Whonix: An OS for the era of Anonymous and Wikileaks

Whonix is an operating system that uses a novel virtual machine setup to help preserve a user's anonymity while using the Internet

Image: http://www.flickr.com/photos/thinkanonymous/ (Creative Commons)

Image: http://www.flickr.com/photos/thinkanonymous/ (Creative Commons)

Anonymity is an increasingly scarce commodity. Google's latest Transparency Report revealed government requests for data about users of its online services are increasing. It's not hard to find examples of threats to privacy — either intentional or unintentional.

However, for almost as long as there have been concerns about protecting privacy on the Internet, there have been tools available to do the job. In many cases these tools, such as GPG and Tor, are available for free. But it is one thing to have access to these tools, and another to cobble them together into an effective solution that preserves your identity from prying eyes.

Whonix is a project to build an operating system that will offer the maximum privacy and anonymity possible straight out of the box. Its creator, 'Adrelanos', says the aim is to make it as hard as possible for privacy-conscious users to make missteps when it comes to remaining anonymous. "It also provides loads of documentation and possibilities for interested users to make it even more secure," he says.

Linux distro spotlight: Mageia
Linux distro spotlight: OS4 OpenDesktop
OpenStack: Building a more open Cloud
UNSW project spotlights text mining, language analysis
Hadoop: How open source can whittle Big Data down to size

Adrelanos says the project began because he wanted to run more than just a basic browser over the Tor network. At the time, online guides to remaining anonymous could often be contradictory.

"Running applications directly on a user's operating system was implicitly assumed," Adrelanos says. "Some people would argue for using proxy settings or a socksifier. Other argued that applications might not honour proxy settings or that there could be bugs in the socksifier, or even protocol leaks."

The guides on the topic were often partial and not updated to take new developments into account. "One guide had this precaution and another included different precautions, but none really included all important considerations," Adrelanos says.

The guides were also complicated and made a lot of assumptions or missed out important details. ("The left questions open like: How do I run the Tor Browser bundle behind a transparent Tor proxy while preventing Tor over Tor?" Adrelanos says)

"Starting fresh with a wiki page on the official Tor homepage looked like a good idea to me, to allow others to check if I badly messed up or to let others improve the guide so everyone profits."

"In the beginning the [Whonix] project wasn't even called project," he says. "It was called a guide named TorBOX and was a simple wiki page in the Torproject.org wiki." The original guide was created in January 2012.

"This guide became more and more sophisticated and because manually following the steps in it took a lot of time, shell scripts to make it easier were created by Anonymous. As building it became more time consuming and more complicated, and as more people became interested, the first binary builds were created by Anonymous."

Whonix itself is a virtualised operating system based on Debian GNU/Linux and uses VirtualBox for the hots VMs. It uses a dual VM design: The primary VM (Whonix-Workstation), which runs end-user applications, and a gateway (Whonix-Gateway) through which all network requests from the workstation VM are channelled, and which uses the Tor network.

"The Whonix-Workstation has, on purpose, no ability to find out its own real IP address," Adrelanos says. "This is because it has no direct network connection and can only connect to Tor on the Whonix-Gateway. The main goal is to stay anonymous. To hide the IP [address]."

"Technically 'IP hiding' is impossible." he adds. "It can only be replaced with another IP, and the Tor network was the best tool I found for this purpose. So the question was, how do I hide the IP from applications, if I am unable for technical and/or time reasons to check and/or modify all the applications in a very detailed manner?

"The transparent Tor proxy, where the applications have no way to find out the real IP address and can only find out their Tor exit node IP address, looked like the best approach."

In addition, a whole computing environment dedicated to anonymity is less likely to be confused with a user's standard computing environment, Adrelanos says, preventing inadvertent privacy breaches.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityfree speechencryptionoperating systemsprivacy

More about DebianGatewayGatewayGoogleLinuxUNSW

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rohan Pearce

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts