasn’t. As far as this OS is concerned found out about by word of mouth. From what I have seen it’s very secure. I had the thought about a man in the middle attack with downloading through apt or flatpack. Would that be possible to do? lets say this, VERY unlikely. “A man-in-the-middle (MITM) attack against APT (Advanced Package Tool) exploits unencrypted HTTP traffic to intercept and modify software update requests, allowing attackers to deliver malicious packages instead of legitimate ones.”

You understand what my thoughts are. It’s a small concern but still a concern.

This OS, I love the compartmentalization. I applaud you guys.

1 Like

No, kicksecure have a tor service running in port 9050, and it used in apt updates.
https://www.kicksecure.com/wiki/Onionizing_Repositories

If your network or device is compromised yeah. But using https is improbable, and with tor connecting to another tor service, E2EE is activated so, realisticly impossible nowadays.

e.g.

URIs: tor+http://5ajw6aqf3ep7sijn…..onion

You should be a very important person to be the objetive to an attack of this magnitude

lmao….I like security. Because of you being here you should know about the landscape. You should be aware of what “AI” is doing and more so about the prices of hardware.

Its not about my importance, its about what you are giving up. I think you would be able to grasp that concept lol.

That is the check for updates

This is the update process

This is not through tor?

I’m perfectly aware of the landscape of security. But seen a YT video or reading a blog about cybersecutity is not going to make u or me expert of nothing.

A spear MiTM attack in a package tool without being someone with an important role in some company or something is not a realistic attack nowadays where 90% of websites use HTTPS.

OPSEC is about layers, behaviors and risk management. Having the most secure technology with a incorrect behavior or management of the risks that you are able to handle, is not going to save you to any kind of malicious attack. Kicksecure or any other tool can’t save you from a MiTM attack if you connect to a untrusted Wifi and are redirected to a fake phishing website, for example.

AI is expensive, like hardware nowadays, more in my favor.

You have to know what your risks are. What kind of attacks could you suffer and who could be your potencial threat. But taking all the possible measures and become extremely paranoid (like too many people are out there) is not the best, and ii’s not going to make you more secure. Be realistic and don’t make your OPSEC excessive complicated if your risks aren’t at the same level because it’s not make you more secure. You will never achieve the most secured set-up or build a Fail-Safe one because always someone will come to you saying that x or y technology is better.

Start small and become big. And combine good technology like kicksecure, whonix, Tor, graphene, etc; with a good behavior and understanding of your personal threats and the technology you are using.

1 Like

Thank you for reading that and giving me your honest option.

Sorry about seems im worried about my OPSEC, I just want to have the knowledge and this is how im doing it. As you said, start small.

Thank you, thank everyone for all the time.

1 Like

Actually not quite. I don’t know what the situation is with Flatpak, but APT and deb packages use PGP-signed packages, so that even if an MITM is present that can compromise HTTPS (or you just don’t bother using HTTPS), the packages you get are guaranteed to be authentic. The only way for these updates to compromise you is if someone performs a successful supply chain attack against us or Debian, forces Debian or us to deliver malicious updates to some group of users via some form of coercion, or is able to trick Sequoia-PGP into thinking that packages are properly signed when they aren’t.

The reason torified updates is useful is that it makes targeted attacks involving coercion much harder to pull off; one has to get us or Debian to attack everyone using Tor in order to target you. The hope is that the blast radius of such a thing would be too large for an attacker to be comfortable with (it’s hard to justify hacking potentially tens of thousands of people or more when you really wanted to just get one or two people). If you aren’t concerned about that specific attack, you can update over HTTP (no encryption) and still be secure. I would be surprised if Flatpak doesn’t use a similar signing mechanism.

If you are concerned about this specific attack, torified updates are your friend. And if you’re really concerned about it, onion repos are your friend (though their unreliability will probably cause you significant frustration).

2 Likes

Thank you for your time reading and this is exactly what I thought.

1 Like

As far as Flatpak, im not sure if it is protected with tor wrapper but I know it is verified with pgp keys. Yes, im well aware of the flaws with tor. Other networks, i2p in particular, are secure to a point but always have flaws that can be exploited.

It’s like this, you can be as secure as you can be but that in return means most people will not be. That will only mean the amount of people doing what you do is really small and can be a big hint.

Im not a huge guy in the OPSEC world but I pay attention to stuff. www.coveryourtracks.eff.org. I would like to go further but it’s not my first priority. That also hints why I want to start out with the OS rather then diving into the network it connects to the internet with.

This is from me to all of you, you have all been great and learned something from you all. @arraybolt3 Thank you for your info.

1 Like

Thanks you too.

I’m not the expert there I have to say. Listen to @arraybolt3 , the know more than me jejej

Read kicksecure and whonix wiki, both system have tones of functionalities and hardened security flaws that I continue learning about more than a year using this OS.

What do you mean with unreliability in onion repos?

I believe you do have a lot more knowledge than I have with this OS. Dont think im overlooking you.

All dive back into it soon and learn more.

As far as what he ment with “unreliable” the tor sites get ddos attacked all the time. For instance, dread gets attacked all the time or at least it did in the past. With clear net there are ways to mitigate it better.

Tor is an inherently unreliable network; your traffic passes through multiple computers run by volunteers with no obligation to do any of the things needed for reliable connectivity (for instance, they could run their Tor node on a dying laptop on a slow residential connection that has an outage every hour, and they could put said laptop into sleep mode whenever they aren’t actively using it for other things). Normal Tor traffic has to pass through three of said potentially unreliable computers, onion traffic has to pass through six of them, doubling the chances of connectivity issues. Combine that with DDoS attacks against the Tor network, DDoS attacks performed against others through the Tor network, and other shenanigans I’m probably not thinking of, and you get highly unstable connectivity. “Standard” Tor traffic is bad enough in this regard, onion traffic is worse. This has directly affected Whonix in the past, see:

3 Likes