Comments and thoughts on Whobuntu

I saw an interesting blog post related to Whonix:


WhoBuntu replaces the Whonix workstation. Whobuntu works with Whonix Gateway to establish a Tor connection. The main advantage of WhoBuntu and Whonix are that you are running two different VMs - one for traffic and routing ONLY that has access to the Internet (your Gateway) and one is the machine you use which routes the traffic to the gateway…

Pros Whobuntu developers claim:

Everything Ubuntu Brings with it. Whonix Workstation is based off of Debian 9, which is annoying and not user friendly for many users. WhoBuntu is based off of Ubuntu 18.04 and therefore provides richer repositories, more up to date software, and general ease of use.

Bundled with the OS is Monero, ZCash, and an Electrum Wallet. ZCash is installed system-wide and can be started with zcashd. Monero can be started by finding monerod in the monero folder on the Desktop. Electrum can be started by double clicking the .AppImage file on the desktop. Note that the blockchains need to be downloaded once a wallet is initiated - this could take a while over Tor, so it’s recommended to start immediatement.

Unnecessary or dangerous daemons disabled by default. Apport, for example, provides usage statistics and a memory snapshot of crashed programs. This could potentially be used to deanonymize you so it has been disabled.

Cons Whobuntu developers claim:

  • Whonix Workstation is way smaller than WhoBuntu and has less RAM requirements.
  • Whonix Workstation has been tested extensively
  • Whonix Workstation is based on Debian 9, it has less attack surface and far less daemons running background tasks

Whobuntu Github Repo: GitHub - HyperionGray/whobuntu

My thoughts and comments on Whobuntu:

  • I am glad to see people are interested in Whonix and care to develop an alternative workstation.
  • This effort shows one beautify of the Whonix design: Whonix Gateway is orthogonal to the Whonix Workstation.
  • The pros and cons of using an other distribution or OS as workstation have been explained in details here: Dev/Operating System - Whonix and here: Anonymize Other Operating Systems
  • "Ubuntu is not used as Whonix-Gateway/Workstation operating system for legal reasons and was lately negatively perceived due to privacy issues, so it is recommended against to use it as host operating system as well. "
  • Rather than basing on Ubuntu, Fedora may be a better choice of alternative workstation for public usage (as explained on Whonix wiki).
  • WhoBuntu uses LUKS inside the VM while a better practice may be using LUKS outside of the VM.

As Whonix’s user base grows, it seems only natural that forks will emerge. I am happy, if Whonix, its documentation and/or source code is useful for others so they can build other flavors of it with divergent priorities.

No detail review by me. Had a quick look. Haven’t seen any source code yet. Just a few comments.

How’s the image build? Manually or build script modifications?

I’ve used the opportunity to update Whonix wiki chapter on Ubuntu Legal Issues.
Clarification: while I mention Ubuntu trademark policy, I am not pointing at WhoBuntu.
My position: I find Ubuntu’s trademark policy to be creating huge legal mess I strongly disagree with since it’s counter the spirit of Freedom Software.

The following is tested on VirtualBox v6.0, it is highly recommended to use VirtualBox as it is the only supported OS by Whonix.

VirtualBox is not an OS, it is a virtulaizer. So the sentence should be “The following is tested on VirtualBox v6.0, it is highly recommended to use VirtualBox as it is the only supported virtualizer by Whonix.” - but then this is factually false - Download Whonix ™ (FREE) lists all supported platforms. Not only VirtualBox, also KVM, physical isolation (x86 compatible), RPi3, and Qubes.

First download the Whonix Gateway from the Whonix website.

While Whonix VirtualBox - Unified OVA Downloads - Point Release has improved usability for Whonix, it slightly worsened usability for these instructions. (Without intention. I wasn’t aware of WhoBuntu before now.) Still possible to only import Whonix-Gateway while not importing Whonix-Workstation.


Very interesting development indeed. Always happy to see our work inspire someone else.

A comment. Changing the password is of little use AFAICT because the master encryption key is the same. Unless users go thru the hassle of re-encryption of the image with a fresh key, they are essentially wasting brain cycles doing an ineffective sec measure.


cryptsetup-reencrypt may or may not work (haven’t researched that in
detail myself).

1 Like

I’ve had to use it when I discovered gnome-disks making 128 bit LUKS volumes and I had to upgrade my encryption keys.


I’ve used it a few times before and didn’t have any noticeable issues. This is a while back when I first started using Linux. Unless my password didn’t work or it wouldn’t boot there is no way I could have know if there was an problem. :slight_smile: