Whonix claims to be the most secure and private platform to exist, ever. It is a Linux distribution that is based on the already highly secure Kicksecure OS. Its primary function is to provide a user with custom security features and anonymity as it routes data through a TOR gateway running Debian.
Whonix consists of two virtual machines and can be installed on various Linux distros. There are several methods to install Whonix on Linux, including the use of virtualization software like VirtualBox or KVM. For more details on the installation methods, scroll down.
Table Of Contents
What Is Whonix?
Whonix is a free, open-source distribution that favors advanced security and privacy features. It is an anonymous OS that routes all the incoming and outgoing internet traffic via a TOR network to ensure security. Whonix relies on a reconfigured version of Debian called Kicksecure and also provides a layer of protection from malware and prevents issues such as IP leaks. It is based on virtualization that combines two VMs, Whonix-Workstation and Whonix-Gateway and is ideal for maintaining online anonymity and security.
Whonix Use Cases:
Whonix is a great solution for most online threats as it can enhance your security and privacy and provide you with much-needed anonymity. As such, there are a few use cases for Whonix, such as:
- Anyone who fears online surveillance or threats such as Trojans or system backdoors can rely on Whonix as its anti-malware and anti-exploit modifications can help with that.
- Those who report crimes can stay anonymous with the help of Whonix, as its anonymous internet can prevent any identity correlation between social media and other online use.
- Political activism can also benefit from the use of Whonix. The network can’t be analyzed by simply targeting the user’s ISP.
- If you are living in a repressive environment, then surely Whonix can help a lot. It is very easy to set up and offers advanced configurations that ensure users even those living in a censorship state can fully access the internet desktop-wide.
Cyberthreat and Whonix
The following table highlights the various cyber threats, their impact on your privacy, and how Whonix can help.
Cyberthreats | Impact | Whonix |
---|---|---|
IP Tracking | IP is directly tied to a user’s real identity and thus IP tracking can give up the user’s real physical location. | Offers IP cloacking via TOR which is very reliable for hiding your real IP. |
Browser Fingerprinting | It is an advanced cyber threat that can track your activity even when you obfuscate your IP address. | Since you are running the internet via TOR, there is no threat from browser fingerprinting. |
Time Attacks | Your computer’s uptime can also give away your identity. | The Boot Clock Randomizer feature alongside secure network time synchronization helps prevent time attacks. |
Personal Typing Fingerprinting | Every person has a unique style of typing, or using words online which can be tracked to figure out an online profile of the user. | Whonix offers Kloak which is a keystroke anonymizer. |
Install Whonix On Linux:
Now, you can use any of the following methods to install Whonix on your Linux distribution in easy steps. All you have to do is follow the instructions provided below.
Before proceeding with the installation, do note that: Whonix Linux Installer for VirtualBox is only supported for Debian, Fedora, and their derivatives (such as Ubuntu, CentOS, RedHat, or Kicksecure).
Method 1. Install Whonix On Linux Via Installer for VirtualBox
VirtualBox is a free, open-source virtualization software that allows users to create virtual environments and VMs. Thus, you can use VirtualBox to install and run multiple OSes simultaneously on the same machine without any additional hardware.
VirtualBox is a cross-platform service and can run on Windows, macOS, and most Linux distributions. The most efficient method to install Whonix is by using VirtualBox. You can easily install VirtualBox with an Installer. Here’s how:
Step 1. First, download the Linux Installer
curl --tlsv1.3 --output whonix-xfce-installer-cli --url https://www.whonix.org/dist-installer-cli
Step 2. Then run the installer.
bash ./whonix-xfce-installer-cli
Step 3. Start Whonix by double-clicking the Whonix-Gateway and Whonix-Workstation.
Method 2. Using Kicksecure To Run Whonix On Linux
Kicksecure is a Debian-based Linux OS that offers a secure computing environment. You can use Kicksecure to install and run Whoinx on Linux.
If you want Whonix with Xfce
Whonix-xfce-installer-cli
If you want Whonix with CLI
Whonix-cli-installer-cli
Method 3. Install Whonix On Linux Using VirtualBox
Step 1. First, Install VirtualBox:
On Debian/Ubuntu:
Step 1.1 – Now, update the APT repository:
sudo apt update
Step 1.2 – Then, install Virtualbox:
sudo apt install virtualbox
On Fedora
sudo dnf install virtualBox
On Arch Linux
sudo pacman -S virtualBox
Note: You can also simply go to the official Whonix website and download the latest version from there (See method 1)
Step 2. Now, you will need to download the OVA files for both the Whonix-Gateway and Whonix-Workstation. For this, follow these steps:
- Start by launching your web browser to visit the official Whonix website.
- Now, click on the Download button to navigate to the exact page.
- Find the OVA Files sections and click it.
OVAs are pre-configured virtual machines that can be imported into a different hypervisor.
- There will be two separate OVA files available:
- Whonix-Gateway: The gateway that routes all traffic through Tor.
