HiddenVM Project - best solution available?

Hello Whonix Community,

I recently stumbled upon https://github.com/aforensics/HiddenVM. Upon first reading it seems to me like one of the most potent privacy and security solutions there is, however it has almost no publicly available user feedback, so I would love to hear from all of you.

In short, a hidden VeryCrypt volume containing Whonix, Virtualbox and HiddenVM is only mounted in Tails.

Tails is arguably the best anti-forensic solution there is at the moment, whilst Whonix is arguably the most secure and anonymous OS there is. In my eyes, this solution would grant the best of both worlds, plausible deniabilty of Whonix even existing when searched at an airport combined with the incredible usability of Whonix.

Now I know what you may think, this is a hobby project and any modifications of the concepts of Whonix and Tails which are not approved by the developers are dangerous in and of itself. However the scripts are open source and could be subject of intense peer review.

In my humble opinion, the idea of combing VeraCrypt and Tails to run Whonix solves almost all anti-forensic objections I had to Whonix, just imagine running a dummy OS in VeraCrypt, all airport security would find is that OS and a blank Tails USB (doesnt even use persistent storage).

So while you may regard HiddenVM as just another stupid hobby idea, I would love to take this opportunity and just honestly debate about its pros and cons.

Thank you! (Especially to the incredible devs, who are never tired of improving).

Edit by Patrick:
Real link. Change https ://github.com/aforensics/HiddenVM to https://github.com/aforensics/HiddenVM. (New users cannot post links.)

Interesting project. Be sure to check out our recently added live mode which should give you amnesiac operating with Whonix. This is possible both in the VM and outside it on the host:

As for hidden volumes, we’ve concluded it provides marginal benefit under totalitarian regimes that can easily keep torturing or imprisoning you until you yield a passphrase.

Very interesting project indeed.

Here is my take regarding HulaHoops fair points.

I think OP described the following scenario: Run Operating System X and create VeraCrypt Volume A and B, fill Volume A with seemingly secret files and documents, fill Volume B as described by the OP (VB, Whonix, HiddenVM). In case of torture (or less evil situations where one would have to give up password), give up password to Volume A to satisfy adversary. More Psychology than Computer Science but in most cases adversary will be content and the Volume we care about (Volume B) remains untouched and its existence unknown.

Regarding live mode: If the presence of Whonix itself should be hidden, which in many cases might be a reasonable thing to aim for, then only Whonix on a live usb host is worth considering. However, Tails amnesic capabilities > vanilla Debian live host imo. + again psychologically speaking, a clean Tails USB has no secrets, if encrypted USB with Whonix on it is in hands of Adversary, then there is no way out of torture.

The project described by OP makes a lot of sense to me and I will defo take a look at it.

It’s interesting but probably will be unsupported at both, Whonix and Tails

Support here means such as review of technical implementation and/or user support.

Speaking for Whonix, won’t be supported.

For Tails, I cannot speak for them, but from past observence, Tails developers will probably also provide no support this setup.

From my perspective as a Whonix developer it is a bit sad to see development effort “wasted” on a hack, that is running Whonix on top of Tails, while a Live Whonix-Host operating system ISO is already in development, see:

Development effort is best spend on Whonix-Host.

On the other hand, glad someone managed to modify both Whonix and Tails to make use of the customization legal rights, technical customization possibilities and combined in the spirit of Freedom Software / Open Source.

Related needed wiki edit:
Long Wiki Edits Thread


[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]