Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.
Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call
Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.
Users of Whonix 0.5.6 and below:
There is no upgrade path from Whonix 0.5.6 to Whonix 7, sorry. You have to manually download new Whonix images.
Call for Help:
If you know shell scripting (/bin/bash) and linux sysadmin, please join us! There are plenty of ways to make Whonix safer. We are also looking for a https direct download mirror.
* Tor 0.2.4
* obfs3 installed by default
* higher console resolution 1024×768 (without X)
* The current Tor Browser Bundle (TBB) Alpha, which will soon become the new TBB stable, will work out of the box in Whonix, even if you download and install it manually from torproject.org. The out of the box user experience will include not accidentally running Tor over Tor. This is useful for the case, that the Whonix Tor Browser updater breaks again, because torproject.org changed something.
* Graphical Whonix-Gateway. Optional. If you reduce Whonix-Gateway RAM below 500 MB (this and every other aspect of this feature can be configured), lets say to 128 MB, you automagically end up with the usual non-graphical Whonix-Gateway.
* Whonix has now an updater. It can not promised, that you never have to download a new image, when next stable version of Whonix gets released, but we are on that way. Interested testers may have to download a new (test-)image from time to time, since we also need to test the out of the box user experience.
* whonixsetup – Connection Wizard: Whonix now comes with Tor networking disabled. This is useful for users who never want to connect to the public Tor network, because they want to hide the fact, that they are using Tor. This kind of users can now more easily set up (private) (obfuscated) bridges before ever trying to connect to the Tor network.
* Fixed uwt. To do certain tasks such as installing the Adobe Flash plugin or running update-command-not-found you no longer need to “chmod -x /usr/local/bin/curl”.
* Manpages for scripts, which come with Whonix.
* /etc/whonix.d/, /etc/whonix_firewall.d/ /etc/controlportfilt.d flexible modular .d style configuration folders.
* Deactivate the kgpg tray icon by default (#10), not perfect, but less confusing, since it will now start in foreground by default and no longer as tray icon (which was automatically and confusingly hidden by default).
* Boot Clock Randomization
* Time Sanity Check
* Downloading Tor Browser and signature from
http://idnxcnkne4qt76tg.onion/dist/torbrowser/linux instead from https://www.torproject.org/dist/torbrowser for better security when run inside Whonix. (Not sure if we can keep this, due to general scaling flaws in hidden services.)
* Tor Button’s New Identity button now functional. (Thanks to Control Port Filter Proxy.)
* optional Time Privacy wrapper
* enable “apparmor=1 security=apparmor” by default (but didn’t enable enforce mode or added any useful profiles)
* moved blog to wordpress.com, better than sourceforge, because wordpress.com supports SSL, closed #23
* Tor Browser is now system default browser, when trying to open links it will ask for confirmation to avoid accidental linking (configurable).
* too many other improvements under the hood in git log