Download

• Download Whonix (FREE)
  • VirtualBox: Whonix for Windows, macOS, Linux inside VirtualBox
  • KVM: Whonix for KVM
  • Qubes: Qubes-Whonix 18 Released! Major Release Upgrade!

(What is a release upgrade?)

Upgrade

Alternatively, an in-place release upgrade is possible using the instructions: Release Upgrade Whonix 17 to Whonix 18

This release would not have been possible without the numerous supporters of Whonix!

Please Donate!

Please Contribute!

Major Changes

• updated Kicksecure: Kicksecure 18 Released! Major Release Upgrade! - News - Kicksecure Forums
• Anti-Keystroke and Mouse Deanonymization
  • Better mouse obfuscation (with even more improvements coming soon)
  • Non-Qubes-Whonix:
    • Complete rewrite of Kloak. (Because original Kloak was X11 only.)
    • Wayland capable. (Actually, Wayland-only.)
    • GitHub - Whonix/kloak: anti keystroke deanonymization tool
• Qubes-Whonix:
  • Qubes Event Buffering available and enabled by default in Qubes R4.3 (and above).
• add IPv6 support
• enable user-sysmaint-split also on Whonix-Gateway by default
• install nmap by default (contains nping) (TCP based ping utility) useful for debugging network issues (forum discussion: Ping operation permitted?)
• When not using user-sysmaint-split: Do not auto-launch sysmaint-panel in Whonix-Gateway anymore. (sysmaint-panel will still autostart when booting into sysmaint session.)
• Package tb-default-browser functionality was merged into open-link-confirmation.

Changelog up to 18.0.8.7

• anon-gw-anonymizer-config:
  • Tor configuration: DormantTimeoutEnabled 0
• anon-meta-packages:
  • Move tor-ctrl from whonix-general-cli to dist-general-cli
• kloak:
  • Discard libinput events we can’t handle earlier (necessary for scroll event batching to work correctly)
  • Turn magic numbers in scroll calculations into defines
  • Fix incorrect scroll axis value being used for horizontal scrolling
  • Rework scroll event handling for better anonymity and to allow sending discrete scroll events
• qubes-whonix:
  • Add Requires/After on qubes-qrexec-agent.service to qubes-whonix-remote-support.service (from ChatGPT Codex)
• Whonix-Installer:
  • Integrate Hyper-V disable script into Whonix-Installer
  • Miscellaneous improvements, mostly to error handling.

Changelog up to 18.0.7.5 (testers-only version)

• anon-gw-anonymizer-config:

  • anon-gw-anonymizer-config.service: start After qubes-whonix-network.service
  • Move to helper-scripts repair-torrc
  • Use systemd-tmpfiles for better performance
  • Use systemd-networkd-wait-online instead of tor-wait-for-network
  • In /usr/libexec/anon-gw-anonymizer-config/tor-wait-for-network: wait until all IPv6 addresses on an interface are bindable
  • In /usr/libexec/anon-gw-anonymizer-config/tor-wait-for-network: verify that the network interface is actually bindable
  • Conditionally disable IPv6 only after waiting for IPv6 to become available
  • Run tor-wait-for-network also in non-Qubes environments
  • Fix Privleap configuration
  • Add explanation of the IPv6 wait mechanism to tor-wait-for-network
  • Rewrite tor-wait-for-network to include IPv6 checks
  • Merge tor-whonix-gw-setup.service into anon-gw-anonymizer-config.service
  • Prevent Tor from listening on IPv6 addresses if IPv6 is unavailable
  • Allow the network enough time to initialize before starting Tor
  • Switch to using deb822 sources
  • Add IPv6 ports to 65_gateway.conf
  • Add VirtualAddrNetworkIPv6
  • Update comments to reflect config changes
  • Enable IPv6

• anon-gw-base-files:

