Whonix is an Operating System designed with the aim of maximizing users' privacy, security and anonymity. It's a Debian-based Linux Distro that shares many characteristics with Tails, one being that it also uses the Tor network to anonymize users' online activity and forces all incoming/outgoing connections to go through it. However, the main difference between the two is that it's designed to run off of a virtual machine rather than an external media device.
To explain, a virtual machine is, simply put, program that allows for the installation of an Operating System inside another Operating System. When running a virtual machine, the main OS (the host) would see the OS running within it (the guest) as any other ordinary process. On the other hand, theoretically the guest OS would have no idea that it's being run inside another preexisting OS.
Whonix's installation process consists of two virtual machine images: A workstation VM and a gateway VM. The workstation VM is what you would normally engage with, e.g. running applications, browsing the Internet. In contrast, the gateway VM is what's responsible for connecting to the Tor network. The gateway VM has two virtual network interfaces: one of the two is for connecting to the Internet and communicating with Tor nodes through the host’s NAT; the other interface is a LAN, which allows the workstation VM to connect the gateway VM, i.e. the Tor network. Fortunately, Whonix's developers have made it easy for us to install Whonix by making both the VMs contained in one image.
Whonix's approach of security by isolation is what gives it its edge. For instance, user applications running on the workstation VM cannot attain the user’s real IP address. This owes to the fact that the gateway, which can be thought of as the only door to and out of the workstation, is isolated on its own virtual machine. The workstation can only see LAN IP addresses, which are the same in every Whonix installation. Therefore, even if you incidentally get infected by malware (even a rootkit!), the malware won’t be able to know your real IP address, and thus won’t be able to know your physical location.
What you'll need before installing Whonix:
- A Virtualization Engine. Virtualbox is recommended. Read through the manuals to determine how to install it for your specific system.
- The Whonix VM image. After installing the image, be smart and verify its integrity using the digital signature provided in the download page.
Now off to the installation steps:
1. Fire off Virtualbox.
2. Click on file and then choose Import Appliance.
3. Look for the Whonix image and click next or simply hit enter.
4. On the next window, don't change anything and click import or simply hit enter. When shown the license agreement click agree.
5. Now wait until Virtualbox finishes importing Whonix.
6. After Virtualbox finishes importing Whonix, you'll see both the workstation VM and the gateway VM on Virtualbox's main window; start both.
7. Now you have successfully installed and started both Whonix's VMs. After the gateway VM starts, you'll be prompted to connect to the Tor network; click ok.
8. When the workstation VM opens it will connect automatically to the gateway VM, after which you can access the Internet anonymously through the Tor network and its dedicated browser.
Don't forget to update both the VMs frequently to ensure that you have the latest versions of the OS and its underlying tools as well. These updates usually contain important security patches, so you don't want to miss on those. To update the system run the following command on both VMs using the terminal:
| sudo apt-get update && sudo apt-get dist-upgrade |
You'll get prompted for a password when running the above command; the default password is "changeme". It goes without saying that it's recommended that you change this default password. To do so type the following in the terminal:
| sudo passwd |
Now type the default password, then your password of choice twice. It's important to note that the previous command changes the root account's password. To change the default user account's password as well type:
| sudo passwd user |
Remember: do all of the previous to both VMs.
Now you're set to go. Safe surfing! Read documentations and always keep in mind that security is not a product, it’s a process.