Actions

Whonix Release Notes

Whonix 13 Changelog[edit]

Whonix 13 was released on May 31, 2016. [1] Whonix 13 contains many small security and usability improvements, features and bug fixes. [2] [3] [4]

All Platforms[edit]

AppArmor[edit]

  • Fixed the Tor Browser AppArmor profile to allow correct functionality. [5]
  • Resolved AppArmor conflicts affecting Pidgin, Chromium and Evince. [6]
  • Merged AppArmor profiles for sdwdate, timesync and whonix-check into their corresponding packages and now install them by default. [7]

Bug Fixes[edit]

  • Fixed broken whonix-setup-wizard functionality. [8]

Code[edit]

  • Updated Whonix code for Tor Browser tb-updater. [9]
  • Refactored the Whonix socks redirection firewall rules to reduce their size and use less script code. [10] [11]
  • Refactored Whonix code so that scripts only use configuration files that end with the .conf extension. [12]

Improved Functionality and Usability[edit]

  • Modified whonixcheck to test for slow or fast system clocks which prevent Tor from properly connecting. [13]
  • Implemented an explicit check for timekeeping watchdog kernel messages in whonixcheck, so users are warned about clock jumps which prevent / time-out Tor connections. [14]
  • Enforced maximized terminal windows for xdg desktop users. [15] [16]
  • Enabled Transparent Proxy Ports for Whonix-Gateway by default (except for Whonix-Firewall). [17] [18]
  • Configured Whonix to use /etc/skel instead of writing to the home folder directly to maintain forward compatibility with Qubes. Further, this allows for proper error-handling where "user" is hardcoded in Whonix, and a newly created account with a different name has been used. [19]
  • Deprecated the timesync progress bar and replaced it with a tray icon using sdwdate-gui to improve usability and reduce confusion. [20]
  • Created a stable-proposed-updates repository for users who want to help in testing Whonix fixes, without resorting to the testers repository which comes with many more changes. [21]
  • Moved the WhonixBackupScript to the usability-misc package to make it more accessible. [22]
  • Replaced XChat with HexChat, since the former is no longer actively maintained, and created a new AppArmor profile to contain it. [23]
  • Implemented a VPN_FIREWALL feature as part of whonix-ws-firewall. [24]

Security Enhancements[edit]

  • Created a security-misc package that turns off Nautilus and Dolphin file previews by default, since this poses security risks. [25]
  • A known, good version of Tor is now maintained and uploaded to the Whonix repository from deb.torproject.org [26]
  • Uploaded the Tor 0.3.2.9 major (stable) release to the Whonix repository to enable full v3 onion functionality for both hosting of onion services and access to v3 onion addresses in Tor Browser. [27]
  • Extended the lifetime of the Whonix signing key. [28]
  • Sourced new onion services webservers for the sdwdate feature, which ensures the system's clock is correctly set for security, privacy and anonymity purposes. [29]

Qubes-Whonix[edit]

Bug Fixes[edit]

  • Fixed qubes-whonix-firewall systemd service start. [30] [31]
  • Resolved whonixcheck fixes for Qubes R4. [32]
  • Corrected false positive failure messages for the updates proxy test in Qubes R4. [33] [34]
  • Disabled qubes-SetDateTime / qubes.SyncNtpClock in Qubes-Whonix VMs since it interfered with timesync. [35]
  • Resolved accumulation of old Tor Browser instances in /var/cache/tb-binary/.tb/ which caused users to run into full disk error messages. [36]
  • Resolved an occasional error message whereby Whonix templates incorrectly reported they were not connected to the Whonix-Gateway ProxyVM. [37]
  • Resolved the broken anon-ws-disable-stackedtor function in Qubes-Whonix. [38]
  • Enforced the opening of all links from sys-whonix, whonix-gw and whonix-ws in the anon-whonix AppVM to prevent error messages. [39]

Builds[edit]

  • Corrected the build failure of Whonix-Workstation template in Qubes-Whonix R3.2 and added the qubes-template-whonix to continuous integration service TravisCI. [40]
  • Resolved Whonix template build failures in Qubes R4 related to Tor Browser downloads. [41]
  • Changed the Qubes-Whonix build process to install Whonix from the Whonix binary APT repository. This simplifies code, results in faster builds, removes build dependencies inside the template, and reduces the overall template size. [42]
  • Allowed the Whonix build script to run as root and reworked user_name. [43]

