Whonix – Software That Can Anonymize Everything You Do …
Whonix – Software That Can Anonymize Everything You Do Online
Download, Install, Run FREE
isn’t a program like most of your applications. It’s a full
operating system that runs inside your current one. Select which
operating system your computer is running.
All activity in a virtual machine, all internet traffic through the
Whonix is the best way to use
and provides the strongest protection of your IP address.
Applications are reviewed and pre-configured.
Fully Featured and Advanced Security Features
Impossible to leak IP address
Connections are forced through Tor®. DNS leaks are impossible, and
even malware with root privileges cannot discover the user’s real IP
address. Leak tested through corridor (Tor® traffic whitelisting gateway) and other leak tests.
VM Live Mode
is as simple as choosing Live Mode in the boot menu.
Alternatively Debian, Kicksecure and perhaps other Debian-based hosts can boot their existing host operating system into
Host Live Mode.
Based on Kicksecure ™
Whonix ™ is based on Kicksecure ™ which is a security-hardened Linux distribution.
Based on Tor®
Whonix utilizes Tor®, which provides an open and distributed relay network to defend against network surveillance.
Unlike Virtual Private Networks (VPN), Tor provides anonymity by design and removes trust from the equation.
Keystrokes can be used to track users. To prevent this, Whonix comes with kloak installed by default.
Protect against guard discovery and related traffic analysis attacks
Better encryption thanks to preinstalled random number generators.
Distinct applications are routed through different paths in the Tor® network.
AppArmor profiles restrict the capabilities of commonly used, high-risk applications.
Kernel Self Protection Settings
Whonix uses Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).
Whonix provides additional security hardening measures and user education to provide better protection from viruses.
disables legacy login methods for improved security hardening.
Configured for anonymous Tor® use.
Tor® Browser is optimized for anonymity and millions of daily users help you blend in with the crowd.
Visit any destination including modern websites such as YouTube.
Running low on RAM isn’t a security problem. swap-file-creator
will create an encrypted swap file.
Complete respect for privacy
Whonix respects data privacy principles. We don’t make advertising deals or collect sensitive personal data. We’re funded directly by user contributions and that’s how it should be.
confirms that no warrants have ever been served on the Whonix project.
Based on Debian
In oversimplified terms, Whonix is just a collection of configuration files and scripts. Whonix is not a stripped down version of Debian; anything possible in “vanilla” Debian GNU/Linux can be replicated in Whonix.
Digitally signed releases
Downloads are signed so genuine Whonix releases can be verified.
All the Whonix source code is
licensed under OSI Approved Licenses.
We respect user rights to review, scrutinize, modify, and redistribute Whonix. This improves security and privacy for everyone.
Research and Implementation Project
Whonix makes modest claims and is wary of overconfidence. Whonix is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.
Upcoming Security Enhancements
VMware – Whonix
At the time of writing, the VMware Workstation Player [archive] software package can be downloaded free of charge for x64 computers running Windows or Linux. The VMware vSphere Hypervisor provides a local virtualization solution for running a second, isolated operating system on a single computer, although it has less features than the commercial VMware Workstation product; see here [archive] for a full description of supported platforms, version history and features. A community website [archive] is also available for discussing and resolving issues that are encountered.
Lead Whonix ™ developer, Patrick Schleizer, has expressed serious reservations about VMware:
In comparison to Free Software [archive], VMware is not very open and transparency is critical for security.
Users of the free VMware Workstation Player are apparently unable to submit bug reports in contrast to users of commercial products.
There is no known list of open bugs which means it is difficult to determine VMware’s suitability for Whonix ™, such as potential threats to anonymity.
Attempted bug reports go entirely unanswered, meaning there is little motivation to investigate issues, make contributions, or submit further bug reports.
Free VMware products only have community support and not professional support.
Declined feature request.
Although pairing Whonix ™ with VMware is occasionally reported as functional, it is considered highly experimental and recommended against.
It is far safer to use a supported platform.
Table: Unofficial Supported VMware Products
Previous tests of VMware Workstation were found to be in a working state. Please note it is rarely tested.
Up to version 6. 0, VMWare ESX(i) was tested and functional.
VMware Server and all other products are untested, but are most likely functional.
VMware Player was previously tested by an anonymous user and found to be functional, . although this has not been confirmed by Whonix ™ developers. Note that the internal network setup can sometimes be difficult; refer to How to create multiple networks on VMware Player [archive] for further instructions.
After installing Whonix ™ in VMWare, refer to existing Documentation for additional security and anonymity advice.
For newer, third party VMware configuration instructions, see: How to Run Whonix 15 for Anonymous Web Browsing [archive]
Either import the Download version or manually build from source.
Due to an upstream VMware bug, it might be necessary to press retry when importing the images (to relax the importing requirements).
1. Connect the virtual network adapter to custom.
This is important! Do not use host-only, NAT or bridging for the virtual network adapter! For example, in testing the vmnet9 virtual network was configured because it was not used by anything else.
2. Adjust the adapter settings.
Whonix-Gateway ™: set network adapter 2 to custom → /dev/vmnet8 (or on Windows probably: vmnet9)
Whonix-Workstation ™ set network adapter 1 to custom → /dev/vmnet8 (or on Windows probably: vmnet9)
Note: if vmnetX — for example vmnet8 — is already in use by the NAT adapter, do not re-use it for the custom adapter. In that case, utilize something else like vmnet9.
3. Adjust time settings.
Due to an upstream VMware bug, the VM time is not set to UTC. Manually make this change, otherwise Tor connections might fail.
Simply importing the templates will not work because ESX(i) will not recognize the hardware family. Existing workarounds include using VMware Workstation or extracting the and then editing the files.
