Introduction[edit]

Make sure you have already read the Warning page.

General[edit]

Whonix, with its default settings, may provide better protection than Tor alone. Higher levels of security can be achieved depending on how much you are willing to invest in security practices and procedures. See Documentation.

Safer Upgrades[edit]

If you already have Whonix installed, before performing an upgrade to your current Whonix setup, you are advised to shutdown any running Whonix instance currently attached to the internal virtual network named 'Whonix'. This is required to prevent cross contamination of the new machines you are importing, in the event that a powerful adversary has taken control over the ones currently in use.

Note: This is not required if you intend to create a new virtual network for the machines you are importing.

Tor Browser Bundle[edit]

It is recommended that you always have the latest release of Tor Browser Bundle installed on your host.

The Tor Browser Bundle is great for testing, whether you live in a censored or not and if Tor is blocked by your ISP or not. If you need (private) or (obfuscated) bridges for the Tor Browser Bundle, you will also need them for Whonix. (See Bridges.)

If the Tor Browser Bundle fails to work on your system, Whonix will similarly fail to work. If the Tor Browser unexpectedly stops running in Whonix, you can still use the Tor Browser independently to visit the Whonix Homepage.

Host Security[edit]

Malware[edit]

The integrity of the host is a critical part of the system's Trusted Computing Base. If the host system is compromised by Malware^[1] so is every virtual machine with Whonix, Tor and all anonymous communication. Malware can see your desktop, everything you type, send and receive. Antivirus products and personal firewalls^[2] are NOT drop in solutions for a secure host. Malware can often stay undetected and application level personal firewalls are often circumvented ^[3]. Polymorphic code^[4] and Rootkits^[5] essentially render Antivirus products helpless. ^{[6] [7]}

The optimal scenario is to not get infected by Malware in the first place. Once malicious code has accessed a system, it is next to impossible to contain. In case of sophisticated and targeted attacks, the Antivirus software is not only completely useless but can serve as a pathway to exploiting a system's kernel (since they almost always run with admin privileges).^[8].

This is not to say that Antivirus scanning and firewalls are totally useless, however, it is difficult to take advantage of antivirus scanning since a secure setup is very impractical, cumbersome. For more information on that, see the following footnote. ^[9]

Refer to antivirus not as your first but as your very last line of defence. If you do find malware on your system, this only demonstrates that your precautions didn't work. It is the precautions (hardening, secure host operating system, signed software) that are of most importance not the detection.

Using a dedicated host operating system[edit]

It is recommended that you use a dedicated host operating system just for hosting Whonix Virtual Machines. Should your every day operating system already be compromised, Whonix could not provide any additional protection. It's best to have one dedicated host operating system which is used to only host Whonix.

Using Whonix on External Media[edit]

Unfortunately, Whonix does not provide a user friendly USB creator (help welcome!). However, you can install the host operating system(s) required for Whonix on (encrypted) a dedicated external disk(s) such as USB, FireWire, eSATA, etc for futher security. This will reduce the risk of other operating system(s) infecting Whonix's host operating system. You can remove and hide the Whonix disk(s) while they are not in use.

There are a number of guides online explaining how to install Linux on USB. Whonix differs only in that you must install a supported virtualizer and Whonix.

Using your own host[edit]

It is recommended that you only use Whonix on computers you own with no sharing privileges. While other users may be trusted, they might not be equally knowledgeable in computer security. Only one mistake is required for your system to be compromised.

Needless to say, hosting Whonix on your cloud, on a foreign server you do not physically control, on a VPS etc is not recommended. Information on these systems is readily accessible to their owners/regulators.

Using a dedicated host computer[edit]

For the ultimate host security option you should use a dedicated computer just for hosting Whonix. Ideally one, that you never used for anything else before.^[10]

Firmware Updates[edit]

This chapter contains general security advice and is unspecific to Whonix.

Due to the hardware and host operating system specificity and difficulty of this topic, it is outside the scope of Whonix documentation. The links provided may not be the most relevant and you may have to research this topic further on your own.

This includes BIOS updates, non-free drivers or firmware and processor microcode updates (on Debian systems, depending on your processor, either the intel-microcode or the amd-microcode package).

