Table of Contents
IN BRIEF
The Debian-based distro is built on the concept of security by isolation. It ships in the form of two virtual machines; an arrangement that helps it create a secure environment shielded from the nasties on the internet.
SPECS
CPU: Any CPU with Intel VT-x or AMD-V
Memory: 1GB
HDD: 10GB
Build: Virtual disk images for VirtualBox and KVM.
Whonix is one of the best privacy-centric distros that does its magic using the concept of security by isolation. It comes in the form of two virtual machines (VM): Whonix-Gateway and Whonix-Workstation. The idea is to isolate the environment you work in (Workstation) from the internet access point (Gateway), which, for added privacy, routes all internet traffic through Tor.
In addition, the distro developers have done some work under the covers to deliver a hardened distro. For starters, Whonix is based on Kicksecure, which is a security-hardened Debian distro that employs several means of reinforcing the installation, such as the Linux Kernel Runtime Guard (LKRG), kernel-hardening settings as recommended by the Kernel Self Protection Project (KSPP), enforcing Strong Linux User Account Isolation, and a lot more.
The end result is a distro that guarantees IP and DNS leak protection, and ensures the user can’t be identified using any mechanism in the arsenal of tricks in the online marketers’ toolbox. The distro also anonymises keystrokes, and does boot clock randomisation together with secure network time synchronisation to thwart attacks based on leaked time data.
Whonix 16, the latest edition of the distro comes out two years after the project’s last major release, Whonix 15, which will be deprecated in November, 2021.
The one major change in Whonix 16 is that the distro has now been rebased on the latest Debian 11 stable release. There are some minor administrative changes, such as program upgrades and tweaks to some of the repositories, but overall there’s hardly any noteworthy change in the functioning or usability of the distro.
Anonymisers anonymous
Whonix continues to be available as a single appliance that deploys both VMs when imported. This also means that there’s no installation mechanism for the distro, which helps make it accessible to a wide range of users.
Users are supposed to launch the Gateway before the Workstation. Since the previous release, the boot menu on both VMs also offers the option to boot into a Live environment, which prevents Whonix from committing any changes to its virtual disk. This is done to add another layer of security to the existing privacy-centric features of the distro. Both VMs use the lightweight Xfce desktop, and the Workstation VM includes a handful of programs. Most of them will work with Tor, and will protect your identity online.
A primary Whonix goal is to reduce the risk posed by additional software that isn’t exclusively designed to work with Tor. That said, the distro doesn’t prevent users from pulling in additional software from the vast Debian repository. It doesn’t include a graphical package manager, but you can use Debian’s famed command-line based apt-get package manager. However, the distro developers do warn that this isn’t something they recommend because additional software increases the possibility of attack.
In fact, Whonix, which pitches itself as a research project, is replete with documentation that will help users familiarise themselves with the nuances of desktop security. The distro is also useful for advanced users who wish to host location hidden services based on the Tor network.
All things considered, Whonix is an ideal platform for anyone who wishes to stay anonymous online, even while traversing through the notoriously bad lands of the internet. The distro isn’t designed to be used as an everyday distro, since signing into any online service would defeat the whole purpose of using Whonix.
VERDICT
DEVELOPER: Whonix Developers
WEB: www.whonix.org
LICENCE: Several
FEATURES 8/10
PERFORMANCE 7/10
EASE OF USE 8/10
DOCUMENTATION 9/10
A capable privacy-centric distro that aims to keep users anonymous and safe from being tracked or targeted online.
Rating 8/10