Design and Goals
From Whonix
Introduction[edit]
Whonix ™ aims to preserve privacy and anonymity by helping users run applications anonymously. A web browser, IRC client, office suite, and more come pre-configured with security in mind.
Whonix ™ is a complete operating system with advanced security and anonymity features [archive]. It consists of two virtual machines -- Whonix-Gateway ™ and Whonix-Workstation ™ -- which are designed to be used on a host operating system (OS). The host OS supporting Whonix ™ is usually the one installed on the user's computer, but OSes installed on external drives will also work. Users choose the preferred Whonix ™ configuration and may use either a Type I hypervisor (Qubes-Whonix ™), or a Type II hypervisor like KVM and Virtualbox.
Whonix ™ is Freedom Software and is based on Kicksecure ™ (security-focused Linux Distribution), Tor [1], Debian GNU/Linux [2], and the principle of security by isolation.
Security by Isolation[edit]
Whonix ™ is divided into two VMs: Whonix-Workstation ™ for work activities and Whonix-Gateway ™ to enforce all Internet traffic through the Tor network. [3] This security by isolation configuration averts many threats posed by malware, misbehaving applications, and user error.
Figure: Whonix ™ Operating System Design
Online Anonymity via Tor[edit]
Whonix ™ relies on the Tor network to protect a user's anonymity online; all connections are forced through Tor or otherwise blocked. Tor helps to protect users by bouncing communications around a distributed network of relays run by volunteers all around the world. Without advanced, end-to-end, netflow correlation attacks, anybody watching a user's Internet connection cannot easily determine the sites visited, and those sites cannot learn the user's physical location. [4]
To learn more about Tor, read the official documentation on the Tor website [archive] (.onion [archive]):
- Tor overview: Why we need Tor [archive] (.onion [archive])
- Tor overview: How Tor Works [archive] (.onion [archive])
- Who uses Tor? [archive] (.onion [archive])
Based on Debian[edit]
Tip: Since Ubuntu is a Debian derivative, online help for Ubuntu most often works for Whonix ™.
In oversimplified terms, Whonix ™ is just a collection of configuration files and scripts. Whonix ™ is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Whonix ™. Likewise, most problems and questions can be solved in the same way. For example: "How do I install VLC Media Player on Whonix ™?" -- "The same way as in Debian apt install vlc. Whonix ™ does not break anything, limit functionality, or prevent installation of compatible software.
Whonix Version[edit]
Each Whonix ™ release is based on a particular version of Debian:
| Whonix ™ version | Debian Version | Debian Codename |
|---|---|---|
Whonix ™ 16.0.3.7 |
11 |
bullseye [archive]
|
Users can manually check the Whonix ™ version at any time by following this step.
Release Schedule[edit]
Note that Whonix ™ does not have a fixed release schedule. A new stable release only becomes available when it is deemed ready. Interested users can query the issue tracker [5] and release notes to track developer progress. Stay Tuned.
Support Schedule[edit]
Debian Hosts[edit]
New Debian Release
One month after a new stable version of Debian is released, Whonix ™ VMs may no longer be supported on any older version of Debian. All users need to upgrade the Debian platform promptly after the deprecation notice in order to use Whonix ™ safely.
New Whonix ™ Release
One month after a new stable version of Whonix is released, older versions will no longer be supported. All users need to upgrade the Whonix ™ platform promptly in order to remain safe.
Deprecation Notices
The deprecation notice is provided at least one month in advance and posted in the Whonix ™ News forum [archive]. Stay Tuned! All users need to upgrade the respective platform promptly in order to remain safe. [6]
Debian-based and Other Hosts[edit]
As per Debian Hosts.
Windows Hosts[edit]
The support schedule is mostly undefined at present, but likely to mirror Debian Hosts.
Qubes Hosts[edit]
Quote Qubes-Whonix ™ version support policy [archive]:
Whonix ™ templates are supported by our partner, the Whonix ™ Project. The Whonix ™ Project has set its own support policy for Whonix ™ templates in Qubes.
This policy requires Whonix ™ template users to stay reasonably close to the cutting edge by upgrading to new stable releases of Qubes OS and Whonix ™ templates within a month of their respective releases. To be precise:
- One month after a new stable version of Qubes OS is released, Whonix ™ templates will no longer be supported on any older release of Qubes OS. This means that users who wish to continue using Whonix ™ templates on Qubes must always upgrade to the latest stable Qubes OS release within one month of its release.
- One month after new stable versions of Whonix ™ templates are released, older releases of Whonix ™ templates will no longer be supported. This means that users who wish to continue using Whonix ™ templates on Qubes must always upgrade to the latest stable Whonix ™ template releases within one month of their release.
We aim to announce both types of events one month in advance in order to remind users to upgrade.
Summary[edit]
Table: Whonix ™ Goals, Design and Limitations
| Category | Description |
|---|---|
| Whonix ™ is |
|
| Whonix ™ helps to |
|
| Whonix ™ is not |
|
Next Steps[edit]
Learning more about Whonix ™ is the best way to determine whether it is a suitable solution in your personal circumstances. The following chapters are recommended:
- The Warning page to understand the security limitations of Whonix ™ and Tor.
- Further information about Whonix ™ Features.
- The implied Trust placed in Whonix ™ when it is used.
- The Security Guide, Advanced Security Guide and Design chapters detailing the Whonix ™ specifications, threat model and implementation.
- Other relevant Documentation explaining how to use Whonix ™ safely.
Footnotes[edit]
- ↑ https://www.torproject.org/about/overview.html.en [archive]
- ↑ https://en.wikipedia.org/wiki/Debian [archive]
- ↑ In Qubes-Whonix ™, these VMs are named
sys-whonixandanon-whonix, respectively. - ↑ Current practical, low-latency, anonymity designs like Tor fail when the attacker can see both ends of the communication channel (traffic going into and out of the Tor network). If both flows are visible [archive], simple statistics can determine whether they match up.
- ↑ For example, for the next release use the tag "Whonix ™ 16" and status "Open".
- ↑ This also relieves Whonix ™ developers from needing to diagnose and support old-stable versions of Qubes/Debian/Whonix ™, which duplicates the maintenance burden.
License[edit]
Whonix ™ About wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix ™ About wiki page Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.
Gratitude is expressed to JonDos [archive] for permission [archive] to use material from their website. (w [archive]) (w [archive]) [1] The "Summary" chapter of the Whonix ™ Design and Goals wiki page contains content from the JonDonym documentation Features [archive] page.
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
|
100px |
| Fosshost | About Advertisements |
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Did you know that anyone can edit the Whonix ™ wiki to improve it?
Priority Support | Investors | Professional Support
Whonix ™ | © ENCRYPTED SUPPORT LP | 
Freedom Software / 
Open Source (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.