Updating firmware may or may not improve security. On one hand you may fix vulnerabilities. On the other hand, an update may introduce a new backdoor. If you know of examples of one of these situations, feel free to edit this chapter. As an end user, you unfortunately have to blindly trust the hardware producer anyway, so it might be better to get the non-Free updates.

(See also the thread on the debian-security mailing list How secure is an installation with no non-free packages?)

Using Libre Software Hardware[edit]

This chapter contains general security advice and is unspecific to Whonix.

Open-source hardware is not affected by the non-Free firmware updates issue described above. Such hardware might be more trustworthy. (The Lemote Yeeloong Notebook maybe?)

TODO: research and expand

Disable TCP Timestamps[edit]

Adversaries can remotely access the current uptime of your machine and the host's clock-down to millisecond precision. To avoid this information being passed, it is recommended that you disable TCP timestamps on your systems. The less information attackers can get, the higher the security.

Qubes[edit]

If you are using Qubes R3.1 or above, then there is nothing to do since this is the Qubes R3.1 and above. ^[11] Otherwise you should upgrade the latest stable Qubes version.

Linux[edit]

^[12]

Open a terminal (Konsole).

Become root.

sudo su

You need to add the following line to /etc/sysctl.d/tcp_timestamps.conf:

net.ipv4.tcp_timestamps = 0

To do that, you could use the following command.

echo "net.ipv4.tcp_timestamps = 0" > /etc/sysctl.d/tcp_timestamps.conf

To apply the sysctl settings without reboot, run the following command.

sysctl -p

Check if it's really set.

sysctl -a

If it worked correctly, the system should respond the following: net.ipv4.tcp_timestamps = 0

Windows[edit]

To disable TCP timestamping on Windows, run the following root command:

netsh int tcp set global timestamps=disabled

Note: You must have administrator privileges.

Other Operating Systems[edit]

TODO

Disable ICMP Timestamps[edit]

Qubes[edit]

This will be the default in Qubes 3.1 and above.

Linux[edit]

ICMP Timestamps need to be blocked using your firewall. This is distro dependent and varies widely as does having a firewall enabled on your specific OS - some distros don't turn it on. There are many differing ways to accomplish this via command-line, its recommended to consult your distro's documentation.

Instead for a more straightforward way, you advised to download a GUI front-end to configure your firewall and have it set to silently drop all incoming connections by default, allowing only outgoing traffic from your machine.

Other Operating Systems[edit]

TODO: document.

Host Operating System[edit]

Windows Hosts[edit]

GNU/Linux is the only serious option for having a private host operating system. You can stop reading this windows chapter here or go on reading to find out why.

By using any version of Windows, you completely forfeit your privacy by using this OS. An anonymous browser or OS is of little help when the host is compromised and sends info about what you type or download to a third party. The trustworthiness of the host is a crucial part of any threat model.

Microsoft 'silently' updates users' machines even if they have Windows Update disabled. ^{[13] [14]} As well as this, Windows is bundled with a large number of programs that 'phone home' by default. Accordingly, Windows as a host system is not recommended for supporting anonymity. ^[15] Additional privacy risks have been introduced with Windows 8. One example is the smartscreen filter, which reports to Microsoft what software you are running on your computer. ^[16] This feature includes a kill switch that can allow Microsoft (or any one with an exploit for this mechanism) to delete programs on your machine without your consent. ^[17]

Windows 10 takes surveillance of users to a whole new level. It snoops on the users' files, text input, voice input, location info, contacts, calendar records and web browsing history, as well as automatically connecting the machines to open hotspots and showing targeted ads. Microsoft has engaged in deceptive practices to aggressively push Windows 10 on unwitting users. For details and more check the factual write-up about Windows malicious behavior for a better understanding. Know that with non-enterprise editions you have no way to completely opt-out of the surveillance "features" of Windows 10.^[18]

Microsoft has silently backported the spyware telemetry process to older versions of Windows that had Automatic Updates enabled.^[19] Now users have to choose between running unpatched, insecure machines or being surveilled.

