security and privacy considerations of torification

[nyxnor]

This issue is not a issue of this repo, it is a general issue with torification.

I always read HowToTorify from TPO wiki but always made an excuse to continue comfortable with my plain debian setup using application proxy settings and torsocks app.

But after spending a lot of time thinking about it, it does not protect you at all if the application developers screw with proxy settings or don't use LD_PRELOAD.

Tails problem is that it was made to run on pen-drive and for amnesia. I am not a journalist under surveillance and amnesia is not for me, even though it can be useful sometimes, that is not a desktop computer.

Whonix was inevitable, host separation and not escaping non tor traffic is really important. Using on virtualbox was a pain in the ass and kvm also. Qubes+Whonix was inevitably inevitable. Qubes problem is hardware, I can't run that on 4GB ram 2010 non virtualization available computer, need a more expensive hardware with VT+x VT+d + be in the recommended list.

I made the guide wishing to help people and myself torify their applications for tor usage but false sense of protection is not protection, false sense of privacy is not privacy.

The server guides don't apply yet to whonix as the targets are hardcoded to 127.0.0.1 but that will be possible to change after https://github.com/nyxnor/onionjuggler supports Whonix and become a debian package. Other problem is installing server software on the workstation and hs on the gateway.

I rewrote TORIFICATION.md because no one took care of that for years, TPO documentation is on legacy, the wiki is uneditable (which was not previously).