Camouflaged operating system – Whonix
Anonymous Traveler
![© Lead Image © Mohamad Razi Bin Husin, 123RF.com © Lead Image © Mohamad Razi Bin Husin, 123RF.com](/var/linux_magazin/storage/images/issues/2016/188/whonix-linux/123rf_12154067_hat-binoculars-travel_mohamadrazibinhusin_resized.png/672141-1-eng-US/123RF_12154067_Hat-Binoculars-Travel_MohamadRaziBinHusin_resized.png_medium.png)
© Lead Image © Mohamad Razi Bin Husin, 123RF.com
The Whonix desktop operating system lets you use the web without revealing your identity.
Many Internet users want to protect their privacy on the Internet, without disclosing personal information unnecessarily. The special Linux distribution Whonix [1], which incorporates The Onion Router (Tor) network, lets you do so for free.
If you want to try out Whonix, your best bet is to install it on a virtual machine (VM). Although physical hardware would work just as well – and you don't even need particularly new or powerful hardware – you would need two machines, because Whonix consistently separates the Internet physically from the computer on which you work, either with the use of two VMs or two separate physical systems. It is easy to set up and use Whonix: You only need to import two VMs, and a wizard then connects them to the Tor network.
The Architecture
Two VMs or two computers form the basis of the Whonix Linux distribution. One machine used as the connection gateway to the Tor network [2] is known as the Whonix-Gateway on the Whonix network. The other machine accommodates the applications with which you work. To begin, you set up the gateway, and it then sets up the connection to the Internet instead of connecting directly to the Internet; the wizard can also connect the gateway via a proxy server.
Because the workstation is on a separate network, Whonix keeps it from being contaminated by viruses or other malware and keeps your IP address from becoming public. The Whonix-Workstation can only access the Internet via the Tor router installed on the Whonix-Gateway.
Installation and Setup
Qubes, KVM, and VirtualBox can virtualize the environment; unfortunately, VMware vSphere and Qemu cannot. The easiest way to install the two VMs, both available as OVA files, is in VirtualBox. To do so, you only need to import an appliance (Figure 1) by setting up the gateway in the first step and the workstation in the second step.
After the installing the environment, a setup wizard helps adapt the two machines to your requirements, where you can change such settings as the number of processors for the VM or the size of available memory. When first set up, Whonix launches a setup wizard that creates the connection to the Tor network (Figure 2). Also, you can define here whether Whonix should update automatically in the future.
![](/var/linux_magazin/storage/images/issues/2016/188/whonix-linux/figure-2/672147-1-eng-US/Figure-2_large.png)
In the course of the setup, you can also decide which repository to use. If you will be deploying Whonix in a production environment, the best choice is the Whonix Stable Repository. Alternatively, you can choose the Whonix Testers Repository or the Whonix Developers Repository.
After all the options are set up, the connection to the Tor network is opened automatically. If necessary, Whonix also downloads updates in the background. To access the latest versions, it is advisable to update the repositories first. On Whonix, you can do this by typing:
apt-get update apt-get upgrade
The gateway needs to be running for you to use Whonix; you can iconize the window without worry because there's nothing to configure.
Clicking the WhonixCheck icon makes sure everything is working and that the gateway is up to date and connected to the Tor network. If several workstations are connected to the Whonix-Gateway, the traffic can be monitored with the Arm-Tor Controller desktop shortcut. When launched, the tool shows statistics about current uploads and downloads (Figure 3).
![](/var/linux_magazin/storage/images/issues/2016/188/whonix-linux/figure-3/672150-1-eng-US/Figure-3_large.png)
Whonix integrates a firewall that can be set up with the Global Firewall Settings desktop shortcut. The settings are password protected – the default password is changeme – and configuration changes are by finalized by clicking on the Reload Firewall desktop shortcut.
With the Whonix Setup
icon, you can launch the wizard for connecting to the Tor network, which is necessary, for example, if you want to use a different Internet gateway for the connection. It is also possible to connect the gateway to a proxy server through the wizard.
Working with Whonix
Once the gateway is running, everything else happens on the Whonix-Workstation, which is also imported into VirtualBox as a VM, just like the gateway. To work without interruption, you will want to assign the workstation more virtual CPUs and more memory. The default username is user and the password, again, is changeme. The Tor browser downloads automatically when you first start the workstation and proceeds to install itself (Figure 4).
![](/var/linux_magazin/storage/images/issues/2016/188/whonix-linux/figure-4/672153-1-eng-US/Figure-4_large.png)
After launching the browser, you can see the successful connection to Tor at top right. Also, you can see that the "No Script" extension is installed, which prevents scripts running on Internet pages without permission.
In addition to your own workstation opening connections to the Internet via the Whonix-Gateway, any computer or virtual machine can use this gateway for the same purpose. For this to happen, the gateway has two network adapters. One of the adapters communicates with the public Internet, and the other adapter is for private communication with the connected workstations. Through this network interface, multiple VMs or multiple physical computers can connect to the Internet via the Whonix-Gateway without problem.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.