Before patching Windows, Microsoft is known to consult with intelligence agencies and provide information on security holes before they inform the public and fixes are produced.^[20] Since the NSA also buys security holes from software companies ^[21] and uses them to gain unauthorized access into computer systems, ^[22] it is reasonable to assume that the NSA also uses information supplied by Microsoft and that Windows users are at a higher risk.

Microsoft updates use weak cryptographic verification such as MD5 and SHA-1. The CMU Software Engineering Institute said about MD5 in 2009, it "should be considered cryptographically broken and unsuitable for further use". ^[23] In 2012, the Flame malware exploited the weaknesses in MD5 to fake a Microsoft digital signature. ^[24]

Mac OS-X Hosts[edit]

There are many problems with Apple's OSes including surveillance, censorship of what programs you can run and DRM crippleware to limit what you can do with your devices. See this write-up by the FSF for more information.^[25]

GNU/Linux Hosts[edit]

A Free Software OS that respects user freedom, is the only realistic choice when it comes to privacy and security.

Use GNU/Linux on the host and only using in-repository software is automatically gpg signed and installed from the distributor's repositories by the package manager. This is much safer than downloading stuff from the web like you have to do as a Windows user.

Which GNU/Linux Distribution do you recommend?[edit]

Debian GNU/Linux is recommended. For extra security tips for download, verification and installation see Debian Tips.

It used to be that any GNU/Linux distribution is a safe bet with privacy however Ubuntu's data-mining functionality makes it an unsuitable choice.^[26]

There are of course other options. See "Why don't you use <your favorite most secure operating system> for Whonix?" for analysis of alternatives.

LAN/Router Security[edit]

If your Whonix-Gateway is ever compromised, it can theoretically access any computer in your local network. Therefore, if you are the administrator of your home network, it's recommended that you lock down the web interface of your home router, i.e. installing the latest firmware with latest security patches and using a secure password.

Host Firewall[edit]

Having a simple host firewall (gufw - Uncomplicated Firewall^[38] on Debian), denying all incoming ports, is recommended as well.

On the host, on Debian.

1. Install gufw.

sudo apt-get update && sudo apt-get install gufw

2. Start gufw

gufw

3. Press unlock. Enter password.

4. Press enable.

5. Settings: Incoming: Deny Outgoing: Allow

Microphone[edit]

Does your computer or notebook have a microphone? You could have a built-in one, but never noticed it. In most cases it is recommended to disable your microphone for security reasons. If your Whonix-Workstation ever gets compromised by malware, an adversary could eavesdrop through your microphone. It is save to assume, that everyone has have a unencrypted phone call during ones life time and that one of them has been recorded.

Voice and writing is very personal, unique so your non-anonymous and "anonymous" voice can be easily linked. This is called voice recognition and documented on the VoIP wiki page in the introduction chapter. (For writing this technique is called stylometry and documented on the Surfing Posting Blogging wiki page.)

External microphones should be unplugged for ultimate security. If your microphone is built-in and you decide to disable your microphone, you can check the BIOS see find out if the microphone can be disabled. Removing built-in microphones may be a bit more difficult, but if you have the skills to remove it, go for it.

By default, unfortunately microphones connected to your host are available to virtual machines such as the Whonix-Workstation.

If you want to make internet calls, Voice over IP (VoIP) or use the microphone for other reasons inside Whonix-Workstation, use Multiple Whonix-Workstations and use the microphone only in selected, not all Whonix-Workstations. Unplug your microphone after use.

For VoIP purposes you may need to enable audio passthrough capability for your respective hypervisor. This page documents the steps on getting audio working on supported platforms.

Expand for more information:

Webcam[edit]

Does your computer or notebook have a webcam? You could have a built-in one, but just never noticed - check your computer's datasheet and operating system hardware manager.

Unless you plan to use a webcam inside Whonix-Workstation, it's recommended to disable or possibly remove your webcam. If you do plan to use a webcam you should disable and possibly unplug your webcam after use.

External webcams should be unplugged for optimal security. If your webcam is built-in and you decide to disable it, you can check the BIOS to find out if the webcam can be disabled. Removing built-in webcams may be a bit more difficult, but if you have the skills to remove it, go for it. Alternatively, cover the webcam externally.

