Camouflaged operating system – Whonix
Anonymous Traveler
The Whonix desktop operating system lets you use the web without revealing your identity.
Many Internet users want to protect their privacy on the Internet, without disclosing personal information unnecessarily. The special Linux distribution Whonix [1], which incorporates The Onion Router (Tor) network, lets you do so for free.
If you want to try out Whonix, your best bet is to install it on a virtual machine (VM). Although physical hardware would work just as well – and you don't even need particularly new or powerful hardware – you would need two machines, because Whonix consistently separates the Internet physically from the computer on which you work, either with the use of two VMs or two separate physical systems. It is easy to set up and use Whonix: You only need to import two VMs, and a wizard then connects them to the Tor network.
The Architecture
Two VMs or two computers form the basis of the Whonix Linux distribution. One machine used as the connection gateway to the Tor network [2] is known as the Whonix-Gateway on the Whonix network. The other machine accommodates the applications with which you work. To begin, you set up the gateway, and it then sets up the connection to the Internet instead of connecting directly to the Internet; the wizard can also connect the gateway via a proxy server.
Because the workstation is on a separate network, Whonix keeps it from being contaminated by viruses or other malware and keeps your IP address from becoming public. The Whonix-Workstation can only access the Internet via the Tor router installed on the Whonix-Gateway.
Installation and Setup
Qubes, KVM, and VirtualBox can virtualize the environment; unfortunately, VMware vSphere and Qemu cannot. The easiest way to install the two VMs, both available as OVA files, is in VirtualBox. To do so, you only need to import an appliance (Figure 1) by setting up the gateway in the first step and the workstation in the second step.
After the installing the environment, a setup wizard helps adapt the two machines to your requirements, where you can change such settings as the number of processors for the VM or the size of available memory. When first set up, Whonix launches a setup wizard that creates the connection to the Tor network (Figure 2). Also, you can define here whether Whonix should update automatically in the future.
In the course of the setup, you can also decide which repository to use. If you will be deploying Whonix in a production environment, the best choice is the Whonix Stable Repository. Alternatively, you can choose the Whonix Testers Repository or the Whonix Developers Repository.
After all the options are set up, the connection to the Tor network is opened automatically. If necessary, Whonix also downloads updates in the background. To access the latest versions, it is advisable to update the repositories first. On Whonix, you can do this by typing:
apt-get update apt-get upgrade
The gateway needs to be running for you to use Whonix; you can iconize the window without worry because there's nothing to configure.
Clicking the WhonixCheck icon makes sure everything is working and that the gateway is up to date and connected to the Tor network. If several workstations are connected to the Whonix-Gateway, the traffic can be monitored with the Arm-Tor Controller desktop shortcut. When launched, the tool shows statistics about current uploads and downloads (Figure 3).
Whonix integrates a firewall that can be set up with the Global Firewall Settings desktop shortcut. The settings are password protected – the default password is changeme – and configuration changes are by finalized by clicking on the Reload Firewall desktop shortcut.
With the Whonix Setup
icon, you can launch the wizard for connecting to the Tor network, which is necessary, for example, if you want to use a different Internet gateway for the connection. It is also possible to connect the gateway to a proxy server through the wizard.
Working with Whonix
Once the gateway is running, everything else happens on the Whonix-Workstation, which is also imported into VirtualBox as a VM, just like the gateway. To work without interruption, you will want to assign the workstation more virtual CPUs and more memory. The default username is user and the password, again, is changeme. The Tor browser downloads automatically when you first start the workstation and proceeds to install itself (Figure 4).
After launching the browser, you can see the successful connection to Tor at top right. Also, you can see that the "No Script" extension is installed, which prevents scripts running on Internet pages without permission.
In addition to your own workstation opening connections to the Internet via the Whonix-Gateway, any computer or virtual machine can use this gateway for the same purpose. For this to happen, the gateway has two network adapters. One of the adapters communicates with the public Internet, and the other adapter is for private communication with the connected workstations. Through this network interface, multiple VMs or multiple physical computers can connect to the Internet via the Whonix-Gateway without problem.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome 47.1 Released with a Few Fixes
The latest release of the Gnome desktop is all about fixing a few nagging issues and not about bringing new features into the mix.
-
System76 Unveils an Ampere-Powered Thelio Desktop
If you're looking for a new desktop system for developing autonomous driving and software-defined vehicle solutions. System76 has you covered.
-
VirtualBox 7.1.4 Includes Initial Support for Linux kernel 6.12
The latest version of VirtualBox has arrived and it not only adds initial support for kernel 6.12 but another feature that will make using the virtual machine tool much easier.
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.