Major Updates for Qubes + Whonix!

[html]

Hello everyone, WhonixQubes here. :D

I wanted to finally update you on some major updates with the Qubes + Whonix platform that have been accomplished over the past few months.

TLDR Summary:

Qubes + Whonix is the seamless combination of Qubes OS and Whonix OS for best-in-class Security + Anonymity.

The Qubes + Whonix port has been fundamentally upgraded to a native seamless architecture (ProxyVM + AppVM).

Qubes + Whonix is now easy to install (Install Guide available on the wiki) and most all of the past usability issues have been fixed.

We now have upstream integration into the Qubes codebase and templates repository.

We now have newly updated documentation guides on our wiki with more to come soon.

Based on Qubes OS R2 and Whonix OS 9.6, the current newly released versions of the new Qubes + Whonix RPM templates is 2.1.8 and DEB updates package is 9.6.2.

Qubes + Whonix Primary Sources:

- Wiki: whonix.org/wiki/Qubes

– Forum: whonix.org/forum/Qubes

– Blog: whonix.org/blog/Qubes

– Tracker: whonix.org/tracker/Qubes

Full Version:

First: What is Qubes + Whonix all about?

Qubes OS (qubes-os.org) is one of the most secure OS architectures you will ever encounter that is able to withstand greater attack due to its advanced isolation properties.

Whonix OS (whonix.org) is a Tor-based virtual machine OS for anonymizing all of your traffic through Tor in a meaningfully more optimal and secure way than normal.

Qubes + Whonix is the seamless combination of Qubes OS and Whonix OS for best-in-class Security + Anonymity.

New Architecture:

Last year, I accomplished the first port of Whonix OS over to Qubes OS.

Now, with big thanks to nrgaway, we have a new — much improved — seamless combination of Qubes + Whonix.

The new Qubes + Whonix is a much more natively integrated, seamless and easy to use combination of Qubes + Whonix.

Instead of the old TwoHVM architecture, we now make use of a seamless ProxyVM + AppVM architecture.

The Whonix-Workstation is installed as an AppVM in Qubes, which is where your user applications reside, and all of their traffic gets forced through the separate Whonix-Gateway Tor ProxyVM.

The Whonix-Gateway is installed as a ProxyVM in Qubes, which is where your Tor connection proxy resides, and is securely isolated so that malware can’t simply circumvent your Tor connection to easily find out your real identity, as it can with other Tor systems.

With the new architecture, we have seamless GUI desktop integration with Qubes OS.

And we have Qubes tools integration that allow for things like easy-and-secure copy/paste as well as easy-and-secure file moving between VMs.

From the base TemplateVMs, you can dynamically generate as many Whonix VMs as you please, to use simultaneously, for more optimal anonymous workspace isolation.

The new native port architecture of Qubes + Whonix is much more useful.

Upsteam Integration and Install/Updates:

The Qubes team has enjoyed our work on Qubes + Whonix and we now have upstream integration in the Qubes codebase and templates repository.

This also means that installation is very easy to do via the RPM packages (Install Guide available on the wiki).

Also, much of the Qubes + Whonix code has been moved out of the Qubes template builder codebase to an independent Whonix package called “qubes-whonix”.

This qubes-whonix package will now allow us to push more convenient updates to Qubes + Whonix without always needing to rebuild and reinstall the underlying TemplateVMs.

So install and update are much improved.

Qubes + Whonix Packages:

There are now three packages specific to the Qubes + Whonix platform now:

- Whonix-Gateway TemplateVM which comes as a RPM package in Qubes and is currently at version 2.1.8.

- Whonix-Workstation TemplateVM which comes as a RPM package in Qubes and is currently at version 2.1.8.

- qubes-whonix which comes as a DEB updates package in Whonix and is currently at version 9.6.2.

These current versions are based on Qubes OS R2 and Whonix OS 9.6.

New and Improved Documentation:

We have new documentation for Qubes + Whonix on our wiki (whonix.org/wiki/Qubes).

Here you can learn more about the platform and get some primary guides on how to work with Qubes + Whonix.

The new documentation was just recently launched and more is being added throughout the near-term future.

To learn more, go check it out the wiki documentation for yourself.

Also, the general Whonix wiki has extensive knowledge available about optimizing your Tor-based anonymity.

So, if you want to supercharge your Security + Anonymity, then feel free to try out Qubes + Whonix.

Also, if you’ve got skills, feel free to get in touch and join in on the development effort of the Qubes + Whonix platform.

More improvements coming soon.

Thanks everyone! :D

WhonixQubes

Qubes + Whonix Primary Sources:

- Wiki: whonix.org/wiki/Qubes

– Forum: whonix.org/forum/Qubes

– Blog: whonix.org/blog/Qubes

– Tracker: whonix.org/tracker/Qubes


[/html]

awesome dude keep it up :wink: 8)

You know it! :wink:

yeaahhhhhh, baby!

w00t w00t w00t!

Whonix Qubes just seems like the next MAJOR step forward for Whonix, right??

For anyone whose highest priorities are privacy, anonymity and security, Qubes seems only a logical choice.

Let’s stick it to the man and show them they can’t control us, abuse us or spy on us so easily! Let them get off their fat a$$es in Utah and do REAL spying on us if they trully think we’re terrorists!

Thank you so much WhonixQubes for doing this - I will eagerly follow ongoing updates and thoroughly check it out some time soon. So exciting!

I suppose though for whonix to remain as accessible as possible it’s crucial the existing ‘virtualbox VM’ flavor is there for people to use Whonix on Macs, Windows, existing Linux hosts, Solaris etc- that’s equally as crucial. but also crucial we push forward the state of the art for people capable to use Whonix in THE most secure way possible!! And even then, the easier possible for even non geeks to use Qubes (with Whonix) as their main computing platform, the better. Let’s GUI it up.

I’m also hoping that this can mean slimmer usage of resources (would this be correct, compared to Debian Gnome host + Whonix VirtualBox guest?). Especially as I actually use more than one Whonix-workstation (and might even move to two Gateways) for multiple profiles that have different use cases and thus threat model paradigms. And also because, I am planning to shift to exclusively doing all computing in Whonix, like forever. Qubes I am hoping makes this idea feasible (even on low spec / very old hardware) by its inherent design. What do you think?

THANK YOU.

You’re welcome! And much thanks also goes to others involved, Patrick, nrgaway, Qubes devs, etc. :smiley:

I believe so.

Very much agree.

Definitely, more good stuff to come in the future!

Yes.

Innovating on the bleeding edge of security + anonymity is very important.

Innovating on the usability of security + anonymity for everday people is important too.

Take a look at the new Qubes roadmap…

Qubes currently runs on Xen, a Type 1 hypervisor, that is installed onto the bare metal.

With upcoming future versions of Qubes, it will become possible to run Qubes like Type 2 hypervisor, and have it installed on top of other existing OSes.

So, with higher security and easier file transfer, etc, Qubes might become a primary replacement for VirtualBox on existing host OSes.

And it seems that the Qubes devs are now planning to build Whonix into the primary Qubes installer and UI to have Whonix Tor capabilities “out of the box”.

I’m working on some bleeding edge security + anonymity projects too for advanced use.

Qubes should probably provide you with VM environments with somewhat slimmer resource needs.

Make sure that you have the necessary hardware capabilities for hardware enforced security isolation.