Update check without sys-whonix

Downloading dom0 and template updates over Tor can provide specific security benefits by making it more difficult for you to be subject to targeted attacks involving malicious or withheld packages. For example:

  1. An attacker may have gained access to an authentic upstream package signing key. He can use this key to sign a malicious package that is intended only for you. If you download updates using Tor, you force him to distribute the malicious package to everyone instead of only to you, which increases his risk.

  2. An attacker may wish to withhold a specific package update from you so that your older version of the package retains a vulnerability known to the attacker. By using Tor, you prevent the attacker from knowing whether it is you trying to download a specific update as opposed to someone else.

In these scenarios, you may not care whether the update check goes over your clearnet connection, so long as the update is actually downloaded over Tor, since the latter is what matters for protecting you against these attacks.

1 Like