Whonix is great. I use it all the time in my dayjob. I write a lot of scripts that have to interact with criminal (malware c&c, phishing website, etc) infrastructure, including APT analysis. You don't want to make an opsec fail and/or leak your IP in a situation like this. Instead of doing something fragile and error-prone, like being careful to use a proxy all the time in my code, having a VPN, etc, I just run everything in Whonix and sleep well at night.
Whonix when used via Qubes DispVMs is more effective than Tails in my opinion (better protection against IP leaking), unless your goal is mainly the amnesic aspect.
> Whonix when used via Qubes DispVMs is more effective than Tails in my opinion (better protection against IP leaking), unless your goal is mainly the amnesic aspect.
It's a matter of convenience.
Your setup is far more complicated for a non-technical activist or journalist Vs. Tails.
Install Qubes and it will give you an easy option to install Whonix. Out of the box Qubes supports Debian, Fedora, and Whonix very well. If the Qubes installer works on your hardware, the setup is a breeze. Qubes does have a bit of a learning curve, but largely non-technical (separating activities out into different VMs, and installing software onto a template instead of directly in the VM)
The website is fine. Please don't detract from the topic. Whonix is unanimously considered the best Linux distribution in terms of privacy and security. You can also run it in Qubes OS. It's intended to run on Virtualbox for now. One VM is for network access, while the other one is connected to the previous VM for said network access, and it's the one you should use. This is to prevent any de-anonymization attacks.
Indeed. For anyone who isn't convinced, I wrote up some details on our use case (creating a training data DMCA safe haven) in the Tails thread: https://news.ycombinator.com/item?id=37512147
If you're serious about protecting yourself, Whonix is a requirement.
The OS is focused on privacy... at the foot page there is a legend:
"By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent."
I clicked in "more information" and was directed to a long page with small print, where you have to navigate to different policies (which remain somewhat hidden if you are not careful) ...
The website is quite dreadful, excessively verbose in some places and totally lacking in others. It took me quite a few clicks just to learn that this is effectively virtual machines with Tor but still didn't find much at-a-glance information on what the user experience is actually like. Does anyone have any experience with this?
You run two VMs in VirtualBox. One is a Tor gateway, the other is a workstation. Both run Whonix and are preconfigured for this. A virtual network between them is set up so that the workstation can only access the Internet via the Tor gateway VM, so it's impossible for connections to "leak" directly to the Internet without going over Tor. The gateway VM runs in the background and you run a regular browser in the workstation VM.
Maybe the desktop site is terrible, I didn't check, but the mobile one is fine. Nothing to call home about, just a site like a million of other sites, describing a product and providing download links. They made an uncommon effort to secure themselves with long long long legal documents.
I agree with you. Web design doesn't seem to be the strength of the Whonix team.. and got worse over time.
Basically, you download a Virtualbox image, import it and then have a hardened Debian VM with Xfce UI & some privacy-friendly apps like Tor browser & a crypto wallet. The internet is slow (because of Tor) & tcp-only, but sufficient for most things. Virtualbox guest extensions are included and most things work out-of-the-box.
> It took me quite a few clicks just to learn that this is effectively virtual machines with Tor
Click "What Is Whonix?", scroll down, "Whonix ™ consists of two VMs: the Whonix-Gateway ™ and the Whonix-Workstation ™. The former runs Tor processes and acts as a gateway, while the latter runs user applications on a completely isolated network."
Quite the opposite, they're quite adamant about only using free (as in freedom) and in this case, beer, software. And denounce the usage of VPNs at every opportunity. ;)
So they really want you to use Tor - where the fact that you are connecting to a Tor node is extremely obvious, and flags you as a being part of the fractional percentage of internet users who do so - but don't want you to use a VPN, the use of which, while still not exactly baseline, is increasingly common? That may give you privacy, but it hardly seems like it makes you anonymous. Rather, wouldn't that send up a giant beacon for anyone at your ISP who cares to look at connections they (or the authorities) might want to pay more attention to?
> where the fact that you are connecting to a Tor node is extremely obvious
Yes, additionally, it has been concluded that it is impossible to hide the usage of Tor from the ISP, VPNs do not help. The usage of Tor is obvious.
> but don't want you to use a VPN
If you can't use Tor safely, it would be unlikely that you can use a VPN safely either.
> That may give you privacy, but it hardly seems like it makes you anonymous.
What makes you say that? There are millions of Tor users connected at any time, if you believe the number of users is an issue. I suggest you read more about Tor on their website - https://torproject.org
> Rather, wouldn't that send up a giant beacon for anyone at your ISP who cares to look at connections they (or the authorities) might want to pay more attention to?
No, I don't believe so granted that you live in a western democracy.
I know you were trying to be insulting in order to "win" our miniscule internet argument. However, since my post does not demonstrate bad manners or a lack of informed-ness, your comment doesn't land, and instead makes you look petty. Just letting you know!