  • Tell user how to exit a GRUB submenu
  • Remove the network icon from desktop
  • Use lock-screen from helper-scripts for screen locking
  • add lock-screen background
  • remove redundant Waybar battery widget
  • Move Waybar configuration for sysmaint sessions into *-base-files packages
  • Remove /xdg/autostart/sysmaint-panel.desktop and related conffiles
  • Disable thumbnails in PCManFM-Qt and fix PCManFM-Qt config in sysmaint sessions
  • Add Swaylock configuration for Whonix-Gateway
  • Remove volume controls from Whonix-Gateway
  • Enable sdwdate_gui_server in Whonix-Gateway qubes

• anon-meta-packages:

  • Switch the default image viewer from lximage-qt to loupe
  • Adjust dependencies for the security-misc split
  • Merge qubes-whonix metapackages into main metapackages
  • Fix spacing and add Breaks/Replaces against Xfce metapackages
  • Correct incorrect package dependencies
  • Restructure metapackages for better clarity
  • Switch desktop environment to LXQt
  • Do not install USBGuard by default in Whonix.

• anon-ws-base-files:

  • Tell user how to exit a GRUB submenu
  • Remove the network icon from desktop
  • Use lock-screen from helper-scripts for screen locking, add lock-screen background, remove redundant Waybar battery widget
  • Move Waybar configuration for sysmaint sessions into *-base-files packages
  • Disable thumbnails in PCManFM-Qt and fix PCManFM-Qt config in sysmaint sessions
  • Add Swaylock configuration for Whonix-Workstation sessions

• anon-ws-disable-stacked-tor:

  • Performance: Remove qubes-whonix-sysinit.service. Replaced using systemd conditions.
  • Ensure /etc/apparmor.d/abstractions/tor always exists
  • Add abstractions/tor file from Tor to fix apparmor.service startup
  • Make Tor Browser use IPv6 if available
  • Create IPv6 IPC UNIX sockets
  • Use light_sleep instead of sleep
  • Get systemd-socket-proxyd working with IPv6 proxy support
  • Add separate GATEWAY_IP6 variable
  • Add IPv6 listening sockets

• kloak:

  • Make the cursor color completely transparent by default
  • Disable cursor drawing if the cursor color is fully transparent
  • Remove unsafe sanitizer compiler flags; add back -ftrapv to prevent undefined behavior on signed overflow
  • Add natural scrolling support
  • Try to fix AppArmor installation issues
  • Change default escape key combination to KEY_RIGHTSHIFT,KEY_ESCAPE
  • Fix syntax issues, improve startup timing, and avoid spamming logs when no compositor is found
  • Improve error reporting in find_wl_compositor
  • Add missing CLOEXEC flag, make shared-memory file creation safer
  • Add CLOEXEC hardening to file descriptors
  • Reduce CPU usage during idle by avoiding constant rapid polling
  • Add compositor feature checks
  • Sandbox find_wl_compositor script
  • Split Wayland compositor autodetection into a Python script, tighten sandbox on core kloak binary, and update related documentation
  • Remove dependency on libudev; use inotify for input device hotplug instead

• qubes-whonix:

  • Remove no longer required Before= dependencies from qubes-whonix-postinit.service
  • Remove qubes-whonix-sysinit.service and slightly optimize qubes-whonix-postinit.service startup for Whonix-Gateway
  • Clean up systemd After= settings; qubes-whonix-postinit.service no longer runs on Whonix-Gateway
  • Remove mentions of no longer used rinetd service
  • Delete /usr/lib/systemd/system/whonix-initializer.service.d/40_qubes.conf (as whonix-initializer.service no longer exists)
  • Clean up file layout and tailor replaced files between gateway, workstation, and template
  • Replace-ips script: skip execution inside Template qube (not needed), and report mode detection failures (Gateway, Workstation or Template)
  • Use try-wait-for-tor-service-running in UpdatesProxy.anondist
  • Override UpdatesProxy configuration to remove exit-on-service-eof=true
  • Add socat as a dependency
  • Ensure updates to sys-whonix wait until Tor is running before proceeding
  • Avoid duplicate replace-ips script runs during boot on Whonix-Gateway
  • Fix shellcheck warnings and cleanup regex in replace-ips script (avoid replacing IPs in comments)
  • Update package rename: thunderbird-qubes to qubes-thunderbird
  • Add IPv6 addresses replacement logic and mention IPv6 in comments

