{{Header}}
{{Title|title=
{{project_name_long}} Limitations
}}
{{#seo:
|description=Things you should know about {{project_name_short}} and Security in General to stay safe.
|image=Mitm.png
}}
[[image:Mitm.png|thumb]]
{{intro|
{{project_name_short}} developers have done their utmost to provide solid tools which protect online security, but no perfect solution exists to the complex security problem. Before deciding whether {{project_name_short}} is the right platform to use, it is crucial that each individual understands the limitations of the tools offered and how to make best use of them.
}}
= Introduction =
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = This chapter focuses on security threats that {{project_name_short}} either cannot, or does not, mitigate at present.
}}
{{security_intro}}
= External Devices Risks =
== Attack Vectors by External Devices ==
* Keystroke Inference Attack: Avoid typing on any computer or mobile device in places where open microphones are used, otherwise recorded keyboard sounds might provide enough information to accurately reconstruct what was typed. [
This is a variation of an older attack perfected during the Cold War where recorded typewriter sounds allowed discovery of what was typed. See: https://freedom-to-tinker.com/2005/09/09/acoustic-snooping-typed-information/ and https://www.schneier.com/blog/archives/2016/10/eavesdropping_o_6.html
]
* The minute vibrations of tapping touchscreens are detectable by virtual assistant microphones in a range of 0.5 meters even in the midst of noisy environments. Note that haptic feedback wasn't enabled. [
https://arxiv.org/pdf/2012.00687.pdf
] [
https://arxiv.org/pdf/1903.11137.pdf
]
* It is also possible to reconstruct text reflections in eyeglasses from 720p cams. [
https://www.schneier.com/blog/archives/2022/09/leaking-screen-information-on-zoom-calls-through-reflections-in-eyeglasses.html
]
* When having sensitive conversations, even over encrypted channels, consider that AI is capable of reading lips when captured on video footage. [
https://arxiv.org/pdf/1611.01599.pdf
]
* Even if your hands are concealed while typing, it is possible for AI to infer with high accuracy, what words are being typed by analyzing shoulder movements. [
https://www.schneier.com/blog/archives/2020/11/determining-what-video-conference-participants-are-typing-from-watching-shoulder-movements.html
]
* Heat traces from a recently typed password could be captured by thermal cameras in the vicinity of your hardware. [
[ThermoSecure: Investigating the effectiveness of AI-driven thermal attacks on commonly used computer keyboards], https://www.schneier.com/blog/archives/2022/10/recovering-passwords-by-measuring-residual-heat.html
]
* Although a remote threat, thermal imaging can capture body heat remains from keys touched to input passwords up to one minute after the fact. [
https://www.schneier.com/blog/archives/2018/07/recovering_keyb.html
]
* Also avoid places with CCTV or those which risk shoulder surfing.
* Ultrasonic Beacons: Your computer or mobile device could also emit an ultrasonic beacon which is then received by another device in the vicinity. [
* paper: [https://petsymposium.org/popets/2017/popets-2017-0018.pdf On the Privacy and Security of the Ultrasound Ecosystem]
* figure: [https://www.researchgate.net/figure/Operational-steps-of-the-deanonymization-attack-against-a-user-of-an-anonymization_fig3_315971174 Operational steps of the deanonymization attack against a user of an anonymization network.]
] Ultrasound could be used to locate users and/or to exfiltrate information, because data can be encoded as sound.
== Mobile Phones and Tablets ==
Mobile phones come equipped with cameras, speakers, and microphones. These built-in features can potentially be exploited to eavesdrop on your conversations and typing. Removing the microphone is an insufficient countermeasure, since technically Speaker = Microphone. For more information, see {{kicksecure_wiki
|wikipage=Hardware_Threat_Minimization#Eavesdropping_Risk_by_Speakers
|text=Eavesdropping Risk by Speakers
}}.
Additionally, it's possible for adversaries to deduce what you're typing, including sensitive information like passwords. This is known as a Keystroke Inference Attack.
A large number of users operate phones running on non-freedom software. For further details, consult [[Avoid_nonfreedom_software|Avoid Non-Freedom Software]].
Most mobile phones essentially act as spies due to the fact that users don't have control over the software running on these devices. They offer very little in the way of software freedom. As such, it's advisable to treat them with caution. Given the potential risks and the fact that users cannot be fully aware of what the software on their phones is capable of, the devices are inherently insecure by default. For more on this, see [[Mobile Phone Security]].
