Dev/Download Wizard

From Whonix
< Dev
Jump to navigation Jump to search

User's Preferences[edit]

By Host Operating System[edit]

  • Windows users → Install VirtualBox from → recommend VirtualBox ova's
  • Linux users → Install VirtualBox by using distribution's package manager → recommend using KVM and .qcow2 images
  • Mac users → Install VirtualBox by ? → recommend VirtualBox ova's
  • Qubes users → Qubes

By Target Platform[edit]

By Security / Usability Compromise[edit]

  • Download Easy
  • Download More Secure
    • Torrent + note, that anonymous download is difficult[1]
    • http-only, direct http download link + hash check + note anonymous download
  • Download Most Secure
    • http( + gpg
    • onion + gpg
    • notes about anonymous download
  • Download Utmost Secure
    • Build from source code

By Download Method[edit]

  • http(
  • [[Download_Security#Onion_Mirror|onion]]
  • torrent

By Download Anonymity[edit]

Low priority. Perhaps leaving this out.

  • preferred download anonymity → http(s) or onion, avoiding torrent
  • no preference about download anonymity → nevermind http(s) or torrent

By Release Life Cycle[edit]

  • Stable Releases
  • Testers-Only Releases
  • Experimental Releases

Threat Models[edit]

No attacks prevented[edit]

  • Http-only download without verification.
  • Good for new users who should be warned that this is only to try Whonix and practice getting used to Linux.
  • Download Easy

MITM download[edit]

  • Man-in-the-middle attack between mirror and downloader.
  • Can be defeated by using hash check, SSL, onion or BitTorrent.
  • Download More Secure server compromise[edit]

  • Prevented by OpenPGP verification.
  • Download Most Secure

build server compromise[edit]

  • Prevented by building from source code.
  • Download Utmost Secure

Multiple Download Pages Considerations[edit]

If we consider multiple download pages, users are accustomed to share direct download links. One who decided to use VirtualBox is likely to share the VirtualBox download page link. So the VirtualBox download page should ideally briefly mention, that there are also options on the main download page. Just a consideration. IF we decide that route.

Windows Verification is hosed[edit]

To check the hash, windows users have to either:
1. Download a utility from a website and follow the instructions about how to check a hash <- Possible, but tedious.
2. Download via Bittorrent <- Requires prior knowledge of Bittorrent
3. All downloads via SSL <- Can't right
4. Learn GPG <- an important skill; but now we're jumping directory to the "advanced verification" stage

Verifying file integrity is not something Windows encourages.

No one is providing a https enabled download link for a Windows hash verification tool. Maybe we should redistribute (just 1 MB) over https on

Implementation Ideas[edit]

Using html fieldset tag[edit]

Compatibility, it looks like everyone supports it:

Example Draft[edit]

Dropdown menu examples

No javascript required.

Whonix can run on top of many host operating systems (Windows, Linux, Mac, Qubes and more). Whonix recommends Debian Wheezy. (More Options)

<form class="form-download gap-from-top" action="/download/" method="get">
		<input type="hidden" name="version" value="9.1" />
		<label for="input-operating-system">Choose your operating system</label>
		<select id="input-operating-system" name="architecture">
			<option value="Windows" selected="selected">Windows</option>
			<option value="Linux">Linux</option>
			<option value="Mac">Mac</option>
		<button type="submit">Next</button>

Whonix can run on top of various target platforms such as VirtualBox, KVM, Qemu, Qubes, VMware or with no virtualizer.

<form class="form-download gap-from-top" action="/download/" method="get">
		<input type="hidden" name="version" value="9.1" />
		<label for="input-operating-system">Choose your target platform</label>
		<select id="input-operating-system" name="architecture">
			<option value="Windows" selected="selected">VirtualBox [status: stable] [usability: easiest]</option>
			<option value="Linux">KVM [status: testers-only] [usability: medium]</option>
			<option value="Mac">Qubes [status: testes-only] [usability: harder]</option>
			<option value="Mac">VMware [status: unmaintained] [usability: easy]</option>
			<option value="Mac">no virtualizer (physical isolation, bare metal) [status: stable] [usability: harder]</option>
		<button type="submit">Download</button>

Expand Button Examples[edit]


Interested in safer download options? Click on expand on the right side.

Unfortunately, safer download options are more complicated, but well worth the effort. [...]


More download options? Torrent, sha512 hash files, etc.? Click on expand on the right side. Without JavaScript those are expanded by default.

Torrent, sha512 hash files, etc. [...]

See Also[edit]


  1. or at least very hard without Whonix, which is what they want to download in the first place

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!