Code[edit]

  • Removed fetching of Whonix source code in qubes-template-whonix. [44]
  • Removed the qubes-update-check system service from Qubes-Whonix TemplateVMs, since it was unnecessary. [45] [46]
  • Reworked / removed a number of installed packages in Qubes-Whonix which are only required for the non-Qubes-Whonix desktop. [47] [48]
  • Removed the default username and password in the Qubes-Whonix terminal, because it is not required. [49]

Improved Functionality and Usability[edit]

  • Ported whonixcheck and tb-updater to Qubes' qrexec-based updates proxy, since TemplateVMs are non-networked by default in Qubes R4. [50]
  • Changed the tb-updater configuration to use Qubes updates proxy, since Qubes R4 sets the NetVM of TemplateVMs to none by default. [51]
  • Implemented the ability to install Whonix-Workstation and Whonix-Gateway from dom0 with a sudo apt-get install whonix-(workstation|gateway) feature. [52]
  • Ported the bind-directories functionality upstream to Qubes. [53]
  • Implemented the new bind-directories functionality in Qubes-Whonix. [54]
  • Implemented a check for whether the whonix-gw ProxyVM (sys-whonix) has a NetVM which is set to "none", with a warning shown if this is the case. [55]
  • Implemented a new feature so that following an update of the Whonix-Workstation TemplateVM, newly created AppVMs based on the updated TemplateVM come with an up-to-date version of Tor Browser. [56]
  • Modified whonixcheck to check if: Whonix-Gateway is running in a NetVM or ProxyVM; Whonix-Workstation is running in an AppVM; and to skip the test if a TemplateVM is detected. [57]

Security Enhancements[edit]

  • Prevented /usr/lib/qubes/qubes-setup-dnat-to-ns from running in Qubes-Whonix to stop it from modifying firewall rules. [58]

Whonix 14 Changelog[edit]

Whonix 14 was released on August 6, 2018. Significantly, Whonix 14 is based on the Debian stretch (Debian 9) distribution which was released in mid-2017, instead of Debian jessie (Debian 8). [59]. Users now have access to numerous updated and new software packages, a more modern branch of GnuPG, and more. [60] [61] [62]

All Platforms[edit]

AppArmor[edit]

  • Fixed the whonixcheck AppArmor profile to remove continuous denied messages relating to signal. [63]
  • Fixed the AppArmor profile for obfs4proxy to enable correct functioning of Tor Bridges in Whonix-Gateway. [64]
  • Fixed the Tor Browser AppArmor profile to allow correct functionality. [65]
  • Corrected the tor-controlport-filter AppArmor profile to ensure correct functioning. [66]
  • Removed the Pidgin AppArmor profile, since Pidgin is recommended against for security reasons. [67]
  • Hardened the Control Port Filter AppArmor profile. [68]
  • Disabled installation of apparmor-notify (AppArmor notifications) by default, thereby removing the reporting of mostly harmless denied messages. [69] [70]

Bug Fixes[edit]

  • Corrected the broken whonix-setup-wizard autostart on Whonix-Gateway. [71]
  • Fixed sdwdate-gui freezing when using right-click in the menu. [72]
  • Fixed dependency issues which prevented the whonix-setup-wizard gui from starting. [73]
  • Implemented the correct Tor --verify command for Whonix-Gateway torrc configuration checks to prevent the reporting of false positives. [74]
  • Modified the uwt wrapper script to correctly handle symbolic links. [75]
  • Changed the Whonix-Gateway firewall prerouting rules for socks ports so they do not interfere with trans port traffic. [76]
  • Modified whonixcheck to first test if network interfaces are up to prevent the test from failing unnecessarily. [77]
  • Fixed a whonixcheck whonix-firewall check race condition. [78]

Builds[edit]

  • Resolved genmkfile build dependencies for building Whonix-Workstation and Whonix-Gateway. [79]
  • Confirmed the new and upgraded Whonix 14 builds are identical. [80] [81]
  • Fixed debian/control parsing with respect to make_deb_build_dependencies / make_deb_runtime_dependencies. [82]

Code[edit]