- Whonix-Workstation: The isolated workstation that connects to the internet only through the Whonix-Gateway.
- Now, locate the OVA download link and click it.
- Alternatively, you can also use the ‘wget’ command in the terminal to download the OVA files:
For Whonix Gateway OVA:
wget https://download.whonix.org/ova/17.0.1.3.4/Whonix-Gateway-XFCE-17.0.1.3.4.ova
For Whonix Workstation OVA:
wget https://download.whonix.org/ova/17.0.1.3.4/Whonix-Workstation-XFCE-17.0.1.3.4.ova
Step 3. Once the OVA files are downloaded verify the files.
Step 3.1 – You’ll find checksums (SHA-512) for each OVA file in the same Download section. Use a checksum verification tool to compare the downloaded file’s checksum with the one provided on the Whonix website,
sha256sum Whonix-Gateway-XFCE-17.0.1.3.4.ova
sha256sum Whonix-Workstation-XFCE-17.0.1.3.4.ova
Step 4. Then, import the OVA Files into VirtualBox.
- Launch VirtualBox.
- Then go to File and click on “Import Appliance.”
- Now, choose and select the downloaded Whonix-Gateway OVA file.
- Click Next, follow the on-screen instructions, and review the settings.
- Then click on Import.
- The process is the same for the Whonix-Workstation OVA file.
Step 5. After importing both the OVAs configure them as needed.
Note: Ensure that you first run the Whonix-Gateway VM. It is crucial to run it before the Whonix-Workstation VM to maintain proper connectivity.
Step 6. Lastly, update both the VMs to the latest version:
sudo apt-get update && sudo apt-get dist-upgrade
Method 4. Install Whonix With A Kernel-based Virtual Machine
Step 1. First, Install KVM and related tools:
On Debian/Ubuntu:
Step1.1 – Start by updating the repository:
sudo apt update
Step 1.2 – Get the relevant dependencies:
sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager
Step 1.3 – Install KVM
sudo systemctl enable --now libvirtd
On Fedora:
sudo dnf install @virtualization
sudo systemctl enable --now libvirtd
On Arch Linux
sudo pacman -S qemu libvirt virt-manager
sudo systemctl enable --now libvirtd
Step 2. Now go to the official website to get the Whonix KVM Images
Look for the following files and download them:
- Whonix-Gateway-XFCE-15.0.1.9.5.qcow2
- Whonix-Workstation-XFCE-15.0.1.9.5.qcow2
- Whonix_external_network-15.0.1.9.5.xml
- Whonix_internal_network-15.0.1.9.5.xml
- Whonix-Gateway-XFCE-15.0.1.9.5.xml
- Whonix-Workstation-XFCE-15.0.1.9.5.xml
Step 3. Now use the XML files to define the external and internal networks:
virsh net-define Whonix_external_network-15.0.1.9.5.xml
virsh net-define Whonix_internal_network-15.0.1.9.5.xml
Step 4. Start and set the networks to autostart:
virsh net-start Whonix-External
virsh net-start Whonix-Internal
virsh net-autostart Whonix-External
virsh net-autostart Whonix-Internal
Step 5. Import the Whonix Gateway and Workstation images:
virsh define Whonix-Gateway-XFCE-15.0.1.9.5.xml
virsh define Whonix-Workstation-XFCE-15.0.1.9.5.xml
Step 6. Start the Gateway and Workstation VMs:
virsh start Whonix-Gateway-XFCE
virsh start Whonix-Workstation-XFCE
Step 7. Now access the VMs using virt-manager or virt-viewer.
virt-manager
Method 5. Install Whonix on QubesOS
Note: Before starting ensure that your Linux is running QubesOS
Step 1. Enable Whonix Templates:
sudo qubesctl state.sls qvm.anon-whonix
Step 2. Create AppVMs based on Whonix:
qvm-create --template whonix-gw-16 --label red Whonix-Gateway
qvm-create --template whonix-ws-16 --label red Whonix-Workstation
Now, just like the previous methods Start and Configure both VMs and verify the connection.
Whonix FAQs –
How does Whonix work?
Whonix is an operating system that uses advanced security features to ensure anonymity online. It relies on virtualization and routes data through the TOR network to protect your online data.
Is Whonix different from Tor Browser?
Yes, Whonix is very different from a typical browser, TOR or otherwise. It is a complete Operating System in itself. Whonix is a complete package with a web browser, office suite, and other pre-configured security features. On the other hand, a TOR browser is just a browser that can only protect your browser activity.
Is Whonix different from a VPN?
VPNs promise you anonymity but you have to rely on the provider to not log your data. Furthermore, they can share your data with a third person or authority, if legally needed. On the other hand, Whonix runs entirely on the anonymous TOR network. Yes, a VPN is faster but not anonymous.
Is Whonix a VM?
Essentially, yes. Whonix has VM Images for VirtualBox, OVA, KVM, and Qubes. As such Whonix consists of two VMs, Whonix-Gateway and Whonix-Workstation.