search

WMAL / kodachi

Linux Kodachi operating system is based on Xubuntu 18.04 it will provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure.
https://www.digi77.com/linux-kodachi/
Other
273 stars 60 forks source link

Questions + Suggestions #33

Open theoppressed opened 2 years ago

theoppressed commented 2 years ago

This is quite a nice (X)Ubuntu fork!

I have compiled some questions and suggestions, which I will mention here. I realize raising multiple issues this way may potentially be annoying, but please bear with me as (i) they were compiled over some time and (ii) I have a list of bugfixes / features / improvements I intend to code on a fork and return to as a PR for your convenience.

KODACHI QUESTIONS

  1. What needs to be edited to edit the dashboard? If it's proprietary could you at least kindly let me know which script is called by the "repair network" button? Is it the "Kodachi-Dashboard.gambas" file? Nano can't parse it, what do I need to use?
  2. How can I see what is happening when the VPN is attempting to connect via the dashboard? It would be ideal if you could see terminal-like output in the dashboard itself. There's room for it.
  3. DNSSEC is not mentioned anywhere. How to ensure its usage?
  4. What is the fail-safe DNS and how to override it so that DNS uses only my whitelisted resolvers?
  5. If you enable VPN/tor kill switch(es) does this prevent reconnection, thus requiring manual settings change each time a connection is lost then being re-established? (I think the answer is "yes" and if it's open source I can quickly offer an enhancement to the logic...)
  6. I'm getting a message from Proton's CLI app that the GTK is too old to work? Is it safe to update? OpenVPN is a security nightmare. Would be nice to have Wireguard enabled by default, either directly or via Proton CLI.
  7. Multihop VPNs seem to break some of the Dashboard's logic, true or false?
  8. Why proxychains3 (ancient) instead of proxychains4?
  9. I notice there's no antivirus per se. What are you using for the "rootkit hunter"?
  10. Discord is adamantly anti-privacy. Suspiciously so. Even more so than Github. Why is that the primary community instead of something like Element, Matrix, Jabber, etc... and if you're married to it, why isn't it included in the OS as a tool?
  11. How to forcefully refresh dashboard info?
  12. Is it just me or do things like connecting to VPN take several times longer if launched via the dashboard relative to using a terminal?
  13. Tools to analyze not only DNS leakage but DNS poisoning?
  14. This isn't the 1990's, why is Python 2 the default and the Python3 is 4 versions out of date? I'm not trying to be a jerk, just wondering if it's going to break stuff if Python is modernized in a fork / branch.
  15. What's the difference between forcevpntraffic and forcevpntrafficall? Are they mutually exclusive with enabling Tor over VPN?
  16. On the desktop wallpaper info (which is very cool, BTW) what is meant by "Anonymouse" and "Privacy"? I take it that one of the 2 are your recommended configuration. I can't tell if Anonymouse is misspelled or if you're referring to Anonymouse.org
  17. Clipman is a nice tool but also practically a keylogger. Can it be disabled easily somehow?
  18. It seems there's a login keychain protected by a password that doesn't correspond to any password I setup or what I believe is the default password in Kodachi?

I will keep most of my suggestions to myself and code them for you, unless you're soliciting them. Two exceptions:

  1. Please provide and utilize a whitelist IPs / domains for OpenSnitch so we don't have to guess if the traffic is malicious or part of Kodachi (even with the "centralized" option to get an IP from digi77, so many connections to Reddit, wikipedia, IP addresses, etc...)
  2. 1 button to (i) repair the network, then (ii) connect to VPN, then (iii) set DNS to use the VPN DNS or DNSCrypt then (iv) force VPN traffic only, then (v) layer Tor on top of VPN and (vi) test privacy / settings. I can code this for you but in case the dashboard is super proprietary I thought I should go ahead and make the suggestion.
theoppressed commented 2 years ago

PS Something about the Python install is breaking the installation of common modules like pyarrow. I'm investigating. Updating setuptools and other modules doesn't seem to help.

WMAL commented 1 year ago

Will address this in future.

eddapp commented 1 year ago

Would def love to get this ported to ARM so I can use on the new Apple Silicon Mac's.