  • Updated Whonix code for Tor Browser tb-updater. [83]
  • Changed the bindp compile to postinstall to make it cross-platform (Qubes, 64-bit, 32-bit). [84]
  • Rewrote sclockadj in C and updated the sdwdate package to compile sclockadj. [85] [86]
  • Implemented symlinks for onion-grater profiles to maintain functionality following profile upgrades. [87]
  • Enhanced onion checking in sdwdate to improve the unit test. [88]
  • Ported msgcollector to python3 and python3-pyqt5. [89]
  • Ported whonix-setup-wizard to python3. [90]
  • Ported python-guimessages to python3. [91]
  • Rewrote sdwdate to ensure python exceptions are written to the journal. [92]
  • Rewrote control-port-filter-python to ensure exceptions are written to the journal. [93]
  • Re-added some non-essential packages to Whonix that were removed from Debian stretch. [94] [95]
  • Ported anon-shared-helper-scripts so they instead use Tor authentication cookies. [96]
  • Ported whonixcheck check_tor_socks_port_reachability.bsh to use the Tor unix domain socket socks file. [97]
  • Ported anon-ws-disable-stacked-tor to systemd socket activation to remove unnecessary, idle socat listeners. [98] [99]
  • Removed auditd configuration folder parsing /etc/audit/rules.d/ by default, since the feature has been implemented upstream.
  • Implemented anonymous counting of Whonix users via the whonixcheck Whonix News function. [100] [101]
  • Implemented, but did not activate changes to the Whonix firewall so: sdwdate is stopped before suspend; timesync-fail-closed mode is set before suspend; sdwdate is restarted after resume; and Whonix firewall enters full mode after resume following successful sdwdate activation. [102]
  • Configured auditd to process the configuration folder /etc/audit/rules.d/ by default to aid debugging. [103] [104]
  • Implemented monitoring of changes to /var/lib/tor/lock access rights via auditd to aid debugging. [105]
  • Modified anon-ws-disable-stacked-tor to maintain Tor Browser functionality with Unix domain socket files redirection and prevent Tor over Tor scenarios. [106]
  • Configured whonixcheck to test for failed daemons. [107]
  • Implemented a sdwdate sd_notify systemd watchdog. [108]
  • Disabled systemd-resolved and instead implemented a /lib/systemd/system/systemd-resolved.service.d/ drop-in. [109]
  • Ported /usr/sbin/service to systemctl as the latter runs non-interactively. [110]
  • Disabled timedatectl network time synchronization in Debian stretch to prevent conflicts with sdwdate. [111]
  • Removed brltty, brltty-speechd and brltty-x11 since they create a local listener port which may conflict with onion-grater. [112]
  • Modified anon-ws-disable-stacked-tor systemd-unit-files-generator so it is configurable. [113]
  • Rewrote slockadj3 in C and determined how to prevent spamming of sclockadj3 time changes to logs. [114] [115] [116] [117]

Improved Functionality and Usability[edit]

  • Implemented the major new Anon Connection Wizard feature to simplify connections to the Tor network via a Tor bridge and/or a proxy. [118]
  • Integrated the Tor Pluggable Transport meek_lite. [119]
  • Integrated anon-connection-wizard into whonix-setup-wizard, so that the latter can now start the former. [120]
  • Removed the Control Port Filter Proxy script from anon-ws-disable-stacked-tor since it is no longer required for proper Tor connections or Tor Browser functions (its functionality is now replaced by onion-grater). This means Ricochet, Zeronet and OnionShare are now compatible with Whonix. [121] [122] [123]
  • Installed necessary dependencies for proper ZeroNet functionality. [124]
  • Installed onioncircuits by default in Whonix-Gateway. [125]
  • Added --list-interface to tor-controlport-filter, as it works better with dynamic IP addresses. [126]
  • Added a /etc/tor-controlport-filter.d configuration extension feature. [127]
  • Fixed the control-port-filer-python configuration to rewrite HS_DESC replies by Tor, so OnionShare is supported. [128]
  • Merged the tor-controlport-filter by Tails for various enhancements. [129]
  • Implemented more user-friendly error messages (instead of tb-starter error handlers) when non-Whonix related Tor Browser issues cause start-tor-browser to fail and exit zero. [130]
  • Implemented sane built-in defaults for whonix-gw-firewall, whonix-ws-firewall, whonixcheck, sdwdate, uwt, onion-grater, rads, open-link-confirmation, tb-starter and tb-updater, even if configuration files do not exist. [131]
  • Changed uwt to set AllowOutboundLocalhost / AllowInbound which can help make servers utilizing Tor onion services work. [132]
  • Implemented a sd_notify watchdog feature for onion-grater so the service is restarted if it appears to be running, but has became unresponsive. [133]
  • Created a bindp Whonix package to enable Whonix-Workstation applications that use Tor ephemeral onion services to bind on all interfaces as necessary. [134]
  • Modified sdwdate to check if the clock is changed "behind the back" of the program and suggest a manual user fix. [135]
  • Improved default torsocks information / warning messages when wrapped commands are invoked to reduce user confusion. [136]
  • Both non-Qubes-Whonix and Qubes-Whonix are now compatible with the Tor Project's sandboxed Tor Browser. [137]