The most effective precaution one can take is to treat mobile phones as potential security risks and to relocate them to another room where its camera, speakers and microphones cannot spy on what is typed on the keyboard.
To mitigate risks, it is crucial to keep mobile phones at a distance from secured computers. This precaution prevents the phone from capturing audible or ultrasound frequencies that could compromise security.
The most effective precaution one can take is to treat mobile phones as potential security risks. It is crucial to keep these devices at a distance from secured computers. This means relocating them to another room where their built-in cameras, speakers, and microphones are unable to spy on keyboard input. This step is essential to prevent mobile phones from capturing either audible or ultrasound frequencies, which could potentially compromise security.
== Smart TVs ==
Have speakers built-in. Speakers = Microphone. Speakers can be repurposed as microphones which can be abused to listen to your keystrokes to know everything you are typing. Also often have microphones built-in.
See also the chapter above.
== Smart Home ==
Also other smart home devices such as Amazon Alexa have the same risks as the above two chapters as these come with speakers and microphones.
= User Mistakes =
== Protection Against Social Engineering ==
{{project_name_short}} does not protect against [https://en.wikipedia.org/wiki/Social_engineering_%28security%29 social engineering] attacks. These attacks rely on human cognitive biases and trick people into revealing passwords or other sensitive information that allows the compromise of a target system's security. [https://sansorg.egnyte.com/dl/Y7NTZsCxKN]
Other examples of social engineering include convincing someone to send a copy of logs or other information from the {{project_name_short}}. In all cases, after trust has been established between the attacker and the victim, and sufficient information has been gathered, an exploit will be executed to perform harmful actions such as stealing personal or financial information, sabotaging the target's system, and so on. [https://en.wikipedia.org/wiki/Man-in-the-middle_attack]
'''Figure:''' ''Illustration of a MitM Attack''
[[Image:Mitm.png|500px]]
Even when using Tor, MitM attacks can still happen between the exit relay and the destination server. The exit relay itself can also act as a man-in-the-middle. For an example of such an attack see [https://web.archive.org/web/20150630052049/http://www.teamfurry.com/wordpress/2007/11/20/tor-exit-node-doing-mitm-attacks MW-Blog: TOR exit-node doing MITM attacks]. It is worth reiterating that protecting against these attacks requires end-to-end encryption and taking extra steps to verify the server's authenticity.
Normally a server's authenticity is automatically verified by the browser using [https://en.wikipedia.org/wiki/Transport_Layer_Security SSL/TLS certificates] which are checked against a set of recognized [https://en.wikipedia.org/wiki/Certificate_authority certificate authorities (CAs)]. If a security exception message appears like the figure below, then this might constitute a MitM attack. The warning should not be bypassed unless there is another trusted way of checking the certificate's fingerprint with the people running the service.
'''Figure:''' ''An Untrusted Connection''
[[Image:ssl_warning.png|ssl_warning.png]]
Mozilla has an educational resource to help determine if a [https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure connection to a website is secure]. The Electronic Frontier Foundation (EFF) also has an excellent [https://www.eff.org/pages/tor-and-https interactive illustration] that provides an overview of HTTP / HTTPS [HTTPS here refers to encrypted connections, whether it is (inferior) SSL or TLS.] connections with and without Tor, and what information is visible to various third parties.
=== The Fallible Certificate Authority Model ===
Unfortunately, the vast majority of Internet encryption relies on the CA model of trust which is susceptible to various methods of compromise. Ultimately, encryption in and of itself does not solve the authentication problem in electronic communications, as seen in the actions of advanced adversaries who have targeted and undermined this central pillar upon which the Internet relies.
For example, Verisign was [https://www.schneier.com/blog/archives/2012/02/verisign_hacked.html hacked successfully and repeatedly] in 2010, with the likely conclusion being the attackers were able to forge certificates for an unknown number of websites.