• uwt:

  • Do not warn about disabled stream isolation in dnf-3 wrapper
  • Attempt to wait for Tor startup in dnf-3 wrapper via Privleap
  • Fix curl wrapper: add proxy argument injection for dnf-3 wrapper
  • In curl.anondist: respect UWT_DEV_PASSTHROUGH=1 environment variable
  • Drop missing dependency on pwgen
  • Add missing redirect to stderr when needed
  • Disable curl stream isolation if Tor proxy is unreachable
  • Fix handling of loopback addresses in curl
  • Use stricter shell options in time_privacy
  • Reinstate curl wrapper integration with uwtwrapper
  • Rework curl wrapper for improved reliability

• whonix-firewall:

  • Fix IPv6 autoconfiguration and add support for Qubes IPv6 addresses
  • Adjust LOCAL_NET_IP6 and include Qubes IPs in firewall rules
  • Switch loopback network definition from 127.0.0.0/24 to 127.0.0.0/8
  • Add support for Non-Qubes-Whonix-Gateway IP to destination list

• whonix-gw-network-conf:

  • Enable IPv6 autoconfiguration (where supported)
  • Temporarily comment out inet6 auto where current configuration does not support it
  • Add IPv6 address assignment logic

• whonix-ws-network-conf:

  • Add IPv6 address assignment logic

• qubes-template-whonix:

  • Enable user-sysmaint-split on Whonix-Gateway
  • Fix metapackage naming and switch to trixie-developers repository to avoid clobbering Kicksecure package lists
  • Use pcmanfm-qt instead of Thunar as default file manager
  • Remove deprecated call to apt-key, as it is no longer available in Debian 13
  • Port desktop environment to LXQt
  • Switch to deb822 sources for package lists

• Whonix-Installer:

  • Add Hyper-V disable and “undo-disable” scripts for Windows environments (This is not yet executed by Whonix-Windows-Installer. Will be in the next version.)
  • Improve Hyper-V disable helper scripts with warnings and detailed logs
  • Restructure EnsureExePath, add try...finally logic for robustness
  • Remove deprecated code paths
  • Add constant BYTE_COUNT definition for 1024 * 1024 for readability
  • Inform user about availability of debug mode during installation

Full difference of all changes

https://github.com/Whonix/derivative-maker/compare/17.4.4.6-developers-only…18.0.8.7-developers-only

(This forum post was previously a call for testers. No release critical bugs where found during the testing period. This forum post was therefore transformed into a stable release announcement. See edit history.)

A post was merged into an existing topic: Qubes-Whonix 18 for Qubes R4.3 - Major Release - Testers Wanted!

Testing 18.0.7.5 in VirtualBox. torbrowser has crashed many times when browsing around websites making it unusable. can not open several tabs without full browser crash. did not happen in 17.x under any use scenario. Please more stability testing. Two things jump out as me as a problem as well. No more mouse wheel use in torbrowser, and can not save logins/passwords inside torbrowser even when changing the setting to allow this. whonix devs please balance security with usability, some features compromise ease of use to very high degree I think many users would want more options to customise the experience more instead of forced to use severely crippling settings. every user knows what level of security is best for their use case, too many inconveniences hardcoded into the whonix experience in more recent releases

Whonix 18.0.7.5 tested in Virtualbox and the only problems so far is that Tor browser is buggy and there is no GUI for GPG unless I’m mistaken. Also I couldn’t find Kleopatra in “manage software” in SYSMAINT either… More testing to come.