Security Enhancements[edit]

  • Confirmed functionality of the kloak anti-keystroke deanonymization tool in Whonix. [138] [139]
  • Identified more reliable onion servers as appropriate time sources for sdwdate, which enables correct network time synchronization for anonymity-focused distributions. [140]
  • Implemented Tails' Control Port Filter Proxy in Whonix and merged recent changes since it was forked. [141] [142]
  • Fixed security and hardening (stack canary) issues with the bindp libindp.so package (which were merged upstream). [143]
  • Uploaded Tor version 0.3.3.9 (stable) release to the Whonix repository to enable full v3 onion functionality for both hosting of onion services and access to v3 onion addresses in Tor Browser. [144]
  • Onion sources are now preferred for Whonix updates/upgrades for greater security. [145]
  • Disabled the apt-timer in Debian stretch to prevent auto updates, thereby preventing the attendant security risks associated with background updates without user input. [146]
  • Disabled nautilus previews by default due to the security risks. [147]
  • Implemented uwt to set TORSOCKS_ISOLATE_PID in Debian Stretch so all uwt wrapped applications are stream isolated. [148]
  • Implemented tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false" for better security and stream isolation. [149]
  • Disabled the systemd DNS resolver feature in order to reduce the attack surface and to remove the potential for adverse anonymity impacts. [150]
  • Established a dedicated Whonix.org repository, with appropriate redirects from Whonix mirrors. [151]
  • Removed the DHCP client from Whonix-Gateway and switched to a static network configuration so the dhclient is no longer present on all interfaces, including the internal network. [152]
  • Disabled VLC metadata collection by default. [153]
  • Disabled "Obey DRM limitations" in Okular, [154] since Digital Rights Management (DRM) can be used as a tracking vector. [155] [156]

Non-Qubes-Whonix[edit]

Bug Fixes[edit]

  • Increased the Whonix-Gateway VRAM in VirtualBox from 8 to 16 MB to avoid error messages and possible video problems when using full screen mode. [158]
  • Corrected sdwdate-gui systray so it properly registers in kde systray and does not appear as a gap in the Entry column. [159]
  • Corrected the sdwdate-gui tray icon so it is visible in Debian stretch. [160]
  • Corrected the virtualization detection method to properly recognize KVM. [161]

Builds[edit]

  • Reduced the size of the default, binary Whonix images by approximately 50 per cent using zerofree. [162] [163] [164] [165]

Code[edit]

  • Removed kmix-disable-autostart since it is no longer required to make sure the clipboard history icon is loaded into the system tray. [166]

Improved Functionality and Usability[edit]

  • Created the grub-live package which can run Whonix as a live system. [167] [168]
  • Added Kscreen to Whonix by default in order to allow DPI scaling and other basic desktop features of Plasma 5. [169]
  • Removed the VirtualBox shared folder and confirmed automounting of shares is enabled in Debian stretch. [170]

Security Enhancements[edit]

  • Removed okular from anon-shared-applications-kde to anon-workstation-default-applications so it is not installed on Whonix-Gateway. [171]
  • Hide the CPUID in VirtualBox 5 by setting generic values via HostCPUID. [172]

Qubes-Whonix[edit]

Bug Fixes[edit]