Importing Virtual Disk Files
One method of running Whonix ™ on ESXi is to extract the (VM virtual disk) files; one example can be found here [archive].
To import the appliances:
Create two virtual machines in ESX(i) with default settings — do not create a virtual disk for them.
Import and in VirtualBox (this is not a typo! ). Do not check the setting Import as VDI.. 
Once both are imported, retrieve the disk files from their physical location on the disk (VirtualBox extracts them from the).
Upload both disk files to the datastore that is being used in ESX(i).
Attach the disk files to the appropriate virtual machines.
Warning: Double check the vSwitch logic in the following setup!
Ensure Whonix-Gateway ™ has two network adapters configured as a virtual machine, while Whonix-Workstation ™ only has one.
Attach the first Whonix-Gateway ™ network adapter to the outside network vSwitch (this can be WAN, LAN, DMZ etc. )
Attach the second Whonix-Gateway ™ network adapter to an isolated vSwitch. Preferably create a new vSwitch which will only be used by Whonix-Gateway ™ and Whonix-Workstation ™. Note: Do not attach physical NICs to this vSwitch! Ensure a new vSwitch is created and not simply a new portgroup. Promiscuous mode within a vSwitch might jeopardize anonymity.
Attach the Whonix-Workstation ™ network adapter to the isolated vSwitch from the previous step.
Boot the machines and check online connectivity has been established.
These instructions are unfinished.
If you prefer building from source or the previous instructions did not work, the following method was successfully tested with Whonix ™ 14. 0. 9. 9 and ESX(i) 6. 7.
1. Using a 64-bit Linux machine, build both Whonix-Gateway ™ and Whonix-Workstation ™ with the –target raw instruction.
Example build phrase: sudo. /build_whonix –flavor whonix-gateway-cli –vmsize 20G –target raw –build
2. Use qemu-img to convert the raw images to vmdk.
Example: qemu-img convert
3. Move or copy the disks to a data store on ESX(i).
1. From ESX(i), create a new virtual switch for internal traffic.
Important: Delete the uplink by clicking the x! Create a new port group for internal traffic using the virtual switch that was just created.
2. Create a new virtual machine named Whonix-Workstation ™.
Guest Linux Debian 10 64-bit → one network interface (change network to internal switch/portgroup) → delete disk → add existing disk → select vmdk created for workstation → expand dropdown and select IDE controller.
Then boot the machine.
3. Create a new virtual machine named Whonix-Gateway ™.
Guest Linux Debian 10 64-bit → two network interfaces (leave first one default, add second and change to internal switch) → delete disk → add existing disk → select created for gateway → expand dropdown and select IDE controller.
Note: This machine will have no WAN access unless a static route is added or eth0 is modified to DHCP.
Using VMWare Workstation as an Intermediary
If VMware Workstation is available, the following method works without manual extraction and repacking:
Import both VMs to VMware Workstation.
Check all settings are properly applied as per the guide above.
Either export the VMs to and import them on the ESX(i) server, or if the server is connected to the Workstation instance, migrate via VMware Workstation. This generally works out of the box, although the networking should be reviewed and isolated as per the guide above.
In addition to the steps outlined below, also refer to the System Hardening Checklist and the Essential Security Guide and Advanced Security Guide Documentation entries.
The following measures are recommended for improved security:
disable 3D acceleration
remove CD/DVD drive
remove Floppy drive
remove USB controller (or at least disable the automatic connection of new devices)
remove sound card
do not install VMware Tools or open-vm-tools — trading security for convenience is unrecommended because VMware Tools leak information to the host operating system or hypervisor.
Some users might wish to access the Whonix-Workstation ™ via SSH and therefore consider adding a second network adapter with Host-Only Networking [archive]. Be cautious of this configuration because it can cause information leakage:
If you install the proper routing or proxy software on your host computer, you can establish a connection between the host virtual Ethernet adapter and a physical network adapter on the host computer. This allows you, for example, to connect the virtual machine to a Token Ring or other non-Ethernet network.
On a Windows 2000, Windows XP or Windows Server 2003 host computer, you can use host-only networking in combination with the Internet connection sharing feature in Windows to allow a virtual machine to use the host’s dial-up networking adapter or other connection to the Internet. See your Windows documentation for details on configuring Internet connection sharing.
VMware bug report: failed to import image [archive]
VMware bug report: image internal network becomes bridged network [archive]
VirtualBox bug report Ticket #11160: image created with VirtualBox, failed to import in VMware [archive]
↑ See this thread [archive] in the old Whonix ™ forum.
Alternatively is might work to extract the archive.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Priority Support | Investors | Professional Support
Whonix ™ | © ENCRYPTED SUPPORT LP | Freedom Software / Open Source (Why? )
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.
Whonix ™ for VirtualBox with XFCE
Frequently Asked Questions about whonix workstation download
How do I install Whonix on VMware workstation?
VMware WorkstationEither import the Download version or manually build from source.Import Whonix-Gateway. ova and Whonix-Workstation. ova .Due to an upstream VMware bug, it might be necessary to press retry when importing the . ova images (to relax the importing requirements).
How do I download Whonix on VirtualBox?
For Whonix ™ VirtualBox import instructions, please press on expand on the right.Start VirtualBox.Click on File then choose Import Appliance…Navigate and select Whonix ™ image and press next.Do NOT change anything! … Then press Agree.Wait until Whonix ™ .ova has been imported.More items…
How install Whonix on Windows?
ChaptersGoogle Search Whonix. … Select on what OS you will run it. … Remember to install VirtualBox from Oracle. … Open the download folder. … Select virtualbox manager to load the image file. … You can click import or change some of the settings. … Now go to settings and change some of the preconfigured settings.More items…•Jul 16, 2019