A more glaring example was the confirmation by Comodo on March 15, 2011, that a user account with an affiliate registration authority had been compromised. This is a privacy and security disaster since Comodo is a major [https://en.wikipedia.org/wiki/Transport_Layer_Security SSL/TLS] company and the breach led to the creation of a new user account that issued nine certificate signing requests for seven domains: mail.google.com, login.live.com, www.google.com, login.yahoo.com (three certificates), login.skype.com, addons.mozilla.org, and global trustee. [Source: [https://web.archive.org/web/20131212084415/http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise// Comodo: The Recent RA Compromise]]
Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly issued certificates to a malicious party or parties. It later emerged that DigiNotar was apparently compromised months before, or perhaps even in May of 2009, if not earlier. Rogue certificates were issued for multiple domains, including: google.com, mozilla.org, torproject.org, login.yahoo.com and many more. [Source: [https://blog.torproject.org/diginotar-debacle-and-what-you-should-do-about-it/ The Tor Project: The DigiNotar Debacle, and what you should do about it]]
Considering the frequency of attacks and the passage of time, there is a distinct possibility that a MitM attack might occur even when the browser is trusting a HTTPS connection. [This is one reason why self-authenticating onion services (.onion) connections are superior to HTTPS, because they do not rely on the flawed CA system for confirmation of the destination server.]
=== SSL/TLS Alternatives ===
Depending on your personal circumstances, there are alternatives to SSL/TLS which can be considered. Unfortunately, none of them can be used as a drop-in replacement for SSL/TLS. Tools providing connection security include: [https://web.archive.org/web/20170606095834/http://web.monkeysphere.info/ Monkeysphere], [https://en.wikipedia.org/wiki/Convergence_%28SSL%29 Convergence], [https://perspectives-project.org/ Perspectives Project].
Using Tor does not magically solve the authentication problem. Tor's distinct advantage is that by providing anonymity, it is more difficult for attackers to perform a MitM attack with a rogue SSL/TLS certificate that is targeted at just one specific individual. However, the disadvantage of Tor is that it is easier for people or organizations running malicious Tor exit relays to perform a large scale MitM attempt. Further, malicious exit nodes could perform attacks targeted at a specific server, and especially those Tor clients who happen to utilize the service.
In all cases, it is advised to use additional message encryption for email, chats and so on. It is unwise to rely on SSL/TLS alone. Relevant tools that may be useful include:
* [[Chat|Encrypted messengers]].
* [https://en.wikipedia.org/wiki/GNU_Privacy_Guard GPG].
* [https://www.gnupg.org/related_software/gpa/ GPA].
* [[Encrypted_Email_with_Thunderbird|Mozilla Thunderbird]] for encrypted email client.
[Quoted from [https://en.wikipedia.org/wiki/Man-in-the-middle_attack wikipedia Man-in-the-middle_attack] and [https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion Tor Project: Detecting Certificate Authority compromises and web browser collusion].]
= Documents =
== Document Encryption ==
If documents are saved inside {{project_name_short}}, they will not be encrypted by default. This is why it is recommended to apply [[Full_Disk_Encryption_and_Encrypted_Images#Full_Disk_Encryption_on_the_Host | full disk encryption on {{project_name_short}}]] to protect sensitive data.
Documents created in {{project_name_short}} may also have specific file signatures that reveal use of the platform. This issue is currently being further investigated.
== Document Metadata ==
Numerous file formats store hidden data or metadata inside of the files. For example, text processors or PDF files could store the author's name, the date and time of file creation, and sometimes even parts of the file's editing history. The extent of hidden data depends on the file format and the software that is used.
Image file formats like [https://en.wikipedia.org/wiki/TIFF TIFF] and [https://en.wikipedia.org/wiki/JPEG JPEG] are some of the worst offenders. For instance, when these files are created by digital cameras or mobile phones, they contain a metadata format called [https://en.wikipedia.org/wiki/Exif Exif] whose defined tags can include:
* Date and time information.
* Occasionally GPS coordinates of the picture.
* Camera settings: camera model and make (including the serial number), orientation (rotation), aperture, shutter speed, focal length, metering mode and ISO speed information.
* A thumbnail for previewing the picture in file managers, on camera, or in photo editing software. Image processing software tend to keep Exif data intact.
* Descriptions.
* Copyright information.
Notably, the Internet is full of cropped or blurred images where the Exif thumbnail still contains the full original picture. [https://packages.debian.org/mat Specialist software] is often required to remove Exif tags before safely publishing images. [For example, the [https://en.wikipedia.org/wiki/XKeyscore XKeyscore] program is actively targeting Exif information for collection.]
