Whonix – an OS focused on anonymity, privacy and security
whonix.orgWhonix is great. I use it all the time in my dayjob. I write a lot of scripts that have to interact with criminal (malware c&c, phishing website, etc) infrastructure, including APT analysis. You don't want to make an opsec fail and/or leak your IP in a situation like this. Instead of doing something fragile and error-prone, like being careful to use a proxy all the time in my code, having a VPN, etc, I just run everything in Whonix and sleep well at night.
What if your Whonix has an APT installed now?
You just sit there as your buddy says, "Well i guess they deserve that win."
Whonix is also included in Qubes OS, so good luck establishing persistence given that it's a disposable template.
Hey, the brand new account has a glowing review! This is certainly not promotional!
Yeah I agree mate the brand new account should be accusing OP of advertising a software that is already well known and widespread
This is really a missed opportunity for a penguin-colored owl mascot.
More technical overview at https://www.whonix.org/wiki/About
Whonix when used via Qubes DispVMs is more effective than Tails in my opinion (better protection against IP leaking), unless your goal is mainly the amnesic aspect.
> Whonix when used via Qubes DispVMs is more effective than Tails in my opinion (better protection against IP leaking), unless your goal is mainly the amnesic aspect.
It's a matter of convenience.
Your setup is far more complicated for a non-technical activist or journalist Vs. Tails.
Whonix + Qubes is a treasure
How do you run both? Or is this one as a VM within the other?
QubesOS comes with Whonix VM templates configured by default.
Typical configuration would be one Whonix-Gateway to connect to Internet via Tor and one or more Whonix Worstations.
Install Qubes and it will give you an easy option to install Whonix. Out of the box Qubes supports Debian, Fedora, and Whonix very well. If the Qubes installer works on your hardware, the setup is a breeze. Qubes does have a bit of a learning curve, but largely non-technical (separating activities out into different VMs, and installing software onto a template instead of directly in the VM)
How does this compare to Tails (https://tails.net/)
See these posts - https://news.ycombinator.com/item?id=37509560#37511890
Is it me or the install process to USB is absurdly complex?
Use Qubes OS (which includes Whonix), it's very straightforward to install.
Is it legal to use the matrix screnshots?
Depends on the local laws. I believe in the United States, it would fall under "Fair Use".
Does not work on arm
The website is fine. Please don't detract from the topic. Whonix is unanimously considered the best Linux distribution in terms of privacy and security. You can also run it in Qubes OS. It's intended to run on Virtualbox for now. One VM is for network access, while the other one is connected to the previous VM for said network access, and it's the one you should use. This is to prevent any de-anonymization attacks.
Indeed. For anyone who isn't convinced, I wrote up some details on our use case (creating a training data DMCA safe haven) in the Tails thread: https://news.ycombinator.com/item?id=37512147
If you're serious about protecting yourself, Whonix is a requirement.
> Whonix is unanimously considered the best Linux distribution in terms of privacy and security
"Unanimously?" By whom?
By the ones doing the considering. We get together every spring in Lucern to revise the Book of Considerations.
> "Unanimously?" By whom?
By anyone who has read and understood the technical design pages.[1][2][3]
[1]: https://www.whonix.org/wiki/Dev/Technical_Introduction
Those citations appear to be from a single source: the project's own web site.
They might be accurate, but they are not impartial evidence for unanimity or even broad consensus.
The anonymous authority, of course! ;)
*Unonymously
Does not work on M1/M2 macs or arm architecture
Guess they weren't part of the anonymous, unanimous considerers.
lol unanimously by who? You?
I said "whom" but I do have the same question.
The OS is focused on privacy... at the foot page there is a legend:
"By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent."
I clicked in "more information" and was directed to a long page with small print, where you have to navigate to different policies (which remain somewhat hidden if you are not careful) ...
Really?
I found the terms of service page to be fantastic.
Easier to understand than most I see.
The website is quite dreadful, excessively verbose in some places and totally lacking in others. It took me quite a few clicks just to learn that this is effectively virtual machines with Tor but still didn't find much at-a-glance information on what the user experience is actually like. Does anyone have any experience with this?
You run two VMs in VirtualBox. One is a Tor gateway, the other is a workstation. Both run Whonix and are preconfigured for this. A virtual network between them is set up so that the workstation can only access the Internet via the Tor gateway VM, so it's impossible for connections to "leak" directly to the Internet without going over Tor. The gateway VM runs in the background and you run a regular browser in the workstation VM.
