[HN Gopher] Whonix - an OS focused on anonymity, privacy and sec...
___________________________________________________________________
Whonix - an OS focused on anonymity, privacy and security
Author : Run_DOS_Run
Score : 142 points
Date : 2023-09-14 15:28 UTC (7 hours ago)
(HTM) web link (www.whonix.org)
(TXT) w3m dump (www.whonix.org)
| beardog wrote:
| Whonix when used via Qubes DispVMs is more effective than Tails
| in my opinion (better protection against IP leaking), unless your
| goal is mainly the amnesic aspect.
| neilalexander wrote:
| The website is quite dreadful, excessively verbose in some places
| and totally lacking in others. It took me quite a few clicks just
| to learn that this is effectively virtual machines with Tor but
| still didn't find much at-a-glance information on what the user
| experience is actually like. Does anyone have any experience with
| this?
| [deleted]
| progval wrote:
| > It took me quite a few clicks just to learn that this is
| effectively virtual machines with Tor
|
| Click "What Is Whonix?", scroll down, "Whonix (tm) consists of
| two VMs: the Whonix-Gateway (tm) and the Whonix-Workstation
| (tm). The former runs Tor processes and acts as a gateway,
| while the latter runs user applications on a completely
| isolated network."
| electroly wrote:
| You run two VMs in VirtualBox. One is a Tor gateway, the other
| is a workstation. Both run Whonix and are preconfigured for
| this. A virtual network between them is set up so that the
| workstation can only access the Internet via the Tor gateway
| VM, so it's impossible for connections to "leak" directly to
| the Internet without going over Tor. The gateway VM runs in the
| background and you run a regular browser in the workstation VM.
|
| https://www.whonix.org/wiki/Whonix-Gateway
|
| https://www.whonix.org/wiki/Whonix-Workstation
| [deleted]
| hxii wrote:
| I thought you might be exaggerating a little bit, but... oh my,
| this website is quite terrible.
| pmontra wrote:
| Maybe the desktop site is terrible, I didn't check, but the
| mobile one is fine. Nothing to call home about, just a site
| like a million of other sites, describing a product and
| providing download links. They made an uncommon effort to
| secure themselves with long long long legal documents.
| paravirtualized wrote:
| > Does anyone have any experience with this?
|
| Whonix (KVM) is like running Debian with XFCE, but no matter
| what you do, your real IP address will never leak, at any
| point.
| devit wrote:
| Well, unless you absentmindedly type in your mail address,
| name or any other real credentials.
| Syonyk wrote:
| > _Does anyone have any experience with this?_
|
| Only through Qubes, but I do most of my web access in a
| disposable (ephemeral) Whonix VM in Qubes, and it does exactly
| what it says on the box.
| sim7c00 wrote:
| this imho is the way to use it. it is so easy once u get it
| set up. for me it was one of the simplest ways i found to use
| such systems.
| Run_DOS_Run wrote:
| OP here.
|
| I agree with you. Web design doesn't seem to be the strength of
| the Whonix team.. and got worse over time.
|
| Basically, you download a Virtualbox image, import it and then
| have a hardened Debian VM with Xfce UI & some privacy-friendly
| apps like Tor browser & a crypto wallet. The internet is slow
| (because of Tor) & tcp-only, but sufficient for most things.
| Virtualbox guest extensions are included and most things work
| out-of-the-box.
| mike_hock wrote:
| > See DOS.
|
| > See DOS run.
|
| > Run_DOS_Run!
| adultSwim wrote:
| Whonix + Qubes is a treasure
| 1shooner wrote:
| This is really a missed opportunity for a penguin-colored owl
| mascot.
| msla wrote:
| So it's a Debian-based Linux distro with some configuration work
| done.
|
| I wish they'd simply summarize what it is.
| WolfeReader wrote:
| One of the first and most notable links on the page is labeled
| "Learn What Is Whonix?". You should read it.
| [deleted]
| coldblues wrote:
| The website is fine. Please don't detract from the topic. Whonix
| is unanimously considered the best Linux distribution in terms of
| privacy and security. You can also run it in Qubes OS. It's
| intended to run on Virtualbox for now. One VM is for network
| access, while the other one is connected to the previous VM for
| said network access, and it's the one you should use. This is to
| prevent any de-anonymization attacks.
| thenose wrote:
| Indeed. For anyone who isn't convinced, I wrote up some details
| on our use case (creating a training data DMCA safe haven) in
| the Tails thread: https://news.ycombinator.com/item?id=37512147
|
| If you're serious about protecting yourself, Whonix is a
| requirement.
| [deleted]
| musicale wrote:
| > Whonix is unanimously considered the best Linux distribution
| in terms of privacy and security
|
| "Unanimously?" By whom?
| ehvatum wrote:
| By the ones doing the considering. We get together every
| spring in Lucern to revise the Book of Considerations.
| pmarreck wrote:
| The anonymous authority, of course! ;)
| bombas wrote:
| lol unanimously by who? You?
| dooglius wrote:
| More technical overview at https://www.whonix.org/wiki/About
| f1shy wrote:
| The OS is focused on privacy... at the foot page there is a
| legend:
|
| "By using our website, you acknowledge that you have read,
| understood and agreed to our Privacy Policy, Cookie Policy, Terms
| of Service, and E-Sign Consent."
|
| I clicked in "more information" and was directed to a long page
| with small print, where you have to navigate to different
| policies (which remain somewhat hidden if you are not careful)
| ...
|
| Really?
| [deleted]
| skyyler wrote:
| I found the terms of service page to be fantastic.
|
| Easier to understand than most I see.
| taway1237 wrote:
| Whonix is great. I use it all the time in my dayjob. I write a
| lot of scripts that have to interact with criminal (malware c&c,
| phishing website, etc) infrastructure, including APT analysis.
| You don't want to make an opsec fail and/or leak your IP in a
| situation like this. Instead of doing something fragile and
| error-prone, like being careful to use a proxy all the time in my
| code, having a VPN, etc, I just run everything in Whonix and
| sleep well at night.
| baz00 wrote:
| Web site looks like it's trying to sell me some shitty VPN
| software I don't need.
| [deleted]
| paravirtualized wrote:
| Quite the opposite, they're quite adamant about only using free
| (as in freedom) and in this case, beer, software. And denounce
| the usage of VPNs at every opportunity. ;)
| runeofdoom wrote:
| So they really want you to use Tor - where the fact that you
| are connecting to a Tor node is extremely obvious, and flags
| you as a being part of the fractional percentage of internet
| users who do so - but don't want you to use a VPN, the use of
| which, while still not exactly baseline, is increasingly
| common? That may give you privacy, but it hardly seems like
| it makes you anonymous. Rather, wouldn't that send up a giant
| beacon for anyone at your ISP who cares to look at
| connections they (or the authorities) might want to pay more
| attention to?
| [deleted]
___________________________________________________________________
(page generated 2023-09-14 23:00 UTC)