Be aware that {{project_name_short}} does not clear file metadata automatically. However, {{project_name_short}} comes bundled with [[Metadata#MAT2:_Metadata_Anonymisation_Toolkit_v2 | MAT2 -- the Metadata Anonymisation Toolkit v2 --]] as part of the design goal to help protect users.
= Email =
== Subject: and other Header Fields of Encrypted Emails ==
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px]]
| text = Unless precautions are taken, the "Subject:" line and other header fields are not encrypted when using OpenPGP encrypted email.
}}
This weakness is not related to {{project_name_short}} or the [https://en.wikipedia.org/wiki/Pretty_Good_Privacy OpenPGP] protocol; it is for backwards compatibility with the original [https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol SMTP protocol]. Unfortunately, no RFC standard exists yet for Subject line encryption.
TODO: investigate if this situation has improved since [https://forums.whonix.org/t/thunderbird-78-deprecates-enigmail/10166 Thunderbird native OpenPGP support].
Those who require OpenPGP encryption with a suitable email client are recommended to use [[Encrypted_Email_with_Thunderbird|Thunderbird (Mozilla's email client)]], which includes a graphical front-end for using the GnuPG ("GPG") encryption program.
= Platform Security =
== Password Strength ==
If weak passwords (passphrases) are used they can be easily determined by [https://en.wikipedia.org/wiki/Brute-force_attack brute-force attacks], whether or not {{project_name_short}} is installed. In essence, attackers systematically try all passwords until the correct one is found, or attempt to guess the key which is created from the password using a key derivation function (an exhaustive key search). This method is very fast for short and/or non-random passwords.
For greater security it is recommended to generate strong and unique [[Passwords#Generating_Unbreakable_Passwords|Diceware passwords]] and follow [[Passwords#Principles_for_Stronger_Passwords|other recommendations]] concerning safe habits, password generation and storage.
== Compromised Hardware or Advanced Malware ==
Virtualizers like Qubes, VirtualBox and KVM cannot absolutely prevent the compromise of hardware, nor detect advanced malware. Running all activities inside VMs is a very reasonable approach. However, this only raises the bar and makes it more difficult and/or expensive to compromise the whole system. It is by no means a perfect solution. As one Google Project Zero researcher noted recently when demonstrating a VM escape in KVM: [https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html]
The bug and its exploit still serve as a demonstration that highly exploitable security vulnerabilities can still exist in the very core of a virtualization engine, which is almost certainly a small and well audited codebase. While the attack surface of a hypervisor such as KVM is relatively small from a pure LoC perspective, its low level nature, close interaction with hardware and pure complexity makes it very hard to avoid security-critical bugs.
While we have not seen any in-the-wild exploits targeting hypervisors outside of competitions like Pwn2Own, these capabilities are clearly achievable for a well-financed adversary. I’ve spent around two months on this research, working as an individual with only remote access to an AMD system. Looking at the potential ROI on an exploit like this, it seems safe to assume that more people are working on similar issues right now and that vulnerabilities in KVM, Hyper-V, Xen or VMware will be exploited in-the-wild sooner or later.
{{project_name_short}} cannot provide protection if the system's [https://en.wikipedia.org/wiki/Trusted_computing_base trusted computing base] has been compromised by:
* Physical access and the installation of untrusted pieces of hardware (like a keylogger);
* [[Malware_and_Firmware_Trojans#Firmware_Trojans|Firmware Trojans]] (including BIOS/UEFI attacks); or
* [[Malware_and_Firmware_Trojans#Malware|Malware]].
If the {{project_name_short}} is affected by malware, firmware trojans or malicious hardware components, then your system will be compromised.
In the event a system compromise is strongly suspected or confirmed, the ultimate goal is to re-establish a trusted, private environment for future activities -- see [[Disaster_Recovery|Compromise Recovery]] for techniques to recover from host and/or {{project_name_short}} in a VM infections.
== Host Security ==
The security of the {{project_name_short}} platform is itself reliant upon the security of the host computer. (If {{project_name_short}} used within VM)
Some users might run {{project_name_short}} on top of the every day operating system inside a virtual machine without making any additional host operating system security improvements. In that case, safety is materially improved by using a [[System_Configuration_and_Access#Use_a_Dedicated_Host_Operating_System_and_Computer|dedicated host operating system]] solely for {{project_name_short}} VM. For better security, this system should be configured on a computer bought solely for {{project_name_short}} activities, and which has never been used before.
