System Configuration and Access
Tip: Whonix should preferably be used only on computers without shared access.
It is unwise to allow others to use your computer, even if they are trustworthy individuals. If they are not equally knowledgeable in computer security, then one mistake could potentially lead to compromise of the entire system. 
Needless to say, Whonix should not be hosted in the cloud, on a foreign server that is not controlled by the user, on a virtual private server (VPS), or other remote hosting options. The risks include:  
- Data on these systems is readily accessible to their owners.
- Data can be accidentally or deliberately altered / deleted.
- Legal ownership of data is disputed.
- Shared technological vulnerabilities include insecure interfaces and application program interfaces (APIs), data loss / leakage and hardware failure.
- Proven vulnerability to large scale attacks like "hyperjacking", along with exposure to traditional threats like network eavesdropping, invasion, denial of service attacks, side-channel attacks and so on.
Use a Dedicated Host Operating System and Computer
Non-Qubes-Whonix users are recommended to use one dedicated host OS just for hosting Whonix VMs. Otherwise, if the host OS which is used daily is compromised, Whonix cannot provide any additional protection. This is because the host is part of the system's trusted computing base (TCB):
For a computer system, the trusted computing base or TCB comprises the set of all hardware, software, and firmware components that are critical to establishing and maintaining its security. Typically, the TCB consists of an operating system with all its in-built security controls, individual system hardware, network hardware and software, defined security procedures and protocols, and the actual physical location of the system itself.
Maintaining the confidentiality and integrity of data on a system is a prime responsibility of the TCB. The trusted computing base is also charged with enforcing the system’s security policy, and is the only component of a system that operates at such a high level of trust. This means that if any part of the TCB is subverted or contains flaws, the overall security policy of a system may be compromised.
See Malware and Firmware Trojans to learn more about the impacts of a compromised TCB.
For even greater security, the dedicated host OS can be used on a computer solely bought for Whonix activities. Ideally this computer will have never been used for anything else before, negating the risk of a prior hardware compromise.
Whonix on External Media
At this time, Whonix does not provide a user-friendly USB creator / image. Community contributions to progress this ticket are most welcome. Despite this, a higher level of security is attained by installing the host operating system(s) required for Whonix on a dedicated, (encrypted), external disk(s) like a USB flash drive, FireWire or eSATA device.
Using external media reduces the risk of other operating system(s) infecting Whonix's host operating system. When Whonix disk(s) are not in use, they can either be removed or hidden.
There are a number of online guides explaining how to install Linux on a USB. These instructions can be followed to create a live Whonix USB, with the exception that both a supported virtualizer and Whonix must also be installed on the external media.
- If necessary, this risk is partially mitigated by creating untrusted domains in Qubes-Whonix for other users.
Whonix System Configuration and Access wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix System Configuration and Access wiki page Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <email@example.com>
This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.