Whonix: A High Security Method of Surfing the Internet
Whonix is a desktop operating system designed for advanced security and privacy. Whonix mitigates the threat of common attack vectors while maintaining usability. Online anonymity is realized via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP address leaks. Commonly used applications are pre-installed and safely pre-configured for immediate use. The user is not jeopardized by installing additional applications or personalizing the desktop. Whonix is under active development and is the only operating system designed to be run inside a VM and paired with Tor.
After more than two years of development, the Whonix Project is proud to announce the release of Whonix 14.
Whonix 14 is based on the Debian stretch (Debian 9) distribution which was released in June 2017. This means users have access to many new software packages in concert with existing packages, such as a modern branch of GNuPG, and more. [1][2][3]
Major Changes and New Features
Whonix 14 contains extensive security and usability improvements, new features and bug fixes. For a detailed description of these and other changes, please refer to the official release notes. [4]
- Rebased Whonix on Debian stretch (Debian 9).
- Whonix 14 is 64-bit (amd64) only - 32-bit (i386) images will no longer be built and made available for download. [5]
- The new Anon Connection Wizard [6] feature in Whonix simplifies connections to the Tor network via a Tor bridge and/or a proxy.
- The Tor pluggable transport meek_lite [7] is now supported, making it much easier to connect to the Tor network in heavily censored areas, like China. [8]
- Onioncircuits are installed by default in Whonix. [9]
- Tails’ onion-grater program has been implemented to enable OnionShare, Ricochet and Zeronet compatibility with Whonix. [10]
- Onion sources are now preferred for Whonix updates/upgrades for greater security.
- Reduced the size of the default, binary Whonix images by approximately 50 per cent using zerofree. [11] [12]
- Updated Tor to version 3.3.9 (stable) release to enable full v3 onion functionality for both hosting of onion services and access to v3 onion addresses in Tor Browser.
- Created the grub-live package [13] which can run Whonix as a live system on non-Qubes-Whonix platforms. [14]
- Corrected and hardened various AppArmor profiles to ensure the correct functioning of Tor Browser, obfsproxy and other applications.
Other Changes
- Desktop shortcuts are no longer available in non-Qubes-Whonix. Please use the start menu instead.
Known Issues
- OnionShare is not installed by default in Whonix 14 as it is not in the stretch repository. [15] It can still be manually installed by following the Whonix wiki instructions [16] or building it from source code. [17]
- Enabling seccomp (Sandbox 1) in /usr/local/etc/torrc.d/50_user.conf causes the Tor process to crash if a Tor version lower than 0.3.3 is used. [18] [19]
While there may be other issues that exist in this declared stable release, every effort has been made to address major known problems.
Please report any other issues to us in the forums, after first searching for whether it is already known.
Download Whonix 14
Whonix is cross-platform and can be installed on the Windows, macOS, Linux or Qubes operating systems. Choose your operating system from the link below and follow the instructions to install it.
https://www.whonix.org/download/
Upgrade to Whonix 14
Current Whonix users (or those with 32-bit hardware) who would prefer to upgrade their existing Whonix 13 platform should follow the upgrade instructions below.
What’s Next?
Work on Whonix 15 is ongoing and interested users can refer to the roadmap to see where Whonix is heading. [20]
Developer priorities are currently focused on easing the transition to the next Debian release due in 2019 (“buster”; Debian 10) and squashing existing bugs, rather than implementing new features.
We need your help and there are various ways to contribute to Whonix - donating or investing your time will help the project immensely. Come and talk with us! [21]
References
[1] Debian -- News -- Debian 9 "Stretch" released
[2] Release Notes for Debian 12 (bookworm), 64-bit PC
[3] Release Notes for Debian 12 (bookworm), 32-bit PC
[4] Changelog - Whonix
[5] Whonix 13 users with 32-bit systems can however upgrade their platform by following the available wiki instructions, rather than download new Whonix-WS and Whonix-GW images.
[6] Anon Connection Wizard - Whonix
[7] News - Whonix Forum
[8] Add the "meek_lite" transport, which does what one would expect. · Yawning/obfs4@611205b · GitHub
[9] Debian -- Error
[10] âš“ T657 consider to remove /usr/lib/anon-ws-disable-stacked-tor/controlportfilt.sh
[11] âš“ T790 Reducing the size of raw files
[12] VirtualBox .ova and libvirt qcow2 raw images. The Whonix-Gateway is reduced from 1.7 GB to 850 MB, while the Whonix-Workstation is reduced from 2 GB to 1.1 GB.
[13] Live Mode for Kicksecure
[14] grub-live is optional and requires the user to first enable it manually.
[15] Debian -- Package Search Results -- onionshare
[16] OnionShare - Whonix
[17] https://github.com/micahflee/onionshare/blob/master/BUILD.md#gnulinux
[18] sandbox_intern_string(): Bug: No interned sandbox parameter found for /etc/tor/torrc.d/ (#22605) · Issues · Legacy / Trac · GitLab
[19] Debian -- Error
[20] âš“ Query: Open Tasks
[21] http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion