The website is quite dreadful, excessively verbose in some places and totally lacking in others. It took me quite a few clicks just to learn that this is effectively virtual machines with Tor but still didn't find much at-a-glance information on what the user experience is actually like. Does anyone have any experience with this?
Maybe the desktop site is terrible, I didn't check, but the mobile one is fine. Nothing to call home about, just a site like a million of other sites, describing a product and providing download links. They made an uncommon effort to secure themselves with long long long legal documents.
I agree with you. Web design doesn't seem to be the strength of the Whonix team.. and got worse over time.
Basically, you download a Virtualbox image, import it and then have a hardened Debian VM with Xfce UI & some privacy-friendly apps like Tor browser & a crypto wallet. The internet is slow (because of Tor) & tcp-only, but sufficient for most things. Virtualbox guest extensions are included and most things work out-of-the-box.
You run two VMs in VirtualBox. One is a Tor gateway, the other is a workstation. Both run Whonix and are preconfigured for this. A virtual network between them is set up so that the workstation can only access the Internet via the Tor gateway VM, so it's impossible for connections to "leak" directly to the Internet without going over Tor. The gateway VM runs in the background and you run a regular browser in the workstation VM.
> It took me quite a few clicks just to learn that this is effectively virtual machines with Tor
Click "What Is Whonix?", scroll down, "Whonix ™ consists of two VMs: the Whonix-Gateway ™ and the Whonix-Workstation ™. The former runs Tor processes and acts as a gateway, while the latter runs user applications on a completely isolated network."
The OS is focused on privacy... at the foot page there is a legend:
"By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent."
I clicked in "more information" and was directed to a long page with small print, where you have to navigate to different policies (which remain somewhat hidden if you are not careful) ...
Quite the opposite, they're quite adamant about only using free (as in freedom) and in this case, beer, software. And denounce the usage of VPNs at every opportunity. ;)
So they really want you to use Tor - where the fact that you are connecting to a Tor node is extremely obvious, and flags you as a being part of the fractional percentage of internet users who do so - but don't want you to use a VPN, the use of which, while still not exactly baseline, is increasingly common? That may give you privacy, but it hardly seems like it makes you anonymous. Rather, wouldn't that send up a giant beacon for anyone at your ISP who cares to look at connections they (or the authorities) might want to pay more attention to?
> where the fact that you are connecting to a Tor node is extremely obvious
Yes, additionally, it has been concluded that it is impossible to hide the usage of Tor from the ISP, VPNs do not help. The usage of Tor is obvious.
> but don't want you to use a VPN
If you can't use Tor safely, it would be unlikely that you can use a VPN safely either.
> That may give you privacy, but it hardly seems like it makes you anonymous.
What makes you say that? There are millions of Tor users connected at any time, if you believe the number of users is an issue. I suggest you read more about Tor on their website - https://torproject.org
> Rather, wouldn't that send up a giant beacon for anyone at your ISP who cares to look at connections they (or the authorities) might want to pay more attention to?
No, I don't believe so granted that you live in a western democracy.
The website is fine. Please don't detract from the topic. Whonix is unanimously considered the best Linux distribution in terms of privacy and security. You can also run it in Qubes OS. It's intended to run on Virtualbox for now. One VM is for network access, while the other one is connected to the previous VM for said network access, and it's the one you should use. This is to prevent any de-anonymization attacks.
Indeed. For anyone who isn't convinced, I wrote up some details on our use case (creating a training data DMCA safe haven) in the Tails thread: https://news.ycombinator.com/item?id=37512147
If you're serious about protecting yourself, Whonix is a requirement.
Whonix is great. I use it all the time in my dayjob. I write a lot of scripts that have to interact with criminal (malware c&c, phishing website, etc) infrastructure, including APT analysis. You don't want to make an opsec fail and/or leak your IP in a situation like this. Instead of doing something fragile and error-prone, like being careful to use a proxy all the time in my code, having a VPN, etc, I just run everything in Whonix and sleep well at night.
Whonix when used via Qubes DispVMs is more effective than Tails in my opinion (better protection against IP leaking), unless your goal is mainly the amnesic aspect.