There are a number of recommendations relevant to host OS security in the following [[Documentation]] sections:
* [[System Configuration and Access]]
* Basic Security Guide.
* Advanced Security Guide.
* Computer Security Education.
The [[System_Hardening_Checklist|System Hardening Checklist]] also provides a quick and handy reference guide for specific areas of interest.
= Software =
{{Anchor|Avoid Non-free Software}}
== Avoid Non-Freedom Software ==
{{Avoid_nonfreedom_software}}
{{Anchor|Avoid Unsigned Software}}
== Always Verify Signatures ==
{{always_verify_signatures}}
{{Anchor|{{project_name_short}} is not Amnesic}}
{{Anchor|live}}
= {{project_name_short}} Persistence vs Live vs Amnesic =
Traces of software installations, files or other user activities depend on whether or not the user is using a live operating system or [[Live Mode]].
{{live}}
== A Live Operating System or [[Live Mode]] is not Configured ==
If any software is downloaded or used on a computer, local traces of the download, installation and use will be left on the device's mass storage device (hard drive, HDD, SSD). This normal mode of operation is referred to as "persistent mode" since any files downloaded, documents created and so on will persist after reboot.
Any created files still exist after the computer is powered-off or rebooted, unless steps are taken to securely wipe the files or otherwise remove all signs of their existence. Unless [[Live Mode]] is used, there are no preventative measures to limit what is written to disk. This can lead to evidence of activity in created files, backup files, temporary files, swap, chat history, browser history and so on.
Be aware that although [[Live Mode]] inside {{project_name_short}} virtual machine (VM) make writes go to RAM instead of the HDD/SSD, traces of activity may be left in swap files, core dumps or via other configurations on the host. If this is a risk in your circumstances, refer to [[Anti-Forensics Precautions]] or preferably utilize [[Live Mode]]. [
Unix-like operating systems also [https://en.wikipedia.org/wiki/Swap_partition#Unix_and_Unix-like_systems swap (move) memory pages between host RAM and the host disk], and this behavior cannot be prevented in {{project_name_short}} in a VM. The danger is data leakage might occur and an unencrypted swap partition could reveal interesting data to an attacker or be used to store unencrypted copies of files in /tmp for later retrieval.
] [
https://www.linuxtopia.org/online_books/linux_administrators_security_guide/06_Linux_File_System_and_File_Security.html
]
It is likely most {{project_name_short}} users are utilizing persistent mode. For this reason it is recommended to [[Full_Disk_Encryption]]. A higher level of security is afforded by encrypting everything, including data, system and swap partitions.
== A Live Operating System or [[Live Mode]] is Configured ==
Refer to the [[Live Mode]] chapter for further details.
== Live DVD / USB ==
To install {{project_name_short}} on a USB, see: [[USB Installation|{{project_name_short}} on USB]].
= {{project_name_short}} Development =
== Missing {{project_name_short}} Features ==
{{project_name_short}} is currently alpha quality software and missing some features, including those relating to security. While many issues listed below are planned for future implementation, a number will probably never get "fixed" because they are impossible to address in a software-only project.
'''Table:''' ''Missing {{project_name_short}} Features''
{| class="wikitable"
|-
! scope="col"| '''Category'''
! scope="col"| '''Missing Feature or Capability'''
|-
! scope="row"| Adversaries
| Protect against global network adversaries.
|-
! scope="row"| AppArmor
| Apply AppArmor profiles for every process or application. [Although a full system MAC policy is currently in development, see [https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339 here] for further details.]
|-
! scope="row"| Backdoors
| Protect against hardware or software backdoors.
|-
! scope="row"| Encryption
| Encrypt a user's data, documents, files and so on.
|-
! scope="row"| Hardening
| Use all the possible hardening options like full PIE and grsecurity.
|-
! scope="row"| Local Adversaries
| Protect against local adversaries who could mount cold boot and evil maid attacks, or otherwise compromise a user's physical machine.
|-
! scope="row"| MAC Address
| Automatically protect against MAC address fingerprinting on public networks.
|-
! scope="row"| Passwords
| Make weak passwords stronger.
|-
! scope="row"| RAM
|
* Wipe RAM on shut down. See [https://web.archive.org/web/20120905134558/http://brainstorm.ubuntu.com/idea/30076/ Idea #30076: Enhancy Privacy/Security, Wipe RAM on shut down, reboot and trigger].