  • Implemented whonixcheck fixes for Qubes R4. [173]
  • Corrected false positive failure messages for the updates proxy test in Qubes R4. [174] [175]
  • Resolved non-functionality of Tor Browser due to jemalloc corruption. [176]
  • Resolved segfaults in Tor Browser caused by excessive string length in the XDG_CONFIG_DIRS environment variable. [177]
  • Resolved accumulation of old Tor Browser instances in /var/cache/tb-binary/.tb/ which caused users to run into full disk error messages. [178]
  • Corrected dependencies in the qubes-whonix package to resolve issues when upgrading to Debian stretch. [179]
  • Fixed a corridor lintian warning on Debian related to systemd documentation. [180]
  • Resolved error messages associated with tput using an empty TERM environment variable. [181]
  • Resolved the failure of tb-updater to copy Tor Browser into the user's home directory on first VM startup in Qubes R4. [182] [183] [184]
  • Implemented the correct appmenus for Qubes-Whonix 14 TemplateVMs and fixed missing appmenu entries. [185] [186]
  • Resolved the false positive timedatectl error message when using whonixcheck. [187]
  • Corrected the absent 'Connected to Tor.' message, which arose due to a missing notification daemon. [188]
  • Resolved non-persistence of files in /usr/local, such as the Tor configuration file. [189] [190]
  • Implemented a qvm-features-request whonix-ws=1, so that newly created Whonix-Workstation AppVMs inherit the anon-vm tag. [191] [192] [193]
  • Created qubes-core-admin-addon-whonix to enforce the anon-vm tag for newly created Whonix-Workstation AppVMs. [194]
  • Removed redundant warning messages affecting Whonix-Workstation DisposableVMs that related to the first invocation of an open-link-confirmation. [195]
  • Fixed an apt-get package issue whereby some users were downgraded to a known vulnerable version. [196] [197]
  • Corrected an aptitude update failure which affected all Qubes-Whonix VMs. [198]
  • Installed Tor Browser by default in Whonix-Workstation-DisposableVMs, as it was previously missing upon VM launch. [199]
  • Fixed the periodic failure of Whonix-Workstation AppVMs to start correctly, which prevented the launch of any user applications. [200]
  • Fixed an error which caused /etc in Qubes-Whonix templates to be owned by user:user [201]

Builds[edit]

  • Corrected the build failure of the Whonix-Workstation template in Qubes-Whonix R3.2 and added qubes-template-whonix to the continuous integration service TravisCI. [202]
  • Removed older unstable Whonix 14 builds from Qubes' unstable repository. [203]
  • Resolved unexpected build failures. [204]
  • Removed Whonix 14 templates from Qubes' unstable repository, since testing versions now reside in qubes-templates-community-testing. [205]
  • Backported versioning of Whonix template names from Qubes R4 to Qubes R3.2 to simplify the installation procedure for users on the earlier platform. [206]

Code[edit]

  • Removed cups and system-config-printer from Whonix-Workstation, since printing capabilities are better suited to alternate VMs and this also removes a local TCP listener that is otherwise created. [207]
  • Corrected anon-meta-packages compatibility for Qubes R3.2 and R4. [208]
  • Installed pulseaudio-qubes for audio support and removed pulseaudio and VLC from sys-whonix. [209]
  • Created a qvm-features-request whonix-gw=1 as a prerequisite for sdwdate-gui-qubes. [210]

Improved Functionality and Usability[edit]

  • Confirmed full Qubes-Whonix compatibility with Qubes R4. [211]
  • Created a tb-updater storage path for Qubes R4 so new AppVMs and DisposableVMs have a copy of the latest Tor Browser version. [212] [213]
  • Created Qubes-Whonix 14 SaltStack state files with flexible versioning for future releases. [214] [215]
  • Modified Qubes-Whonix Salt code so the repository is not hard-coded, allowing users to choose either the qubes-templates-community or qubes-templates-community-testing repository. [216]

Licensing[edit]

  • Added a COPYING file to the Qubes-Whonix template repository to assure users they are covered by a free software license. [217] [218]

Security Enhancements[edit]

  • Added Qubes-Whonix tags on domain-load rather than upon VM creation to avoid missing tags for users that upgrade. [219]

Whonix 14 Updates[edit]

As Whonix is now a rolling distribution, users will benefit from regular small security and usability improvements, features and bug fixes as they enter the Whonix stable repository. Those will be announced here.

