Whonix: An OS for the era of Anonymous and Wikileaks

Whonix is an operating system that uses a novel virtual machine setup to help preserve a user's anonymity while using the Internet

Image: http://www.flickr.com/photos/thinkanonymous/ (Creative Commons)

Image: http://www.flickr.com/photos/thinkanonymous/ (Creative Commons)

Anonymity is an increasingly scarce commodity. Google's latest Transparency Report revealed government requests for data about users of its online services are increasing. It's not hard to find examples of threats to privacy — either intentional or unintentional.

However, for almost as long as there have been concerns about protecting privacy on the Internet, there have been tools available to do the job. In many cases these tools, such as GPG and Tor, are available for free. But it is one thing to have access to these tools, and another to cobble them together into an effective solution that preserves your identity from prying eyes.

Whonix is a project to build an operating system that will offer the maximum privacy and anonymity possible straight out of the box. Its creator, 'Adrelanos', says the aim is to make it as hard as possible for privacy-conscious users to make missteps when it comes to remaining anonymous. "It also provides loads of documentation and possibilities for interested users to make it even more secure," he says.

Linux distro spotlight: Mageia
Linux distro spotlight: OS4 OpenDesktop
OpenStack: Building a more open Cloud
UNSW project spotlights text mining, language analysis
Hadoop: How open source can whittle Big Data down to size

Adrelanos says the project began because he wanted to run more than just a basic browser over the Tor network. At the time, online guides to remaining anonymous could often be contradictory.

"Running applications directly on a user's operating system was implicitly assumed," Adrelanos says. "Some people would argue for using proxy settings or a socksifier. Other argued that applications might not honour proxy settings or that there could be bugs in the socksifier, or even protocol leaks."

The guides on the topic were often partial and not updated to take new developments into account. "One guide had this precaution and another included different precautions, but none really included all important considerations," Adrelanos says.

The guides were also complicated and made a lot of assumptions or missed out important details. ("The left questions open like: How do I run the Tor Browser bundle behind a transparent Tor proxy while preventing Tor over Tor?" Adrelanos says)

"Starting fresh with a wiki page on the official Tor homepage looked like a good idea to me, to allow others to check if I badly messed up or to let others improve the guide so everyone profits."

"In the beginning the [Whonix] project wasn't even called project," he says. "It was called a guide named TorBOX and was a simple wiki page in the Torproject.org wiki." The original guide was created in January 2012.

"This guide became more and more sophisticated and because manually following the steps in it took a lot of time, shell scripts to make it easier were created by Anonymous. As building it became more time consuming and more complicated, and as more people became interested, the first binary builds were created by Anonymous."

Whonix itself is a virtualised operating system based on Debian GNU/Linux and uses VirtualBox for the hots VMs. It uses a dual VM design: The primary VM (Whonix-Workstation), which runs end-user applications, and a gateway (Whonix-Gateway) through which all network requests from the workstation VM are channelled, and which uses the Tor network.

"The Whonix-Workstation has, on purpose, no ability to find out its own real IP address," Adrelanos says. "This is because it has no direct network connection and can only connect to Tor on the Whonix-Gateway. The main goal is to stay anonymous. To hide the IP [address]."

"Technically 'IP hiding' is impossible." he adds. "It can only be replaced with another IP, and the Tor network was the best tool I found for this purpose. So the question was, how do I hide the IP from applications, if I am unable for technical and/or time reasons to check and/or modify all the applications in a very detailed manner?

"The transparent Tor proxy, where the applications have no way to find out the real IP address and can only find out their Tor exit node IP address, looked like the best approach."

In addition, a whole computing environment dedicated to anonymity is less likely to be confused with a user's standard computing environment, Adrelanos says, preventing inadvertent privacy breaches.

Tags securityfree speechencryptionoperating systemsprivacy

More about DebianGatewayGatewayGoogleLinuxUNSW

Comments

Comments are now closed

Queensland Police arrest man for allegedly hacking US gaming developer site

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]