* Wipe video RAM on shut down. See [https://gitlab.tails.boum.org/tails/tails/-/issues/5356 Tails -erase video memory on shutdown].
|-
! scope="row"| Security Updates
| Automatically apply security updates. This was a conscious developer decision because automated updates also come with their [[Dev/Automatic_Updates|own set of security problems]].
|-
! scope="row"| Software Attacks
| Protect against highly skilled software attacks, unless [[Qubes|{{q_project_name_long}}]] is utilized.
|-
! scope="row"| Stylometry
| Obfuscate an individual's linguistic style to defeat stylometric analysis.
|-
! scope="row"| User Behavior
| Protect those who: fail to read the [[Documentation]], engage in unsafe behaviors, or change default settings without knowing the implications.
|-
! scope="row"| {{project_name_short}} Builds
| Have deterministic builds, see [[Dev/Archived Discussions]]. [Although Tor now has deterministic builds, see [https://gitlab.torproject.org/legacy/trac/-/issues/3688 Bug 3688].]
|}
This list is likely incomplete. It is strongly encouraged to read the rest of the [[Documentation]] and perhaps the [[Design]] chapter to have a full overview of {{project_name_short}} security, including the list of supported and unsupported features.
Contributors who want to help improve {{project_name_short}} security should join the discussions on [https://forums.kicksecure.com/ Forums].
== {{project_name_short}} is a Work in Progress ==
{{project_name_short}}, as well as all the software it includes, are under continuous development and might contain programming errors or security holes -- [[Download#Stay_tuned | Stay Tuned]] to {{project_name_short}} development, and do not rely on the platform for strong security.
That said, {{project_name_short}} has been developed with great care, but it is impossible to ever prove that it is absolutely free of mistakes that degrade the goals of the extended project description.
Basic functionality is built-in and {{project_name_short}} can be used to browse the web, use email, IRC, SSH, and a host of other activities. [[Reporting_Bugs#Software_Development_Cycle|Development is ongoing]] and more features are continually being added. Contributors who want to join the development process are most welcome; see [[Reporting_Bugs#Patches_are_Welcome|Patches]].
See also: [[Security_in_Real_World | {{project_name_short}} Protection Against Real World Attacks]], [[Security_Reviews_and_Feedback | Security Reviews and Feedback]] and [[Technical_Introduction#Security_Overview | Security Overview]].
= Unsubstantiated Conclusions =
Users must be careful not to draw incorrect conclusions based on the existence of specific {{project_name_short}} communication channels, community software utilized, applications installed on the platform, or the availability of certain wiki entries. {{project_name_short}} tries to use concise language so that users are not misled into believing anything has been implied. Despite this effort, users will sometimes draw false conclusions in an unintended way. Consider the following hypothetical discussion.
Developer: Donations to {{project_name_short}} are possible via Bitcoin.
{{project_name_short}} user: Since you are knowledgeable about Bitcoin, can you also accept Monero donations?
In this case the hypothetical developer did not state "I am knowledgeable about Bitcoin", but rather concisely stated "Donations to {{project_name_short}} are possible via Bitcoin." The conclusion drawn by the user "Since you are knowledgeable about Bitcoin" might be totally unsubstantiated.
In a similar fashion, just because {{project_name_short}} does something -- like providing a [https://t.me/s/Kicksecure telegram channel] -- it does not follow that {{project_name_short}} endorses it; see also [[Terms_of_Service#Non-Endorsement|Terms of Service: Non-endorsement]]. A list of further examples is outlined below.
'''Table:''' ''Facts vs. False Conclusions''
{| class="wikitable"
! '''Fact''' [Things that were really stated.]
! '''False Conclusion''' [Things which were not said or implied.]