All Platforms[edit]

TODO

Non-Qubes-Whonix[edit]

TODO

Qubes-Whonix[edit]

TODO

Footnotes[edit]

  1. https://www.whonix.org/blog/whonix-13-released
  2. https://phabricator.whonix.org/maniphest/query/TfpGK0Sq8w1j/#R
  3. Descriptions of changes in Whonix 12 and earlier versions can be found on sourceforge.net
  4. A handful of issues have been fixed in both Whonix 13 and Whonix 14 and backported to both versions.
  5. https://phabricator.whonix.org/T672
  6. https://phabricator.whonix.org/T314
  7. https://phabricator.whonix.org/T201
  8. https://phabricator.whonix.org/T499
  9. https://phabricator.whonix.org/T666
  10. https://phabricator.whonix.org/T465
  11. The same firewall rules are still applied.
  12. https://phabricator.whonix.org/T286
  13. https://phabricator.whonix.org/T482
  14. https://phabricator.whonix.org/T480
  15. https://phabricator.whonix.org/T451
  16. For instance, tor-arm, restart Tor and other terminal programs.
  17. https://phabricator.whonix.org/T435
  18. This does not enable transparent proxying by default, but is required in Qubes so tinyproxy traffic can be redirected to 127.0.01 instead of to qubes-netvm-gateway.
  19. https://phabricator.whonix.org/T419
  20. https://phabricator.whonix.org/T300
  21. https://phabricator.whonix.org/T200
  22. https://phabricator.whonix.org/T159
  23. https://phabricator.whonix.org/T40
  24. https://phabricator.whonix.org/T158
  25. https://phabricator.whonix.org/T418
  26. https://phabricator.whonix.org/T472
  27. https://phabricator.whonix.org/T764
  28. https://phabricator.whonix.org/T497
  29. https://phabricator.whonix.org/T266
  30. https://phabricator.whonix.org/T528
  31. This fixes various bugs relating to Tor starting / failing multiple times and qubes-whonix-torified-updates-proxy sometimes failing.
  32. https://phabricator.whonix.org/T724
  33. https://phabricator.whonix.org/T723
  34. Qubes R4 RC1.
  35. https://phabricator.whonix.org/T384
  36. https://phabricator.whonix.org/T671
  37. https://phabricator.whonix.org/T496
  38. https://phabricator.whonix.org/T454
  39. https://phabricator.whonix.org/T452
  40. https://phabricator.whonix.org/T527
  41. https://phabricator.whonix.org/T710
  42. https://phabricator.whonix.org/T498
  43. https://phabricator.whonix.org/T416
  44. https://phabricator.whonix.org/T507
  45. https://phabricator.whonix.org/T433
  46. The qubes-update-check.service already has improved upgrade notifications.
  47. https://phabricator.whonix.org/T429
  48. For instance, plasma-widget-folderview, kde-kdm-autologin, split the anon-shared-desktop-kde package and so on.
  49. https://phabricator.whonix.org/T428
  50. https://phabricator.whonix.org/T491
  51. https://phabricator.whonix.org/T477
  52. https://phabricator.whonix.org/T461
  53. https://phabricator.whonix.org/T414
  54. https://phabricator.whonix.org/T501
  55. https://phabricator.whonix.org/T421
  56. https://phabricator.whonix.org/T417
  57. https://phabricator.whonix.org/T406
  58. https://phabricator.whonix.org/T502
  59. https://www.debian.org/releases/stretch/
  60. https://www.debian.org/News/2017/20170617