Wireless Input Devices[edit]

Avoid using wireless keyboards and mice because most send data unencrypted. Even if this wasn't the case, there is no way to verify the robustness of the crypto involved in proprietary products. A local adversary (up to 100 meters away) can sniff keystrokes and inject their own, allowing them to take over the machine.^[40][41]

Backups[edit]

Backups of sensitive data is important. Data where you do not posses at least two copies of the original should be considered lost. This is because one data medium might become inaccessible beyond repair any minute. So your computer would not even detect the risk anymore, so data recovery tools would not be of help either. (In such cases you might be lucky with professional data recovery companies, but they usually charge thousands or dollars.)

So this is what is recommended:

• original file on medium such as your internal harddrive.
• backup one. Example: on an external hardrive my manufactor A.
• backup two. Example: on an external harddrive by manufactor B.

For better security for other events such as fire or physical access such as robbery, backups in separate physical locations are recommended. Additionally backups at remote servers are also an option, but then you really must make sure to get the encryption right.

Whonix information[edit]

MAC Address[edit]

Introduction[edit]

All network cards, both wired and wireless, have a unique identifier stored within them called their MAC address^[42]. This is used to assign an address to your computer on the local network. This address is not traceable (as in it isn't passively sent to computers beyond your local router).^[43]

However, other computers on the local network could log it, which then would provide proof that your computer has been connected to that network. If you are using an untrusted, public network you should consider spoofing^[44] it.

IMPORTANT NOTE: According to recent research^[45] , MAC address spoofing is not effective against advanced tracking techniques that can still enumerate it by looking at physical characteristics of the Wi-Fi card. Manufacturers need to modify their hardware's drivers or firmware to add privacy preserving mitigations.

A workaround is to buy new "burner" WiFi USB sticks of different brands. Take care to disable your machine's native WiFi functionality in the BIOS because odds are its characteristics are already logged if you used it from any untrusted hotspot. Enable connectivity with these burner devices only from the intended public destination. At no point should you use them to connect from a network tied to you or a place you regularly visit. Use a different stick for every new location to avoid location profiling/tracking.

Dealing with MAC Addresses is one piece of the puzzle of the location tracking problem. Attention must be given to changing the usual entry guards you connect to - for every Tor instance on your machine host (apt-transport-tor) and guest to thwart this type of attack.

Using your home connection[edit]

Changing your MAC address is not required. However, when not using a VM your physical MAC address could be revealed in the case of a browser exploit. If you are already under suspicion, this would eventually provide proof of your identity. When the MAC address has been changed, root access is required to discover the real physical address. (Note: This is yet to be tested)

Consider: If your home network uses a cable modem internet connection, the ISP either provides the cable modem device as part of the service or requires pre-registration of the MAC address of your self-provided cable modem in order to setup your service. If you manage to hack/change the MAC address of the modem, your service would immediately cease functioning (because the IP assignment is apportioned for, and bound to, that specific MAC address). As a result, when connecting from behind a cable modem/NAT router, spoofing the MAC address of your PC's ethernet adapter may be pointless. If you are traced, the trackable endpoint will be the MAC address of your cable modem device.

Using a public computer (e.g. in a library, Internet-cafe)[edit]

The MAC address should not be changed, as it may bring undesired admin attention to your service and/or simply forbid your access to the Internet.

Using a personal computer (e.g. a laptop, wherever it happens) in a public network[edit]

The MAC address should be changed, and /var/lib/tor/state should be removed so that a new set of guards is selected.

It is advisable that the admin not discover the use of Tor on your computer. This depends on your configuration, i.e. perhaps you are using obfsproxy or you tunnel your traffic through SSH/VPN.

Changing the MAC address and being a Tor user, depending on your personal threat model, might be risks for re/visiting that public network.

If you are going to reuse the same public network, you have to decide, if you are going to use the very same MAC address (and set of guards) or if you are going to create a new MAC address. If you suspect that the admin has seen you and logged the MAC, it could be unwise to change the MAC address, since this could be appear suspect. If you believe that public network is adequately public and that you have not bee observed, you might decide to use a new MAC address (popular vendor ID, random/unique second part) each time you use this network.