> Whonix when used via Qubes DispVMs is more effective than Tails in my opinion (better protection against IP leaking), unless your goal is mainly the amnesic aspect.
It's a matter of convenience.
Your setup is far more complicated for a non-technical activist or journalist Vs. Tails.
Install Qubes and it will give you an easy option to install Whonix. Out of the box Qubes supports Debian, Fedora, and Whonix very well. If the Qubes installer works on your hardware, the setup is a breeze. Qubes does have a bit of a learning curve, but largely non-technical (separating activities out into different VMs, and installing software onto a template instead of directly in the VM)
I know you were trying to be insulting in order to "win" our miniscule internet argument. However, since my post does not demonstrate bad manners or a lack of informed-ness, your comment doesn't land, and instead makes you look petty. Just letting you know!
67 comments
[ 2.1 ms ] story [ 205 ms ] threadI agree with you. Web design doesn't seem to be the strength of the Whonix team.. and got worse over time.
Basically, you download a Virtualbox image, import it and then have a hardened Debian VM with Xfce UI & some privacy-friendly apps like Tor browser & a crypto wallet. The internet is slow (because of Tor) & tcp-only, but sufficient for most things. Virtualbox guest extensions are included and most things work out-of-the-box.
> See DOS run.
> Run_DOS_Run!
https://www.whonix.org/wiki/Whonix-Gateway
https://www.whonix.org/wiki/Whonix-Workstation
Only through Qubes, but I do most of my web access in a disposable (ephemeral) Whonix VM in Qubes, and it does exactly what it says on the box.
Whonix (KVM) is like running Debian with XFCE, but no matter what you do, your real IP address will never leak, at any point.
Click "What Is Whonix?", scroll down, "Whonix ™ consists of two VMs: the Whonix-Gateway ™ and the Whonix-Workstation ™. The former runs Tor processes and acts as a gateway, while the latter runs user applications on a completely isolated network."
"By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent."
I clicked in "more information" and was directed to a long page with small print, where you have to navigate to different policies (which remain somewhat hidden if you are not careful) ...
Really?
Easier to understand than most I see.
Yes, additionally, it has been concluded that it is impossible to hide the usage of Tor from the ISP, VPNs do not help. The usage of Tor is obvious.
> but don't want you to use a VPN
If you can't use Tor safely, it would be unlikely that you can use a VPN safely either.
> That may give you privacy, but it hardly seems like it makes you anonymous.
What makes you say that? There are millions of Tor users connected at any time, if you believe the number of users is an issue. I suggest you read more about Tor on their website - https://torproject.org
> Rather, wouldn't that send up a giant beacon for anyone at your ISP who cares to look at connections they (or the authorities) might want to pay more attention to?
No, I don't believe so granted that you live in a western democracy.
If you're serious about protecting yourself, Whonix is a requirement.
"Unanimously?" By whom?
By anyone who has read and understood the technical design pages.[1][2][3]
[1]: https://www.whonix.org/wiki/Dev/Technical_Introduction
[2]: https://www.whonix.org/wiki/Dev/Threat_Model
[3]: https://www.whonix.org/wiki/Comparison_with_Others
They might be accurate, but they are not impartial evidence for unanimity or even broad consensus.
It's a matter of convenience.
Your setup is far more complicated for a non-technical activist or journalist Vs. Tails.
Typical configuration would be one Whonix-Gateway to connect to Internet via Tor and one or more Whonix Worstations.
https://www.whonix.org/wiki/Qubes
I wish they'd simply summarize what it is.
Also:
> Learn What Is Whonix?
I certainly hope the people behind this distribution have better English than that.
I also hope they're better mannered than you are, and much better informed.
On the page that OP linked to, there's statements such as:
"The Everything Tor OS - All traffic is routed through the Tor anonymity network. No exceptions. Whonix is the "All Tor Operating System"."
"Cloaking your typing style - Your typing behavior can be used to identify you. Whonix prevents this with a cloak for your keystrokes."
"Live Mode - Whonix offers a much requested Live Mode. After the session all data will be gone."
So I don't get your point. Of course if you want to know how, in detail, you have to read the documentation.
https://www.whonix.org/wiki/Documentation