Likely a Tor Browser bug. You might try using Tor Browser on vanilla Debian 13 to see how it behaves, and see if you can reproduce the issues there.

Known issue, a fix has already been created but hasn’t yet been pushed to the trixie repository. You can enable trixie-testers to get the fix now. (The issue was caused by a bad interaction betwen kloak and Tor Browser, it was able to be fixed in kloak.)

Also possibly a Tor Browser bug, or possibly user error. Are you booting into PERSISTENT Mode - USER Session?

This is a testing release for a reason Testing releases have rough edges that need smoothed out. You, and other testers, help us find them so we can smooth them out.

Unfortunately the GPG UI we were using previously, GPA, was removed from Debian 13 and thus was no longer available for us to ship with Whonix. See:

Did you click Check for Updates first? The apt software lists in fresh Whonix VMs are empty, and are expected to be populated either automatically by updatecheck, or manually by clicking Check for Updates in the system maintenance panel. Try doing that, then you should be able to find Kleopatra using Manage Software.

Unfortunately I wasn’t able to “find” Kleopatra in software manager either, even after the newest updates. I also tried to install gimp and inkscape through SM and kept getting the same errors…. “Error: Package ‘inkscape’ has no installation candidate“ and was unsuccessful.

I was successful installing all 3 apps via cli flatpak.

I don’t have any problem installing Kleopatra after installing software updates, though I do have to ensure I type kleopatra into the package name field rather than Kleopatra, as apt package names are case-sensitive. Finding a package works with uppercase Kleopatra, but installing it fails.

Screenshot_20251207_200811788×908 81.6 KB

Screenshot_20251207_200839788×908 50.6 KB

Screenshot_20251207_200859788×908 82.3 KB

Screenshot_20251207_200920788×908 93.4 KB

Screenshot_20251207_201326871×732 74.5 KB

A quick test shows that there are no apt packages in Debian or Kicksecure that contain capital letters in them (apt list | cut -d'/' -f1 | grep '[A-Z]' outputs zero packages), so perhaps we could make the package installation mechanism change the package name to all-lowercase before attempting to install it.

It might also be possible to detect when the apt lists are empty, and run apt update before a software management operation if so.

Here’s how to fix the lags:

sudo systemctl stop kloak

Consider reading through Keystroke and Mouse Deanonymization before doing this, since this will make you substantially easier to fingerprint. This is not a theoretical risk, software that fingerprints keyboard and mouse activity on websites is commercially available and widely deployed.

The “lag” you’re experiencing is most likely the result of mouse event combination in kloak, which was newly introduced. Quoting from the wiki (emphasis mine):

The time between key press and release events are typically used to identify users by their typing behavior. The pattern of mouse movements and clicks can be used in a similar fashion. kloak obfuscates these time intervals and patterns by introducing a random delay between the physical input events and the arrival of input events at the application, for example a web browser. For mice, the number of input events is also obfuscated by combining many small mouse move events into a few mouse jumps. This also obfuscates the exact shape of the mouse movement path.

This is prioritizing anonymity over usability to some extent, but given the great risk of fingerprinting without a mechanism like this, it’s probably worth it.

I noticed that the Tor Browser icon does not appear when it’s open in the panel’s “Task Manager.” Instead, it shows a generic gear icon.

This is resolved by adding the line StartupWMClass=Tor Browser in the file /usr/share/applications/janondisttorbrowser.desktop with root access.

Then, restart the lxqt-panel to see the change.

pkill lxqt-panel

ALT+F2 lxqt-panel

By the way, is it possible to see the WM_Class somehow in Whonix 18?

That should theoretically be possible, since that’s a file Whonix ships.

Not sure, I don’t really know what WM_Class is referring to. We’re using labwc as our Wayland compositor, which is wlroots-based, so if this has something to do with the window manager or display server, maybe those are hints that could work? The packages we’re using are from Debian, so however you’d do that on Debian, should work on Whonix too.

