Whonix is a free desktop operating system (OS) that is specifically designed for advanced security and privacy. Based on Tor, Debian GNU/Linux and the principle of security by isolation, it realistically addresses common attack vectors while maintaining usability. Online anonymity is made possible via fail-safe, automatic, and desktop-wide use of the Tor network, meaning all connections are forced through Tor or blocked. The Tor network helps to protect from traffic analysis by bouncing your communications around a distributed network of relays run by global volunteers. Without advanced, end-to-end, netflow correlation attacks, anybody watching your Internet connection cannot easily determine the sites you visit, and those sites cannot learn your physical location.
Whonix uses a heavily reconfigured Debian base which is run inside multiple virtual machines (VMs) on top of the host OS. This architecture provides a substantial layer of protection from malware and IP leaks. Applications are pre-installed and pre-configured with safe defaults to make them ready for use. The user is not jeopardized by installing custom applications or personalizing the desktop. Whonix is the only actively developed OS designed to be run inside a VM and paired with Tor.
Whonix consists of two parts: the Whonix-Gateway and the Whonix-Workstation. The former runs Tor processes and acts as a gateway, while the latter runs user applications on a completely isolated network. The Whonix design affords several benefits:
- Only connections through Tor are permitted.
- Servers can be run, and applications used, anonymously over the internet.
- DNS leaks are impossible.
- Malware with root privileges cannot discover the user’s real IP address.
- Threats posed by misbehaving applications and user error are minimized.
The increasing threat of mass surveillance and repression all over the world means our freedoms and privacy are rapidly being eroded. Without precautions, your Internet service provider (ISP) and global surveillance systems can record everything you do online, as IP addresses associated with network activity are easily traced to the physical location of your computer(s), and ultimately you. Whonix is one solution to this problem.
Anyone who values privacy or does sensitive work on their desktop or online can benefit from using Whonix. This includes, but is not limited to:
- Investigators and whistleblowers whose work threatens the powerful.
- Within an isolated environment, research and evidence can be gathered without accidental exposure.
- Researchers, government officials, or business-people who may be targets of espionage.
- Anti-malware and anti-exploit modifications lower the threat of trojans and backdoors.
- Journalists who endanger themselves and their families by reporting on organized crime.
- Compartmentalized, anonymous internet use prevents identity correlation between social media and other logins.
- Political activists under targeted surveillance and attack.
- The usefulness of threatening the ISP in order to analyze a target’s internet use will be severely limited. The cost of targeting a Whonix user is greatly increased.
- Average computer users in a repressive or censored environment.
- Easy Tor setup and options for advanced configurations means users in repressive countries can fully access the internet desktop-wide, not just in their browser.
- Average computer users who simply don’t want all or some aspect of their private lives uploaded, saved, and analyzed.
- Whonix does not silently upload identifying information in the background.
Whonix is an operating system focused on anonymity and security. It hides the user’s IP address / location and uses the Tor network to anonymize data traffic. This means the contacted server, network eavesdroppers, and operators of the Tor network cannot easily determine which sites are visited, or the user’s physical location.
A number of applications are pre-installed and pre-configured with safe defaults to make them ready for use. Most commonly used applications are compatible with the Whonix design:
- Tor Browser is included for Internet browsing.
- Instant messengers like Tor Messenger, Tox and Ricochet.
- PGP-encrypted email with the Mozilla Thunderbird client and TorBirdy.
- Secure data transfer to and from a server with scp.
- Unobserved administration of servers via SSH.
- Web server administration with Apache, ngnix, IRC servers, and more via Hidden Services.
- A host of other software programs.
With the Whonix design, it is possible to “torify” applications which are not capable of proxy support by themselves. Further, the user is not jeopardized by installing custom applications or personalizing the desktop.
- All applications are automatically routed via Tor, including those which do not support proxy settings.
- Installation of any software package is possible.
- Safe hosting of Hidden Services is possible.
- Protection against side channel attacks; no IP address or DNS leaks are possible.
- Advantage over Live CDs: Tor’s data directory is still available after reboot, due to persistent storage. Tor requires persistent storage to save its Entry Guards.
- Protection against IP address / location discovery through root exploits (malware with root rights inside Whonix-Workstation). However, users should avoid testing this protective feature.
- Only free software is used.
- Building Whonix from source is easy.
- Tor and Tor Browser are not running inside the same virtual machine. For example, that means an exploit in the browser can’t affect the integrity of the Tor process.
- It is possible to use Whonix in conjunction with VPNs, SSH and other proxies. However, read the Tor plus VPN/proxies Warning before proceeding. Every permutation is possible; VPNs / SSH / other proxies can be combined and used pre- and/or post-Tor tunnels.
- Other anonymizing networks like Freenet, GNUnet, I2P, JonDonym and Retroshare can be used.
- A host of Features are available.
- Numerous optional configurations, additional features, and add-ons are available.
- Best possible Protocol-Leak-Protection and Fingerprinting-Protection.
- Private obfuscated Bridges can be added to _ /etc/tor/torrc _ (the Tor configuration file).
- Whonix-Gateway can also torify Windows.
- More difficult to set up compared to the regular Tor Browser.
- Needs virtual machines or spare hardware for operation.
- Updating the OS and applications behind the Tor proxy is slow.
- Higher maintenance is required.