Future Directions – Where Whonix wants to be in 2 or 5 years?
Do we want Whonix to be for average users or just for those with unix knowledge?
Whonix is a useful tool for some already, got many fans. How can we make Whonix really user friendly to allow mass adaption by regular people who need anonymity most?
It seems, Whonix limits itself by its two machines design. It’s not exactly simple and user friendly to say “you first need to get VirtualBox, then import these two VMs, then start Whonix-Gateway, then start Whonix-Workstation or use physical isolation“. How could that be improved while keeping Whonix’s design?
In the last days many had great ideas. One was to create a hardware appliance. Whonix running as physically isolated gateway running on devices such as Raspberry PI or OpenWRT or creating a Tor WiFi Hotspot (a WiFi hotspot once using it, torifying the whole connection). The issue is, having a “route everything through Tor” approach alone doesn’t make it anymore nowadays. If someone would run their usual applications, such as their Firefox or Internet Explorer browser they used for non-anonymous stuff beforehand over Tor, they wouldn’t be anonymous at all due to (flash) cookies, browser fingerpriting and so forth. Saying “plug this hardware appliance between your router and your computer AND install this client package” also doesn’t sound exactly simple.
Another idea was to create a Whonix Live DVD. But even if we managed to create one, it would still be clumsy to say “you have to burn this iso to DVD, then boot it, then start Whonix-Gateway, then start Whonix-Workstation”.
Jason Ayala suggested to create an Whonix USB installer. It would still be clumsy (as above), but installing Whonix would get simpler and more encouraging to use a non-Windows, separate operating system. We then would have to support lots of different hardware, but additional support by funding this would be possible. Users still would have to figure out how to boot from USB, which is not entirely trivial due to different BIOS implementations. Also “secure boot” won’t make this simpler.
Cerberus raised the idea to make Whonix fully managed. Perhaps he meant to enable automatic updates for the host, Whonix-Gateway and Whonix-Workstation. Whonix-Gateway could then be fully managed and hidden from non-advanced users. However, there are some settings that need to be set up on Whonix-Gateway, such as settings for Tor bridges. Maybe a Whonix-Host operating system could ssh into Whonix-Gateway to manage it.
Or maybe while we’re at discussing a Whonix-Host operating system, we should revive the OneVM concept? In essence, we’re shipping Whonix-Gateway as VM package, because it is a simpler and more robust implementation to support a variety of different host operating systems and configurations. As long as Whonix doesn’t provide a host operating system, the two VM solution is more robust. But if Whonix is enters the next stage of evolution, i.e. by shipping a host operating system, the OneVM concept may work better.
The idea to add Whonix to the usual app stores, such as Windows / Mac app store as well as “sudo apt-get install whonix” has been raised as well. This wouldn’t make Whonix less clumsy (still two VMs), but it would make installation simpler and more secure.
In summary, we’re not sure yet where the journey should go to. We’d appreciate the input of the community. Please share ideas on how Whonix could become really usable while not sacrificing security.