For more discussion on this rather difficult topic, see Dev/MAC.

Random MAC address[edit]

Using a random MAC address is not recommended. While this might sufficiently confuse some adversaries, it will not defeat skilled adversaries. If you are using a random MAC address, it might happen that the vendor ID of the MAC address is non-existent. Even if it was existent, you might end up with a vendor ID, which has either never been used or not been used in decades. If you are going to spoof your MAC, you have to use a popular vendor ID.

The initial second part of the MAC address may be random/unique.

As yet, we cannot provide detailed instructions on how to create such appropriate MAC addresses. Research is still ongoing.

The reason why MAC changing is not always enabled is that it might cause problems on some networks.

Auto-connect issue[edit]

Apart from the difficulty creating an appropriate MAC address, there are also technical hurdles. All the work of creating this MAC will be futile if you boot your computer and it instantly connects to the public network and spills your MAC address. For Virtual Machine users: your host operating system most likely automatically connects (updates, perhaps time sync). For Physical Isolation users: Whonix-Gateway automatically connects to Tor after start.

Also if you use a USB WiFi device, this might also occur.

Changing MAC address[edit]

For Qubes Hosts[edit]

Qubes users do this in their NetVM. Refer to the Qubes documentation / support. See:

• https://www.qubes-os.org/doc/randomizing-your-mac-address/
• https://groups.google.com/forum/#!searchin/qubes-users/macchanger/qubes-users/gUPK-YqkC3E/WsarnjrddrsJ
• https://github.com/QubesOS/qubes-issues/issues/938

For Linux Hosts[edit]

su

apt-get update && apt-get install macchanger

su

ifconfig wlan0 down

macchanger -a wlan0

ifconfig wlan0 up

su

ifconfig wlan0 down

ifconfig wlan0 hw ether 00:AA:BB:CC:DD:EE

ifconfig wlan0 up

ip link set down wlan0

ip link set wlan0 address 00:AA:BB:CC:DD:EE

ip link set up wlan0

hwaddress ether 00:00....

pre-up macchanger -e eth0

auto eth0

sudo ifup eth0

Sources[edit]

See footnote. ^[46]

Known bugs[edit]

Check Download page for a list of known bugs.

Most Security[edit]

If you want to learn all of the security concerns that Whonix considers you should, before installing Whonix, read all Whonix Documentation pages. Depending on your security needs, you might also like to consult the Design pages.

What's next?[edit]

After reading and applying Computer Security Education, download, verify and install Whonix. Then read and apply Post Install Advice.

References[edit]

1. ↑ https://en.wikipedia.org/wiki/Malware
2. ↑ https://en.wikipedia.org/wiki/Personal_firewall
3. ↑ https://www.grc.com/lt/leaktest.htm
4. ↑ https://en.wikipedia.org/wiki/Polymorphic_code
5. ↑ https://en.wikipedia.org/wiki/Rootkit
6. ↑ http://arstechnica.com/security/2014/05/antivurus-pioneer-symantec-declares-av-dead-and-doomed-to-failure/
7. ↑ A botnet authors was even writing undefeatable malware and trolling antivirus vendors.
8. ↑ https://theintercept.com/2015/06/22/nsa-gchq-targeted-kaspersky/
9. ↑ You would have the antivirus software being installed a separate system where you have the assumption, that it is less likely of being already compromised.
   • To a degree external HDDs (such as USB or eSATA) may be useful. Sophisticated malware may compromise the for example the physical USB stack, so when booting from USB, the malware would again disable the detection by the antivirus. Also see the following blog post, USB Security Challenges. This is why Qubes OS encourages users to move the USB controller into a separate VM so the USB controller is not exposed to the host so a compromised USB controller does not compromise the whole system.
   • The most precautions way to scan a disk is to physically remove it from the computer where it was being used. Then put it into an external disk enclosure. Put the disk controller into a separate VM. Practically for now, probably only using Qubes with a USBVM. Then connect the disk to that (USB) disk controller. Hope that by reading that disk not another hypothetical exploit will compromise your scanning system. That way you could scan a disk with relative security that the not-yet-compromised scanning computer does not get compromised.
10. ↑ To reduce risks of eventual previous hardware compromised.
11. ↑ https://github.com/QubesOS/qubes-issues/issues/1344
12. ↑ temporary You can skip this Temporary chapter and move on to #Permanently if you are looking for a permanent solution. To dynamically disable TCP timestamping on Linux... (When using Qubes: in the NetVM.) Become root.
    [select code]

