Dev/Download Wizard

From Whonix

< Dev

User's Preferences[edit]

By Host Operating System[edit]

  • Windows users → Install VirtualBox from → recommend VirtualBox ova's
  • Linux users → Install VirtualBox by using distribution's package manager → recommend using KVM and .qcow2 images
  • Mac users → Install VirtualBox by ? → recommend VirtualBox ova's
  • Qubes users → Qubes

By Target Platform[edit]

By Security / Usability Compromise[edit]

  • Download Easy
  • Download More Secure
    • Torrent + note, that anonymous download is difficult[1]
    • http-only, direct http download link + hash check + note anonymous download
  • Download Most Secure
    • http(s [archive]) + gpg
    • onion + gpg
    • notes about anonymous download
  • Download Utmost Secure
    • Build from source code

By Download Method[edit]

By Download Anonymity[edit]

Low priority. Perhaps leaving this out.

  • preferred download anonymity → http(s) or onion, avoiding torrent
  • no preference about download anonymity → nevermind http(s) or torrent

By Release Life Cycle[edit]

  • Stable Releases
  • Testers-Only Releases
  • Experimental Releases

Threat Models[edit]

No attacks prevented[edit]

  • Http-only download without verification.
  • Good for new users who should be warned that this is only to try Whonix ™ and practice getting used to Linux.
  • Download Easy

MITM download[edit]

  • Man-in-the-middle attack between mirror and downloader.
  • Can be defeated by using hash check, SSL, onion or BitTorrent.
  • Download More Secure server compromise[edit]

  • Prevented by OpenPGP verification.
  • Download Most Secure

build server compromise[edit]

  • Prevented by building from source code.
  • Download Utmost Secure

Multiple Download Pages Considerations[edit]

If we consider multiple download pages, users are accustomed to share direct download links. One who decided to use VirtualBox is likely to share the VirtualBox download page link. So the VirtualBox download page should ideally briefly mention, that there are also options on the main download page. Just a consideration. IF we decide that route.

Windows Verification is hosed[edit]

To check the hash, windows users have to either:
1. Download a utility from a website and follow the instructions about how to check a hash <- Possible, but tedious.
2. Download via Bittorrent <- Requires prior knowledge of Bittorrent
3. All downloads via SSL <- Can't right now [archive]
4. Learn GPG <- an important skill; but now we're jumping directory to the "advanced verification" stage

Verifying file integrity is not something Windows encourages.

No one is providing a https enabled download link for a Windows hash verification tool. Maybe we should redistribute rapid-crc-unicode-portable [archive] (just 1 MB) over https on

Implementation Ideas[edit]

Using html fieldset tag[edit]

Compatibility, it looks like everyone supports it: [archive]

Example Draft[edit]

Dropdown menu examples

No javascript required.

Whonix ™ can run on top of many host operating systems (Windows, Linux, Mac, Qubes and more). Whonix ™ recommends Debian Wheezy. (More Options)

<form class="form-download gap-from-top" action="/download/" method="get">
		<input type="hidden" name="version" value="9.1" />
		<label for="input-operating-system">Choose your operating system</label>
		<select id="input-operating-system" name="architecture">
			<option value="Windows" selected="selected">Windows</option>
			<option value="Linux">Linux</option>
			<option value="Mac">Mac</option>
		<button type="submit">Next</button>

Whonix ™ can run on top of various target platforms such as VirtualBox, KVM, Qemu, Qubes, VMware or with no virtualizer.

<form class="form-download gap-from-top" action="/download/" method="get">
		<input type="hidden" name="version" value="9.1" />
		<label for="input-operating-system">Choose your target platform</label>
		<select id="input-operating-system" name="architecture">
			<option value="Windows" selected="selected">VirtualBox [status: stable] [usability: easiest]</option>
			<option value="Linux">KVM [status: testers-only] [usability: medium]</option>
			<option value="Mac">Qubes [status: testes-only] [usability: harder]</option>
			<option value="Mac">VMware [status: unmaintained] [usability: easy]</option>
			<option value="Mac">no virtualizer (physical isolation, bare metal) [status: stable] [usability: harder]</option>
		<button type="submit">Download</button>

Expand Button Examples[edit]


Interested in safer download options? Click on expand on the right side.

Unfortunately, safer download options are more complicated, but well worth the effort. [...]


More download options? Torrent, sha512 hash files, etc.? Click on expand on the right side. Without JavaScript those are expanded by default.

Torrent, sha512 hash files, etc. [...]

See Also[edit]


  1. or at least very hard without Whonix ™, which is what they want to download in the first place

Fosshost is sponsors Kicksecure ™ stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Dev/Download Wizard&body= link= Wizard link= Wizard link= Wizard%20 Wizard

Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables. Please come and introduce yourself in the development forum.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.