  61. https://www.debian.org/releases/stable/amd64/release-notes/
  62. https://www.debian.org/releases/stable/i386/release-notes/
  63. https://forums.whonix.org/t/apparmor-and-kernel-4-14-18-1-creates-tons-of-kern-log-pop-ups/4811?
  64. https://phabricator.whonix.org/T676
  65. https://phabricator.whonix.org/T672
  66. https://phabricator.whonix.org/T587
  67. https://phabricator.whonix.org/T568
  68. https://phabricator.whonix.org/T532
  69. https://phabricator.whonix.org/T557
  70. The Whonix documentation recommends that advanced users install apparmor-notify to investigate relevant warnings.
  71. https://phabricator.whonix.org/T640
  72. https://phabricator.whonix.org/T626
  73. https://phabricator.whonix.org/T592
  74. https://phabricator.whonix.org/T787
  75. https://phabricator.whonix.org/T797
  76. https://phabricator.whonix.org/T462
  77. https://phabricator.whonix.org/T490
  78. https://phabricator.whonix.org/T675
  79. https://phabricator.whonix.org/T700
  80. https://phabricator.whonix.org/T760
  81. https://phabricator.whonix.org/T761
  82. https://phabricator.whonix.org/T643
  83. https://phabricator.whonix.org/T666
  84. https://phabricator.whonix.org/T688
  85. https://phabricator.whonix.org/T686
  86. https://phabricator.whonix.org/T650
  87. https://phabricator.whonix.org/T768
  88. https://phabricator.whonix.org/T648
  89. https://phabricator.whonix.org/T632
  90. https://phabricator.whonix.org/T628
  91. https://phabricator.whonix.org/T627
  92. https://phabricator.whonix.org/T608
  93. https://phabricator.whonix.org/T603
  94. https://phabricator.whonix.org/T601
  95. gtk3-engines-oxygen.
  96. https://phabricator.whonix.org/T578
  97. https://phabricator.whonix.org/T548
  98. https://phabricator.whonix.org/T623
  99. This also reduces the RAM load caused by too many socat instances.
  100. https://phabricator.whonix.org/T689
  101. This measure takes place over Tor using a v3 onion. It does not include collection of IP addresses or unique identifiers of any kind, and can be easily disabled.
  102. https://phabricator.whonix.org/T551
  103. https://phabricator.whonix.org/T535
  104. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833474
  105. https://phabricator.whonix.org/T537
  106. https://phabricator.whonix.org/T192
  107. https://phabricator.whonix.org/T488
  108. https://phabricator.whonix.org/T639
  109. https://phabricator.whonix.org/T762
  110. https://phabricator.whonix.org/T637
  111. https://phabricator.whonix.org/T589
  112. https://phabricator.whonix.org/T563
  113. https://phabricator.whonix.org/T796
  114. https://phabricator.whonix.org/T691
  115. https://github.com/systemd/systemd/issues/5207
  116. https://phabricator.whonix.org/T686
  117. https://phabricator.whonix.org/T50
  118. https://phabricator.whonix.org/T699
  119. https://forums.whonix.org/t/censorship-circumvention-tor-pluggable-transports/2601
  120. https://phabricator.whonix.org/T716
  121. OnionShare is not installed by default in Whonix 14 because it is not in the stretch repository, however it may be manually installed using the available wiki instructions.
  122. https://phabricator.whonix.org/T657
  123. onion-grater:

