This is a point release .
Download Whonix for VirtualBox:
Alternatively, in-place release upgrade is possible.
This release would not have been possible without the numerous supporters of Whonix!
Please Donate!
Please Contribute!
Notable Changes
Whonix:
- Thunderbird protocol level leak prevention. Replacement for what previously was done by torbirdy. See torbirdy replacement. Ported from Tails to anon-apps-config. Credits: Thanks to Tails for the torbirdy replacement. Thanks @HulaHoop for the port to anon-apps-config.
- enable Debian stable-updates repository by default
- Whonix moving from GitHub to GitLab - #6 by markolind
- fix packaging issues preventing experimental ppc64el builds
- fix build without using cowbuilder to allow for support to build in more environments. fix building with
export make_use_cowbuilder=false
- fix Error. Failed bilding Whonix gateway on physical host.
- merge python-guimessages into helper-scripts
- Upgrade monero-gui package to
0.16.0.3
. - anon-connection-wizard
- update default bridges from https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js
- remove ‘-max 3’ from showflake command
- security-misc:
- fix, allow group
sudo
andconsole
to use consoles
- fix, allow group
- updated Tor Browser
- ClientOnionAuthDir /var/lib/tor/authdir
- upgraded LKRG to 0.8.1
- sdwdate:
- python 3.7 fix if host timezone is set to something other than UTC
- live mod indicator: fix false positive live mode detection
- permit Tor Browser to show improved error pages for onion service errors
Whonix VirtualBox:
- VirtualBox
6.1.12
upgrade.- Rebuild using VirtualBox
6.1.12
. - Upload VirtualBox
6.1.12
to Whonix repository. (Downloaded from virtualbox.org repository.) - Overcome technical challenges acquiring VirtualBox
6.1.12
on Debian buster.- Install virtualbox-guest-additions-iso by default in new builds beginning from this version. (Related: VirtualBox Guest Additions ISO Freedom vs Non-Freedom)
- vm-config-dist: add usability feature to install VirtualBox guest additions from virtualbox-guest-additions-iso package.
- Rebuild using VirtualBox
Qubes-Whonix:
- fix Networks VMs are restarting themselves without valid reason · Issue #5930 · QubesOS/qubes-issues · GitHub
- fix Build failed: template for vm (4.1 buster+whonix-workstation+minimal+no-recommends) · Issue #1769 · QubesOS/build-issues · GitHub
- allow
dummy-dependency
to fullfill dependency ofqubes-core-agent-passwordless-root
- do not start vanguards in template vm
- try fix Setting up anon-base-files shows machine-id prompt followed by "OMINOUS WARNING"
Kicksecure:
- Set hostname to
localhost
for VM builds. Just a sane default that works with default/etc/hosts
without warnings about wrong hostname when usingsudo
./etc/hostname
is not managed by any configuration package. Feel free to change. - Unbreak VirtualBox clearnet DNS settings when not using DNSCrypt.
- Disable DNSCrypt by default for now due to issues. Potentially re-introduced later as an opt-in package. See Use DNSCrypt by default in Kicksecure? (not Whonix!)
Full difference of all changes
https://github.com/Whonix/Whonix/compare/15.0.1.3.4-developers-only...15.0.1.4.8-developers-only
About Whonix
Whonix is being used by Edward Snowden, journalists such as Micah Lee, used by the Freedom of the Press Foundation and Qubes OS. It has a 8 years history of keeping its users safe from real world attacks. [1]
The split architecture of Whonix relies on leveraging virtualization technology as a sandbox for vulnerable user applications on endpoints. This is a widely known weakness exploited by entities that want to circumvent cryptography and system integrity. Our Linux distribution come with a wide selection of data protection tools and hardened applications for document/image publishing and communications. We are the first to deploy tirdad, which addresses the long known problem of CPU activity affecting TCP traffic properties in visible ways on the network and vanguards, an enhancement for Tor produced by the developers of Tor, which protects against guard discovery and related traffic analysis attacks. Live Mode was recently added. We deliver the first ever solutions for user behavior masking privacy protections such as Kloak. Kloak prevents websites from recognizing who the typist is by altering keystroke timing signatures that are unique to everyone.
In the future we plan to deploy a hardened Linux kernel with the minimal amount of modules needed to get the job done, an apparmor profile for the whole system, as well as LKRG, the Linux Kernel Runtime Guard.
[1]
- https://twitter.com/Snowden/status/1165607338973130752 [archive]
- https://twitter.com/snowden/status/781495273726025728 [archive]
- https://twitter.com/Snowden/status/1175435436501667840 [archive]
- Micah Lee, Journalist and Security Engineer at The Intercept and Advocate for Freedom of the Press, Developer of OnionShare and Tor Browser Launcher. [archive]
- SecureDrop Journalist Workstation environment for submission handling is based on Qubes-Whonix [archive]
- History
- Whonix - Wikipedia [archive]
- https://www.qubes-os.org [archive]
- Whonix Protection against Real World Attacks