    sudo su

    sudo su
    Disable TCP timestamping.
    [select code]

    echo 0 > /proc/sys/net/ipv4/tcp_timestamps

    echo 0 > /proc/sys/net/ipv4/tcp_timestamps
13. ↑ http://voices.washingtonpost.com/securityfix/2007/09/microsofts_stealth_update_come.html
14. ↑ http://www.zdnet.com/blog/hardware/confirmation-of-stealth-windows-update/779
15. ↑ https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxyLeaks#Windows
16. ↑ http://log.nadim.cc/?p=78
17. ↑ http://www.pcmag.com/article2/0,2817,2400985,00.asp
18. ↑ https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive
19. ↑ http://www.theregister.co.uk/2015/09/01/microsoft_backports_data_slurp_to_windows_78_via_patches/
20. ↑ https://www.techdirt.com/articles/20130614/02110223467/microsoft-said-to-give-zero-day-exploits-to-us-government-before-it-patches-them.shtml
21. ↑ https://threatpost.com/nsa-bought-exploit-service-from-vupen-contract-shows/102314
22. ↑ http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
23. ↑ https://en.wikipedia.org/wiki/MD5#cite_note-11
24. ↑ http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/
25. ↑ https://fix-macosx.com/
26. ↑ https://fixubuntu.com/
27. ↑ http://www.theinquirer.net/inquirer/news/2168086/canonical-linux-kernel
28. ↑ https://ask.fedoraproject.org/en/question/25127/how-to-build-unity-in-fedora/
29. ↑ http://mjg59.dreamwidth.org/25376.html
30. ↑ http://www.linux-magazine.com/Online/Blogs/Off-the-Beat-Bruce-Byfield-s-Blog/Mir-vs.-Wayland-show-why-upstream-projects-matter
31. ↑ https://kver.wordpress.com/2015/05/27/making-sense-of-the-kubuntucanonical-leadership-spat/
32. ↑ http://www.pcworld.com/article/2998647/operating-systems/kubuntus-founder-resigns-accuses-canonical-of-defrauding-donors-and-violating-copyright.html
33. ↑ https://lists.ubuntu.com/archives/kubuntu-devel/2012-February/005782.html
34. ↑ https://www.fsf.org/news/canonical-updated-licensing-terms
35. ↑ http://mjg59.dreamwidth.org/37113.html
36. ↑ https://forums.linuxmint.com/viewtopic.php?t=152450
37. ↑ http://www.zdnet.com/article/microsoft-and-canonical-partner-to-bring-ubuntu-to-windows-10/
38. ↑ https://en.wikipedia.org/wiki/Uncomplicated_Firewall
39. ↑ https://www.virtualbox.org/ticket/12026
40. ↑ https://www.schneier.com/blog/archives/2016/03/security_vulner_6.html
41. ↑ https://www.schneier.com/blog/archives/2016/08/security_vulner_7.html
42. ↑ https://en.wikipedia.org/wiki/MAC_address
43. ↑ Unless your computer is infected with Malware looking for this number.
44. ↑ https://en.wikipedia.org/wiki/MAC_spoofing
45. ↑ Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms
46. ↑
    • https://tails.boum.org/contribute/design/MAC_address/
    • https://tails.boum.org/todo/macchanger/
    • https://tails.boum.org/blueprint/macchanger/
    • Worth reading! Thanks to Tails!
    • Dev/MAC

License[edit]

Whonix Computer Security Education wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix Computer Security Education wiki page Copyright (C) 2012 -2014 Patrick Schleizer <adrelanos@riseup.net>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it
under certain conditions; see the wiki source code for details.

https | (forcing) onion
Share: Twitter | Facebook | Google+ This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.