Anonymous operating system Whonix

Anonymous operating system Whonix.

A more comprehensive description, security features and threat model Security.

-- Tom

 

Interesting, how is security compared to Talis & Liberte?

 

Looks promising
Will wait til at least Beta release though
Popcorn

 

This system is interesting. However, to use it effectively (if I understand) you need 3 different machines.

 

Why 3 different machines?

-- Tom

 

Interesting, I didn't make an announcement anywhere and different websites are already picking this up. Found this because it's the first search result about "Whonix". I can't read each and every thread here.

It's nice to get some feedback from interested people.

https://sourceforge.net/p/whonix/wiki/Security/#comparison-of-whonix-tails-and-tbb

1 machine runs two virtual machines for default/download version.

2 machines when using physical isolation.

 

I first found out about it in DistroWatch, not sure where they heard it from.

 

That's awesome! I can't wait to give it a try. It would be better though if it could be used with an anonymous VPN's of your choice, and not just Tor.

 

Tunnel Tor through proxy, VPN or SSH
and Tunnel Proxy/SSH/VPN through Tor
or both
is already possible:

https://sourceforge.net/p/whonix/wiki/OptionalConfigurations/

You could also simply add a VPN to the host, if it's acceptable for you, that all your host traffic will goes through it. I'd recommend to configure the VPN to fail closed, see:

https://sourceforge.net/p/whonix/wiki/OtherAnonymizingNetworks/#fail-closed-mechanism

If you meant "VPN's as a Tor replacement", that feature and a lot more is considered and unfinished. But don't hold your breath for that particular one.

https://sourceforge.net/p/whonix/wiki/OtherAnonymizingNetworks/

 

@adrelanos

Could one simply add VPNs to both host and workstation VM? The host VPN would not need to be very anonymous. But the workstation VPN would need to be highly-anonymous. Best would be to use free ones, or sign up via Tor using throw-away email and well-laundered Bitcoins. Right?

 

ok, dumb question - any chance i can run this on just a netbook (2 GB RAM) and with a USB cell modem?

sounds like you're running 2 virtual machines in a host OS(?) or do you need 2 different computers?


tia

 

The easy way, using the OVA ("VM archive") downloads from SourceForge, requires a computer running VirtualBox. Whonix might run on your netbook. The gateway uses 128MB memory, and the workstation uses 768MB. I can run one Ubuntu VM using 512MB on an AspireOne netbook with 1GB RAM.

 

At the moment 768 MB RAM for the Whonix-Workstation and 128 MB RAM for the Whonix-Gateway. I haven't tested it... With a small host operating system it could work.

You could also try experiment with reducing the 768 MB RAM.

You could also try using a lightweight graphical user interface instead by installing for example LXDE, Xfce or Openbox, they need less RAM.

Standard/Download version are 2 virtual machines running on 1 host.

http://sourceforge.net/p/whonix/wiki/Security/#comparison-of-different-whonix-variants

Not required. Optional. This is at the moment an optional feature for experts called Physical Isolation.
https://sourceforge.net/p/whonix/wiki/PhysicalIsolation/

Adding VPN to the host will look like: user -> VPN -> Tor -> website.

Adding VPN to the Workstation will look like: user > Tor -> VPN -> website.

Adding VPN to the host and to the workstation will look like:
user -> VPN -> Tor -> VPN -> website.

Well, sorry. I can not take position about the statement if a VPN will make Tor more or less anonymous. There are many contradictory statements about this stuff from related experts, such as the Tor or Tails developers. I believe there are use cases, advantages and disadvantages. Ultimately it depends on ones personal threat model.

Here are three good links about this topic:
https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN
https://tails.boum.org/todo/vpn_support/
http://sourceforge.net/p/whonix/wiki/Authorship/#whonix-vpn-disclaimer

The "combine with VPN features" have been added because I saw they were frequently discussed in many places, how can I tunnel a VPN through Tor, how can I tunnel Tor through a VPN and I found it motivating to provide a relatively easy solution. Adding these "features" wasn't much effort, it's more a "textual feature", that's why it's called optional configurations.

https://sourceforge.net/p/whonix/wiki/OptionalConfigurations/

 

@adrelanos

Are you using a "stock" Tor configuration? Are you selecting for fast relays?

Those are lazy questions, I know.

 

Awesome. Thanks.

 

The configuration file has been adjusted for being an isolated and transparent proxy.

https://github.com/adrelanos/Whonix/blob/master/whonix_gateway/etc/tor/torrc

No, it's the stock Tor onion routing mechanism.

 

how to do i install this.

quote
"Quickstart:

1. Download both files.

2. Import them into Virtual Box.

3. Start Whonix-Gateway.

4. Start Whonix-Workstation.

"

it prompt for password

 

managed to get it to work using default password