    Filters out Tor control protocol commands that are dangerous for anonymity such as GETINFO ADDRESS using a whitelist. Acts as a proxy between the client application and Tor.

    For example it allows using Tor Browser's New Identity feature on Anonymity Distribution Workstations, fixes Tor Browser's about:tor default homepage and Tor Button status indicator without exposing commands that are dangerous for anonymity.

  124. https://phabricator.whonix.org/T701
  125. https://forums.whonix.org/t/onioncircuits-viewing-the-status-and-circuits-of-tor/2539
  126. https://phabricator.whonix.org/T579
  127. https://phabricator.whonix.org/T576
  128. https://phabricator.whonix.org/T574
  129. https://phabricator.whonix.org/T573
  130. https://phabricator.whonix.org/T510
  131. https://phabricator.whonix.org/T503
  132. https://phabricator.whonix.org/T357
  133. https://phabricator.whonix.org/T274
  134. https://phabricator.whonix.org/T561
  135. https://phabricator.whonix.org/T481
  136. https://phabricator.whonix.org/T73
  137. This is no longer recommended, since the The Tor Project has ceased development and stopped building and distributing sandboxed-tor-browser binaries.
  138. https://phabricator.whonix.org/T583
  139. kloak will not be packaged in Whonix by default unless various upstream issues are resolved. The project currently appears inactive; see here.
  140. https://phabricator.whonix.org/T647
  141. https://phabricator.whonix.org/T617
  142. https://phabricator.whonix.org/T612
  143. https://phabricator.whonix.org/T599
  144. https://phabricator.whonix.org/T764
  145. Both clearnet and onion sources are in use. Priority is given to onions, with clearnet providing a fallback in case of onion connectivity issues. Where possible, v3 onion connections are preferred.
  146. https://phabricator.whonix.org/T590
  147. https://phabricator.whonix.org/T500
  148. https://phabricator.whonix.org/T356
  149. https://phabricator.whonix.org/T610
  150. https://phabricator.whonix.org/T471
  151. https://phabricator.whonix.org/T475
  152. https://phabricator.whonix.org/T559
  153. https://phabricator.whonix.org/T736
  154. The default Whonix PDF reader.
  155. https://www.locklizard.com/track-pdf-monitoring/
  156. https://phabricator.whonix.org/T776
  157. Until it is determined how to enable kde-folderview in Debian stretch.
  158. https://phabricator.whonix.org/T680
  159. https://phabricator.whonix.org/T638
  160. https://phabricator.whonix.org/T598
  161. https://github.com/Whonix/shared-folder-help/commit/2130d872d4e346bc490e70fca79e572d1d1f86df
  162. https://phabricator.whonix.org/T790
  163. http://forums.whonix.org/t/reducing-size-of-ova-images
  164. VirtualBox .ova and libvirt qcow2 raw images.
  165. The Whonix-Gateway is reduced from 1.7 GB to 850 MB, while the Whonix-Workstation is reduced from 2 GB to 1.1 GB.
  166. https://phabricator.whonix.org/T722
  167. https://phabricator.whonix.org/T714
  168. grub-live is not installed by default in Whonix 14 and is an optional package only.
  169. https://phabricator.whonix.org/T703
  170. https://phabricator.whonix.org/T702
  171. https://github.com/Whonix/anon-meta-packages/commit/a22b1807c79cb1d21447c83ed251c331cf6222f1
  172. https://phabricator.whonix.org/T408
  173. https://phabricator.whonix.org/T724
  174. https://phabricator.whonix.org/T723
  175. Qubes R4 RC1.
  176. https://phabricator.whonix.org/T651
  177. https://phabricator.whonix.org/T767
  178. https://phabricator.whonix.org/T671
  179. https://phabricator.whonix.org/T620
  180. https://phabricator.whonix.org/T607
  181. https://phabricator.whonix.org/T505
  182. https://phabricator.whonix.org/T781
  183. https://github.com/Whonix/tb-updater/issues/2
  184. https://phabricator.whonix.org/T789
  185. https://github.com/QubesOS/qubes-issues/issues/4033
  186. https://github.com/QubesOS/qubes-issues/issues/4093
  187. https://github.com/QubesOS/qubes-issues/issues/3469
  188. https://github.com/QubesOS/qubes-issues/issues/4098
  189. A persistent configuration now applies upon reboot.
  190. https://github.com/QubesOS/qubes-issues/issues/4095
  191. https://github.com/QubesOS/qubes-issues/issues/3595
  192. https://phabricator.whonix.org/T791
  193. The anon-vm tag enforces selected settings from TemplateVMs to TemplateBasedVMs which are necessary for anonymity.
  194. https://phabricator.whonix.org/T792
  195. https://github.com/QubesOS/qubes-issues/issues/4113
  196. https://github.com/QubesOS/qubes-issues/issues/4055
  197. The bug caused a version downgrade to apt-get 1.0.9.8.4
  198. https://github.com/QubesOS/qubes-issues/issues/3882
  199. https://github.com/QubesOS/qubes-issues/issues/3740
  200. https://github.com/QubesOS/qubes-issues/issues/2334
  201. https://github.com/QubesOS/qubes-issues/issues/1156
  202. https://phabricator.whonix.org/T527
  203. https://github.com/QubesOS/qubes-issues/issues/3766
  204. https://github.com/QubesOS/qubes-issues/issues/4063
  205. https://github.com/QubesOS/qubes-issues/issues/4086
  206. https://github.com/QubesOS/qubes-issues/issues/4130
  207. https://phabricator.whonix.org/T619
  208. https://phabricator.whonix.org/T697
  209. https://phabricator.whonix.org/T641
  210. https://github.com/QubesOS/qubes-issues/issues/4080
  211. https://phabricator.whonix.org/T698
  212. https://phabricator.whonix.org/T726
  213. https://forums.whonix.org/t/qubes-dispvm-technical-discussion/3232/58
  214. https://github.com/QubesOS/qubes-issues/issues/3765
  215. https://phabricator.whonix.org/T788
  216. https://github.com/QubesOS/qubes-issues/issues/4087
  217. https://phabricator.whonix.org/T810
  218. Whonix is licensed under GPLv3. The repository in question can be found here.
  219. https://github.com/QubesOS/qubes-issues/issues/4094

Random News:

Check out the Whonix blog.


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)