Whonix logo has been refined

We are excited to reveal that our very own Whonix logo has been slightly refined, offering now better support for smaller screens and more mediums. We also have new profile image based on the logo for social media usage.

Head over to the Whonix blog or Whonix social media accounts to check it out:
https://www.whonix.org/blog/
https://www.facebook.com/Whonix/posts/1138354749540112
https://twitter.com/Whonix/status/7474134011319787521
https://facebook.com/sharer.php?u=https://www.whonix.org/wiki/Portal

For comparison:
– before: http://archive.is/JA7Wy
– after: http://archive.is/HNxVk

Before:

After:

Feel free to grab the source files if you want to try it out yourself:
https://www.whonix.org/wiki/Dev/Logo#Refinement_June_2016

The refinement was done by ura design, Elio Qoshi (@elioqoshi). I recommend Elio. The quality of his work, his rates, his responsiveness, community engagement and patience is exemplary. I am looking forward to upcoming projects with him.

Posted in Whonix Website News

Looking for firejail / seccomp maintainer for better security!

(repost)

firejail is a sandbox to restrict the application environment.

Please contribute. Task:

  • play around with firejail in Whoinx
  • see how it goes
  • report (and possibly fix) issues upstream in firejail
  • test the Tor Browser firejail profile, consider packaging it
  • maintain firejail profiles in Whonix

This is a volunteer position.

Whonix firejail / seccomp development discussion:
https://forums.whonix.org/t/firejail-seccomp-more-options-for-program-containment

Posted in Contribute, Whonix Development News

testing refined Whonix logo

There will be a more detailed announcement later.

Posted in Whonix Misc News

Qubes separate VPN-Gateway between anon-whonix and sys-whonix – Connecting to Tor before a VPN (User -> Tor -> VPN -> Internet)

This is now documented here:
https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Separate_VPN-Gateway

Recommended order of reading:

* 1) https://www.whonix.org/wiki/Tunnels/Introduction
* 2) https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN
* 3) https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Separate_VPN-Gateway

Posted in Qubes-Whonix News, Whonix New Features, Whonix Wiki Updates

Connecting to Lantern before Tor (User -> Lantern -> Tor -> Internet)

Lantern is a censorship circumvention tool, an alternative to Tor bridges.

Testers only! As an exercise and proof of concept, I quickly put together a documentation chapter for Connecting to Lantern before Tor (User -> Lantern -> Tor -> Internet). Qubes-Whonix only! Non-Qubes-Whonix is unsupported.

https://www.whonix.org/wiki/Lantern

At the moment these instructions have several limitations.

  • They install Lantern in a separate ProxyVM behind sys-whonix. The motivation behind this was better security. Lantern is not installable from Debian. It’s a package from the lantern website. In theory, Tor should not be compromised if Lantern was compromised. But if Lantern was compromised to begin with or more easily exploited than Tor, it is very much desirable to run Lantern in a separate ProxyVM for better isolation.
  • However, this is very impractical. Since Qubes does not support static IP addresses yet, the Tor config setting /etc/tor/torrc ‘Socks5Proxy 10.137.10.1:8788’ is not stable. When the Lantern ProxyVM gets its IP changed, connectivity breaks and /etc/tor/torrc in sys-whonix needs a manual update. Not great.
  • It would be a lot more usable to document how to run Lantern directly in sys-whonix (under user tunnel with TUNNEL_FIREWALL=true etc.) However, then we would have less isolation.
  • Does not autostart Lantern yet.
  • The footnotes on the wiki page contain several TODO items.
  • And more…
  • I probably won’t be able to become a maintainer of a fully featured Lantern-Gateway comparable to Whonix-Gateway using Tor. Help welcome.
  • Lantern seems to have connectivity issues on its own. Even for me in a non-censored area, it works for me in only 1 of 4 attempts. Often I needed to restart the VM and start fresh. Shutdown of Lantern does not seem to be clean. Often in the Lantern-Gateway VM – while no Whonix network is involved – I am unable to visit any websites from the automatically started lantern browser.

Déjà vu? This blog post is very similar to my last blog post Connecting to JonDonym before Tor (User -> JonDonym -> Tor -> Internet).