Thank you. This fix will be included in 18.0.8.5 (and above).

Performing more tests. fresh installed 18.0.8.5 in VB. tried to open and extract various passworded archives, does not seem to work; either does not prompt for password in some or claims “archive type not supported” in others. 7z and rar files tested so far. please test for this?

Might be an lxqt-archiver limitation. If you install xarchiver from the archives, does it work? (It might also be the result of missing packages. I can do some tests to find out.)

Edit: Just finished testing. I can open and view the contents of password-protected 7zip archives without problems. lxqt-archiver unfortunately instantly crashes with RAR files, whether password-protected or not. This is a bug in Debian Trixie itself, not in Whonix, and has been reported to Debian.

We don’t have the manpower needed to test every use case. Testing releases provide an opportunity for people to help us

I’m experiencing frequent freezes on Whonix 18.0.7.6. These freezes render the entire system unresponsive, and the only solution is to restart the VM. The journalctl logs show that the most recent entries are related to kloak.

Dec 10 03:54:41 host kloak[1716]: libinput error: client bug: timer event2 debounce short: scheduled expiry is in the past (-639ms), your system is too slow
Dec 10 03:54:41 host kloak[1716]: libinput error: client bug: timer event2 debounce: scheduled expiry is in the past (-626ms), your system is too slow
Dec 10 03:54:41 host kloak[1716]: libinput error: client bug: timer event2 debounce: scheduled expiry is in the past (-638ms), your system is too slow
Dec 10 03:54:34 host rtkit-daemon[1625]: Supervising 10 threads of 7 processes of 1 users.
Dec 10 03:54:34 host rtkit-daemon[1625]: Successfully made thread 8150 of process 8038 owned by '1000' RT at priority 10.
Dec 10 03:54:34 host rtkit-daemon[1625]: Supervising 9 threads of 6 processes of 1 users.
Dec 10 03:54:34 host rtkit-daemon[1625]: Supervising 9 threads of 6 processes of 1 users.
Dec 10 03:54:28 host rtkit-daemon[1625]: Supervising 9 threads of 6 processes of 1 users.
Dec 10 03:54:28 host rtkit-daemon[1625]: Supervising 9 threads of 6 processes of 1 users.
Dec 10 03:54:28 host rtkit-daemon[1625]: Supervising 9 threads of 6 processes of 1 users.
Dec 10 03:54:28 host rtkit-daemon[1625]: Supervising 9 threads of 6 processes of 1 users.
Dec 10 03:54:28 host rtkit-daemon[1625]: Supervising 9 threads of 6 processes of 1 users.
Dec 10 03:54:28 host rtkit-daemon[1625]: Supervising 9 threads of 6 processes of 1 users.
Dec 10 03:54:27 host rtkit-daemon[1625]: Supervising 9 threads of 6 processes of 1 users.
Dec 10 03:54:27 host rtkit-daemon[1625]: Supervising 9 threads of 6 processes of 1 users.

I thought the issue might be related to KeePassXC, but the system froze even when it wasn’t running. Increasing the RAM to 4 GB doesn’t seem to resolve it.
I didn’t have this issue with Whonix 17. My host system has 16 GB of RAM.

The log entries don’t indicate to me that kloak is the cause, but rather that kloak is experiencing slowdowns like everything else is. (That error message doesn’t actually come from kloak, but from libinput itself.)

What host OS are you using? If you’re on Windows, Hyper-V might be causing the slowdowns. See:

When opening the Tor Browser’s file dialog during my tests, I noticed that if you click anywhere in the dialog other than the “OK” button after the permission-denied message appears, the Tor Browser becomes unresponsive.
This might be a bug in Tor Browser. I don’t remember having this issue on Whonix 17.

image1239×932 26 KB

Does Navigating Tor Browser Downloads help?

The “permission denied” window might be hiding underneath all other windows. Can you move aside windows to uncover it, or Alt+Tab to it?