Actions

Design and Goals

(Redirected from Whonix:About)


Introduction[edit]

Whonix aims to preserve privacy and anonymity by helping users run applications anonymously. A web browser, IRC client, office suite, and more come pre-configured with security in mind.

Whonix is a complete operating system. It consists of two virtual machines -- Whonix-Gateway and Whonix-Workstation -- which are designed to be used on a host operating system (OS). The host OS supporting Whonix is usually the one installed on the user's computer, but OSes installed on external drives will also work. Users choose the preferred Whonix configuration and may use either a Type I hypervisor (Qubes-Whonix), or a Type II hypervisor like KVM and Virtualbox.

Whonix is Free Software and is based on Tor [1], Debian GNU/Linux [2], and the principle of security by isolation.

Security by Isolation[edit]

Whonix is divided into two VMs: Whonix-Workstation for work activities and Whonix-Gateway to enforce all Internet traffic routing via the Tor network. [3] This security by isolation configuration averts many threats posed by malware, misbehaving applications, and user error.

Figure: Whonix Operating System Design

Whonix concept refined.jpg

Online Anonymity via Tor[edit]

Whonix relies on the Tor network to protect a user's anonymity online; all connections are forced through Tor or otherwise blocked. Tor helps to protect users by bouncing communications around a distributed network of relays run by volunteers all around the world. Without advanced, end-to-end, netflow correlation attacks, anybody watching a user's Internet connection cannot easily determine the sites visited, and those sites cannot learn the user's physical location. [4]

To learn more about Tor, read the official documentation on the Tor website:

Based on Debian[edit]

In simple terms, Whonix is just a collection of configuration files and scripts. Whonix is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Whonix. Likewise, most problems and questions can be solved in the same way. For example: "How do I install xrandr on Whonix?" -- "The same way as in Debian apt-get install xrandr". Whonix does not break anything, limit functionality, or prevent installation of compatible software.

Whonix Version[edit]

Each Whonix release is based on a particular version of Debian:

Whonix version Debian Version Debian Codename
Whonix 14.0.0.7.4 9 stretch

Users can manually check the Whonix version at any time by following this step.

Release Schedule[edit]

Note that Whonix does not have a fixed release schedule. A new stable release only becomes available when it is deemed ready. Interested users can query the Whonix phabricator manifest [5] and release notes to track developer progress. Stay Tuned.

Support Schedule[edit]

Debian Hosts[edit]

New Debian Release

One month after a new stable version of Debian is released, Whonix VMs may no longer be supported on any older version of Debian. All users need to upgrade the Debian platform promptly after the deprecation notice in order to use Whonix safely.

New Whonix Release

One month after a new stable version of Whonix is released, older versions will no longer be supported. All users need to upgrade the Whonix platform promptly in order to remain safe.

Deprecation Notices

The deprecation notice is provided at least one month in advance and posted in the Whonix News forum. Stay Tuned! All users need to upgrade the respective platform promptly in order to remain safe. [6]

Debian-based and Other Hosts[edit]

As per Debian Hosts.

Windows Hosts[edit]

The support schedule is mostly undefined at present, but likely to mirror Debian Hosts.

Qubes Hosts[edit]

Quote Qubes-Whonix version support policy:

Whonix is an advanced feature in Qubes OS. Those who wish to use it must stay reasonably close to the cutting edge by upgrading to new stable versions of Qubes OS and Whonix TemplateVMs within a month of their respective releases. To be precise:

  • One month after a new stable version of Qubes OS is released, Whonix TemplateVMs will no longer be supported on any older version of Qubes OS. This means that users who wish to continue using Whonix TemplateVMs on Qubes must always upgrade to the latest stable Qubes OS version within one month of its release.
  • One month after new stable versions of Whonix TemplateVMs are released, older versions of Whonix TemplateVMs will no longer be supported. This means that users who wish to continue using Whonix TemplateVMs on Qubes must always upgrade to the latest stable Whonix TemplateVM versions within one month of their release.

We aim to announce both types of events one month in advance in order to remind users to upgrade.

Summary[edit]

Whonix is[edit]

  • A free and open operating system.
  • An anti-censorship tool.
  • The first step among many in hiding a user's identity.

Whonix Helps to[edit]

  • Disguise a user's IP address.
  • Prevent ISP spying.
  • Prevent websites from identifying the user.
  • Prevent malware from identifying the user.
  • Circumvent censorship.

Whonix is not[edit]

  • A one-click anonymization solution.

Next Steps[edit]

Learning more about Whonix is the best way to determine whether it is a suitable solution in your personal circumstances. The following chapters are recommended:

  • The Warning page to understand the security limitations of Whonix and Tor.
  • Further information about Whonix Features.
  • The implied Trust placed in Whonix when it is used.
  • The Security Guide, Advanced Security Guide and Design chapters detailing the Whonix specifications, threat model and implementation.
  • Other relevant Documentation explaining how to use Whonix safely.

Footnotes[edit]

  1. https://www.torproject.org/about/overview.html.en
  2. https://en.wikipedia.org/wiki/Debian
  3. In Qubes-Whonix, these VMs are named sys-whonix and anon-whonix, respectively.
  4. Current practical, low-latency, anonymity designs like Tor fail when the attacker can see both ends of the communication channel (traffic going into and out of the Tor network). If both flows are visible, simple statistics can determine whether they match up.
  5. For example, for the next release use the tag "Whonix 15" and status "Open".
  6. This also relieves Whonix developers from needing to diagnose and support old-stable versions of Qubes/Debian/Whonix, which duplicates the maintenance burden.

License[edit]

Whonix About wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix About wiki page Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.

Gratitude is expressed to JonDos for permission to use material from their website. (w) (w) [1] The "Summary of what Whonix is" chapter of the Whonix About wiki page contains content from the JonDonym documentation Features page.


Random News:

Have you read our Documentation, Technical Design and Developer Portal links yet?


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)