Posted in Qubes-Whonix News, Testers wanted!, Whonix Wiki Updates

Connecting to JonDonym before Tor (User -> JonDonym -> Tor -> Internet)

Testers only! As an exercise and proof of concept, I quickly put together a documentation chapter for Connecting to JonDonym before Tor (User -> JonDonym -> Tor -> Internet). Qubes-Whonix only! Non-Qubes-Whonix is unsupported.

https://www.whonix.org/wiki/JonDonym#Connecting_to_JonDo_before_Tor

At the moment these instructions have several limitations.

  • They install JonDo in a separate ProxyVM behind sys-whonix. The motivation behind this was better security. JonDo is not installable from Debian. It’s a package from the anonymous-proxy-servers.net website / Debian apt repository. In theory, Tor should not be compromised if JonDo was compromised. But if JonDo was compromised to begin with or more easily exploited than Tor, it is very much desirable to run JonDo in a separate ProxyVM for better isolation.
  • However, this is very impractical. Since Qubes does not support static IP addresses yet, the Tor config setting /etc/tor/torrc ‘HTTPSProxy 10.137.10.1:4001’ is not stable. When the JonDo ProxyVM gets its IP changed, connectivity breaks and /etc/tor/torrc in sys-whonix needs a manual update. Not great.
  • It would be a lot more usable to document how to run JonDo directly in sys-whonix (under user tunnel with TUNNEL_FIREWALL=true etc.) However, then we would have less isolation.
  • Does not autostart JonDo yet.
  • And more…
  • I probably won’t be able to become a maintainer of a fully featured JonDo-Gateway comparable to Whonix-Gateway using Tor. Help welcome.
  • Also… JonDo – the IP changer had its last release 2013-08-29. So I wonder, is that project dead? Why bother? On the other hand, JonDoFox though had its last release 2016-03-20 so that gives hope. (correction.)
Posted in Testers wanted!, Whonix New Features, Whonix Wiki Updates

Whonix 13 released!

Qubes-Whonix:

Either start with fresh templates. I.e. uninstall qubes-template-whonix-gw and qubes-template-whonix-ws. Then, to install, run in dom0:

sudo qubes-dom0-update --enablerepo=qubes-tempates-community qubes-template-whonix-gw qubes-template-whonix-ws

Or you can also upgrade from Whonix’s repository. Please refer to the following instructions:
https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13


Non-Qubes-Whonix:

https://www.whonix.org/wiki/Download

Or you can also upgrade from Whonix’s repository. Please refer to the following instructions:
https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13


Whonix 12 -> 13 changes:
https://phabricator.whonix.org/maniphest/query/TfpGK0Sq8w1j/#R

(Same version as Whonix 13.0.0.1.1.)

Posted in Whonix Important News

Whonix 13.0.0.1.1 – Testers Wanted!

Qubes-Whonix:
https://www.whonix.org/blog/qubes-whonix-13-0-0-0-7-testers-wanted

Non-Qubes-Whonix:
https://download.whonix.org/13.0.0.1.1/

You can also upgrade existing installations. For now by upgrading from Whonix’s testers repository. More info:
https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13

Whonix 12 -> 13 changes:
https://phabricator.whonix.org/maniphest/query/TfpGK0Sq8w1j/#R

Posted in Whonix archived blog posts

Qubes-Whonix 13.0.0.0.7 – Testers Wanted!

Qubes-Whonix only!

Either start with fresh templates. I.e. uninstall qubes-template-whonix-gw and qubes-template-whonix-ws. Then, to install, run in dom0:

sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-template-whonix-gw qubes-template-whonix-ws

Or you can also upgrade from Whonix testers repository. Please refer to the following instructions:
https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13

Posted in Testers wanted!

Qubes OS looking for developers!

The Qubes OS team is looking for several additional team members:

  • Debian template manager
  • stable release manager
  • core developer

You can read more in their posting. From my experience working with the Qubes OS team, they are easy to work with.

In my view, the Debian template maintainer and core developer positions are good ways to get a position in a Libre Software project, by starting as a volunteer working on open tasks. Be helpful. Relieve more work from existing developers than adding to their plate. This is the most convincing thing you can do.

https://www.qubes-os.org/join/

Posted in Contribute, Whonix Misc News

Legal

Archives

Contribute

Would you like to contribute to the Whonix project?

Contributing can be as easy as sharing the blog over social media, volunteering, or making a monetary donation.

For more ideas on how to get involved see the "Contribute" and "Testers-Wanted" categories.

Thanks!

- Whonix Staff