> Does anyone have any experience with this?
Only through Qubes, but I do most of my web access in a disposable (ephemeral) Whonix VM in Qubes, and it does exactly what it says on the box.
this imho is the way to use it. it is so easy once u get it set up. for me it was one of the simplest ways i found to use such systems.
I thought you might be exaggerating a little bit, but... oh my, this website is quite terrible.
Maybe the desktop site is terrible, I didn't check, but the mobile one is fine. Nothing to call home about, just a site like a million of other sites, describing a product and providing download links. They made an uncommon effort to secure themselves with long long long legal documents.
OP here.
I agree with you. Web design doesn't seem to be the strength of the Whonix team.. and got worse over time.
Basically, you download a Virtualbox image, import it and then have a hardened Debian VM with Xfce UI & some privacy-friendly apps like Tor browser & a crypto wallet. The internet is slow (because of Tor) & tcp-only, but sufficient for most things. Virtualbox guest extensions are included and most things work out-of-the-box.
> See DOS.
> See DOS run.
> Run_DOS_Run!
> It took me quite a few clicks just to learn that this is effectively virtual machines with Tor
Click "What Is Whonix?", scroll down, "Whonix ™ consists of two VMs: the Whonix-Gateway ™ and the Whonix-Workstation ™. The former runs Tor processes and acts as a gateway, while the latter runs user applications on a completely isolated network."
> Does anyone have any experience with this?
Whonix (KVM) is like running Debian with XFCE, but no matter what you do, your real IP address will never leak, at any point.
Well, unless you absentmindedly type in your mail address, name or any other real credentials.
That's not an IP leak.
Web site looks like it's trying to sell me some shitty VPN software I don't need.
Quite the opposite, they're quite adamant about only using free (as in freedom) and in this case, beer, software. And denounce the usage of VPNs at every opportunity. ;)
So they really want you to use Tor - where the fact that you are connecting to a Tor node is extremely obvious, and flags you as a being part of the fractional percentage of internet users who do so - but don't want you to use a VPN, the use of which, while still not exactly baseline, is increasingly common? That may give you privacy, but it hardly seems like it makes you anonymous. Rather, wouldn't that send up a giant beacon for anyone at your ISP who cares to look at connections they (or the authorities) might want to pay more attention to?
> where the fact that you are connecting to a Tor node is extremely obvious
Yes, additionally, it has been concluded that it is impossible to hide the usage of Tor from the ISP, VPNs do not help. The usage of Tor is obvious.
> but don't want you to use a VPN
If you can't use Tor safely, it would be unlikely that you can use a VPN safely either.
> That may give you privacy, but it hardly seems like it makes you anonymous.
What makes you say that? There are millions of Tor users connected at any time, if you believe the number of users is an issue. I suggest you read more about Tor on their website - https://torproject.org
> Rather, wouldn't that send up a giant beacon for anyone at your ISP who cares to look at connections they (or the authorities) might want to pay more attention to?
No, I don't believe so granted that you live in a western democracy.
You can run a VPN on the host, or you can use a bridge on the VM if you want to minimize the probability of your ISP knowing you're using Tor.
So it's a Debian-based Linux distro with some configuration work done.
I wish they'd simply summarize what it is.
It provides more privacy and security than normal Debian.
How? They fail to say, and most of what they do is just promotional garbage.
> How? They fail to say, and most of what they do is just promotional garbage.
On the page that OP linked to, there's statements such as:
"The Everything Tor OS - All traffic is routed through the Tor anonymity network. No exceptions. Whonix is the "All Tor Operating System"."
"Cloaking your typing style - Your typing behavior can be used to identify you. Whonix prevents this with a cloak for your keystrokes."
"Live Mode - Whonix offers a much requested Live Mode. After the session all data will be gone."
So I don't get your point. Of course if you want to know how, in detail, you have to read the documentation.
One of the first and most notable links on the page is labeled "Learn What Is Whonix?". You should read it.
It has a lot of promotional material and little meat.
Also:
> Learn What Is Whonix?
I certainly hope the people behind this distribution have better English than that.
I also hope they're better mannered than you are, and much better informed.
I know you were trying to be insulting in order to "win" our miniscule internet argument. However, since my post does not demonstrate bad manners or a lack of informed-ness, your comment doesn't land, and instead makes you look petty. Just letting you know!