Tor at the Heart: Whonix
UPDATE, AUGUST 2020 - Since the writing of this blog post, the Tor Project Community has become increasingly concerned by reports of a pattern of tolerance for sexism, racism, and other bigotry within the Whonix community. Therefore, we can no longer endorse Whonix, and do not encourage others to get involved with them. We want to foster a diverse, inclusive, and welcoming environment for all and we feel that associating with Whonix jeopardizes these goals.
During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Whonix is a privacy ecosystem that utilizes compartmentalization to provide a private, leak-resistant environment for many desktop computing activities. Whonix helps users use their favorite desktop applications anonymously. A web browser, IRC client, word processor, and more come pre-installed with safe defaults, and users can safely install custom applications and personalize their desktops with Whonix.
Whonix is designed to run inside a VM and to be paired with Tor. Whonix is composed of two or more virtual machines that run on top of an existing operating system. The primary purpose of this design is to isolate the critical Tor software from the risk-laden environments that often host user-applications, such as email clients and web browsers. Whonix consists of two parts: the first part solely runs Tor and acts as a gateway for a user's Internet traffic, called Whonix-Gateway. The other, called Whonix-Workstation, is for a user's work and is located on a completely isolated network. Even if the user's workstation is compromised with root privileges, it cannot easily reveal IP addresses or leak DNS requests or bypass Tor, because it has neither full knowledge nor control over where and how its traffic is routed. This is security by isolation, and it averts many threats posed by malware, misbehaving applications, and user error.
One of Whonix's core strengths is its flexibility. Whonix can run on Linux, MacOS, or Windows. It can torrify nearly any application's traffic running on nearly any operating system, and it doesn't depend on the application's cooperation. It can even isolate a server behind a Tor Hidden Service running on a separate OS. It can route traffic over VPNs, SSH tunnels, SOCKS proxies, and major anonymity networks, giving users flexibility in their system setups.
Whonix was originally built around compatibility-focused Virtualbox, then time-tested KVM was added as an option. Now Whonix is shipped-by-default with the advanced, security-focused virtualization platform QubesOS. Whonix even supports Qubes' DisposableVMs.
Whonix has a safe default configuration that includes a restrictive firewall, privacy-enhanced settings for Debian, AppArmor profiles, and pre-configured and stream isolated applications.
The Whonix team is currently focused on improving usability for new Whonix users. A Quick-Start Guide will be available shortly to allow users to install and try Whonix on most existing systems.
Whonix is based in Germany but has users and developers from around the world. Like many open-source projects, Whonix depends on the donations and contributions of supporters. It's easy to get involved!