! '''More Information'''
|-
| {{project_name_short}} provides a [[Donate|Bitcoin (BTC) donation address]].
| Bitcoin is anonymous.
|
|-
| {{project_name_short}} provides a [[Donate|Monero (XMR) donation address]].
| Monero is perfect.
|
|-
| The {{project_name_short}} website is using popular web applications (web apps) like [https://www.mediawiki.org/wiki/MediaWiki MediaWiki], [https://www.gnu.org/software/mailman/index.html GNU Mailman] and [https://www.discourse.org/ Discourse] (forum software).
| These are perfectly "secure" (for whatever purpose, threat model) web apps.
| In an ideal world, better web apps would be used but this is not possible due to finite {{project_name_short}} resources. To learn more, see: [[Privacy_Policy_Technical_Details#website|Privacy on the {{project_name_short}} Website]].
|-
| {{project_name_short}} provides downloadable [[VirtualBox]] builds.
| VirtualBox is secure.
| [[Dev/Virtualization_Platform#VirtualBox|VirtualBox isn't an ideal choice]] but there are [[Dev/Virtualization_Platform#Arguments_for_keeping_VirtualBox_Support|reasons for maintaining VirtualBox support]].
|-
| {{project_name_short}} inside VMs is available for Windows hosts.
| Windows is a suitable host.
| [[Windows Hosts]] pose numerous security and privacy threats.
|-
| {{project_name_short}} inside VMs is installable on macOS hosts.
| macOS is a suitable host.
| [[macOS_Hosts|macOS Hosts]] pose numerous security and privacy threats.
|-
| {{project_name_short}} is [[Reasons for Freedom Software|Freedom Software]].
| {{project_name_short}} is a Freedom Software 'maximalist' project.
| See also:
* [[Policy On Nonfreedom Software]];
* [[Dev/nonfree]];
* Forum discussion: [https://forums.whonix.org/t/whonix-host-nonfree-blobs-firmware-linux-nonfree/7251 Whonix host - nonfree blobs - firmware-linux-nonfree]; and
* [https://forums.whonix.org/t/whonix-and-free-system-distribution-guidelines-gnu-fsdg/5877 {{project_name_short}} and Free System Distribution Guidelines (GNU FSDG)].
|-
| {{project_name_short}} provides a [https://t.me/s/Kicksecure telegram channel] [[support]] channel.
| Telegram is a perfect, privacy-respecting, secure messenger.
| See footnote. [
Some criticisms of Telegram.
* New releases are squished into a single commit, see: [https://github.com/DrKLO/Telegram/commit/28eb8dfd0ef959fd5ad7d5d22f1d32879707c0a0 one commit].
* It is impossible to sign up without a phone number.
* There are other concerns, but they are irrelevant for illustrating the point being made here.
]
|-
| There is an [[Official Online Profiles|official]] [https://twitter.com/{{project_name_short}} {{project_name_short}} twitter profile].
| Twitter is a safe platform to utilize.
| [[Official Online Profiles|Official {{project_name_short}} Online Profiles]]
|-
| {{project_name_short}} has a public [https://forums.{{project_clearnet}} forum].
| The {{project_name_short}} forum and associated comments are intended to promote free speech.
| Unfortunately, running a free speech platform is a full-time job and would constitute a separate project in itself. This is simply not possible as a side project.
|-
| {{project_name_short}} is Open Source.
| {{project_name_short}} must/should implement all ideas from the community.
| See: [[Reporting_Bugs#Community_Feedback|Community Feedback]] / [[Reporting_Bugs#Patches_are_Welcome|Patches are Welcome]]
|-
|
|
| See also: [[DoNot#Draw_Wrong_Conclusions|Do Not Draw Wrong Conclusions]].
|}
It is also recommended to consult the following resources:
* [https://forums.whonix.org/tags/project-philosophy list of forum posts regarding the {{project_name_short}} project philosophy];
* [[Linux User Experience versus Commercial Operating Systems]]; and
* the underpinning [[DoNot#Rationale|Rationale]] for this chapter.
On top of unsubstantiated conclusions it also happens that adherence to "perfectly moral" behavior or an approved ™ set of political/ideological beliefs is expected from the {{project_name_short}} project. However, what counts as "perfectly moral" and the path of attaining therein will always be subjective and disputed among proponents. Such demands include "don't allow running {{project_name_short}} on Windows hosts", "don't have a twitter project account", "don't accept Bitcoin donation", "don't use centralized services such as telegram", "don't document X, because of Y". Those disagreeing with our methods and philosophy are welcome to exercise their right to [https://en.wikipedia.org/wiki/Fork_(software_development) fork] the project under the respective licenses.
= Footnotes =
{{reflist|close=1}}
= License =
{{License_Amnesia|{{FULLPAGENAME}}}}
{{Footer}}
[[Category:Documentation]]