This is a point release .
Download Whonix for VirtualBox:
Alternatively, in-place release upgrade is possible.
This release would not have been possible without the numerous supporters of Whonix!
- Thunderbird protocol level leak prevention. Replacement for what previously was done by torbirdy. See torbirdy deprecated - replacement required. Ported from Tails to anon-apps-config. Credits: Thanks to Tails for the torbirdy replacement. Thanks @HulaHoop for the port to anon-apps-config.
- enable Debian stable-updates repository by default
- Whonix moving from GitHub to GitLab
- fix packaging issues preventing experimental ppc64el builds
- fix build without using cowbuilder to allow for support to build in more environments. fix building with
- fix Error. Failed bilding Whonix gateway on physical host.
- merge python-guimessages into helper-scripts
- Upgrade monero-gui package to
- update default bridges from https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js
- remove ‘-max 3’ from showflake command
- fix, allow group
consoleto use consoles
- fix, allow group
- updated Tor Browser
- ClientOnionAuthDir /var/lib/tor/authdir
- upgraded LKRG to 0.8.1
- python 3.7 fix if host timezone is set to something other than UTC
- live mod indicator: fix false positive live mode detection
- permit Tor Browser to show improved error pages for onion service errors
- Rebuild using VirtualBox
- Upload VirtualBox
6.1.12to Whonix repository. (Downloaded from virtualbox.org repository.)
- Overcome technical challenges acquiring VirtualBox
6.1.12on Debian buster.
- Install virtualbox-guest-additions-iso by default in new builds beginning from this version. (Related: VirtualBox Guest Additions ISO Freedom vs Non-Freedom)
- vm-config-dist: add usability feature to install VirtualBox guest additions from virtualbox-guest-additions-iso package.
- Rebuild using VirtualBox
- fix https://github.com/QubesOS/qubes-issues/issues/5930
- fix https://github.com/QubesOS/build-issues/issues/1769
dummy-dependencyto fullfill dependency of
- do not start vanguards in template vm
- try fix Setting up anon-base-files shows machine-id prompt followed by "OMINOUS WARNING"
- Set hostname to
localhostfor VM builds. Just a sane default that works with default
/etc/hostswithout warnings about wrong hostname when using
/etc/hostnameis not managed by any configuration package. Feel free to change.
- Unbreak VirtualBox clearnet DNS settings when not using DNSCrypt.
- Disable DNSCrypt by default for now due to issues. Potentially re-introduced later as an opt-in package. See Use DNSCrypt by default in Kicksecure? (not Whonix!)
Full difference of all changes
Whonix is being used by Edward Snowden, journalists such as Micah Lee, used by the Freedom of the Press Foundation and Qubes OS. It has a 8 years history of keeping its users safe from real world attacks. 
The split architecture of Whonix relies on leveraging virtualization technology as a sandbox for vulnerable user applications on endpoints. This is a widely known weakness exploited by entities that want to circumvent cryptography and system integrity. Our Linux distribution come with a wide selection of data protection tools and hardened applications for document/image publishing and communications. We are the first to deploy tirdad, which addresses the long known problem of CPU activity affecting TCP traffic properties in visible ways on the network and vanguards, an enhancement for Tor produced by the developers of Tor, which protects against guard discovery and related traffic analysis attacks. Live Mode was recently added. We deliver the first ever solutions for user behavior masking privacy protections such as Kloak. Kloak prevents websites from recognizing who the typist is by altering keystroke timing signatures that are unique to everyone.
In the future we plan to deploy a hardened Linux kernel with the minimal amount of modules needed to get the job done, an apparmor profile for the whole system, as well as LKRG, the Linux Kernel Runtime Guard.
- https://twitter.com/Snowden/status/1165607338973130752 [archive]
- https://twitter.com/snowden/status/781495273726025728 [archive]
- https://twitter.com/Snowden/status/1175435436501667840 [archive]
- Micah Lee, Journalist and Security Engineer at The Intercept and Advocate for Freedom of the Press, Developer of OnionShare and Tor Browser Launcher. [archive]
- SecureDrop Journalist Workstation environment for submission handling is based on Qubes-Whonix [archive]
- https://en.wikipedia.org/wiki/Whonix [archive]
- https://www.qubes-os.org [archive]
- Whonix Protection against Real World Attacks