[Whonix-devel] Whonix Anonymous Operating System Version 7 Released!

[adrelanos]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Whonix is an operating system focused on anonymity, privacy and
security. It's based on the Tor anonymity network, Debian GNU/Linux
and security by isolation. DNS leaks are impossible, and not even
malware with root privileges can find out the user's real IP.

Whonix consists of two parts: One solely runs Tor and acts as a
gateway, which we call Whonix-Gateway. The other, which we call
Whonix-Workstation, is on a completely isolated network. Only
connections through Tor are possible.

Download:

https://www.whonix.org/wiki/Download

Users of Whonix 0.5.6 and below:

There is no upgrade path from Whonix 0.5.6 to Whonix 7, sorry. You
have to manually download new Whonix images.

Call for Help:

If you know shell scripting (/bin/bash) and linux sysadmin, please
join us! There are plenty of ways to make Whonix safer. We are also
looking for a https direct download mirror.

Changelog:

* Tor 0.2.4

* obfs3 installed by default

* higher console resolution 1024x768 (without X)

* The current Tor Browser Bundle (TBB) Alpha, which will soon become
the new TBB stable, will work out of the box in Whonix, even if you
download and install it manually from torproject.org. The out of the
box user experience will include not accidentally running Tor over
Tor. This is useful for the case, that the Whonix Tor Browser updater
breaks again, because torproject.org changed something.

* Graphical Whonix-Gateway. Optional. If you reduce Whonix-Gateway RAM
below 500 MB (this and every other aspect of this feature can be
configured), lets say to 128 MB, you automagically end up with the
usual non-graphical Whonix-Gateway.

* Whonix has now an updater. It can not promised, that you never have
to download a new image, when next stable version of Whonix gets
released, but we are on that way. Interested testers may have to
download a new (test-)image from time to time, since we also need to
test the out of the box user experience.

* whonixsetup - Connection Wizard: Whonix now comes with Tor
networking disabled. This is useful for users who never want to
connect to the public Tor network, because they want to hide the fact,
that they are using Tor. This kind of users can now more easily set up
(private) (obfuscated) bridges before ever trying to connect to the
Tor network.

* Fixed uwt. To do certain tasks such as installing the Adobe Flash
plugin or running update-command-not-found you no longer need to
"chmod -x /usr/local/bin/curl".

* Manpages for scripts, which come with Whonix.

* /etc/whonix.d/, /etc/whonix_firewall.d/ /etc/controlportfilt.d
flexible modular .d style configuration folders.

* Deactivate the kgpg tray icon by default (#10), not perfect, but
less confusing, since it will now start in foreground by default and
no longer as tray icon (which was automatically and confusingly hidden
by default).

* Boot Clock Randomization

* Time Sanity Check

* Downloading Tor Browser and signature from
http://idnxcnkne4qt76tg.onion/dist/torbrowser/linux instead from
https://www.torproject.org/dist/torbrowser for better security when
run inside Whonix. (Not sure if we can keep this, due to general
scaling flaws in hidden services.)

* Tor Button's New Identity button now functional. (Thanks to Control
Port Filter Proxy.)

* optional Time Privacy wrapper

* enable "apparmor=1 security=apparmor" by default (but didn't enable
enforce mode or added any useful profiles)

* moved blog to wordpress.com, better than sourceforge, because
wordpress.com supports SSL, closed #23

* Tor Browser is now system default browser, when trying to open links
it will ask for confirmation to avoid accidental linking (configurable).

* too many other improvements under the hood in git log

Cheers,
adrelanos
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSWNbXAAoJEJwTGtNxOq7vlNEQAIrgiCcJyuj6NOcd3+ApIEnu
lXpi9TP9O7+/WYNPHxatCIAN16T3uD8YO/qlNdA54qYP1mOpwhFtjznZuJ3nwFJx
TI5RSP36C6bdUH8BM1wWGayeVUvEUoWnuSswMaD4GBhkPUqJPx3aNyJe3LgTVJoQ
1TDEjJYv90+wTRjbfa0maJt4H4z1SX5dZ2+whTsvf4XNGuOMeENTlHKbvVcyaHWj
Go/l34cGIoYMZVptgT7TdvnKp6poIUm0Jbgx4U4AfN/Db6UkVosRjq/5PK8h2AQv
2+L738MNv55AxAwCmzInp85EUH4eSamHWeFiBIhFg3mn7arxIx/YaJOMCe1JKt78
aeOkCZqvTbsh3RSoZLd+UxiEYzfyX9GrGgCeNprKvtEDqc/AarP68SxBVOmIRbCk
6nJHiUoKqpKKQRBsGPu+1OunMoD9exWht8e7wOBhFE41yrS0TGmxlTriy9McHM2B
5co62tH6pSacgPqhMUWKo6E4hqNwt88gJnPCf1F/LkUFOED5qKBRyZEhQgvOeqP+
tPwFCZ+D8p/0iqpU3oAVC9ocsBJmIuK/q9OnD1kFdCk0Xml9S6F3/yASaz2Wdm2t
VrVRCVrNvOA1MQ4vq5IXc+FsuZZXEJFLw4w5Q6FIzvbY64cIhyRGVLtJ/Gkhf8UY
fxkbzGcq+JBAI7s+aubi
=aL36
-----END PGP SIGNATURE-----