Whonix / _: Recent posts

Whonix Anonymous Operating System Version 9 Released!

Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP.

Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call
Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.... read more

Posted by SourceForge Robot 2014-09-19

Release Candidate Pre Final Whonix 9 – testers wanted!

The version number for this testers-only release is 9. This very version will likely be blessed stable after testing.

Download link for Virtual Box images (.ova), experimental kvm  / qemu  / Qubes images and OpenPGP signatures (.asc):
http://mirror.whonix.de/9/

Upgrading Whonix 8 to Whonix 9
- You cannot upgrade using apt-get dist-upgrade or you will break the packaging system!
- You can upgrade using these instructions: https://www.whonix.org/wiki/Upgrading_Whonix_8_to_Whonix_9... read more

Posted by SourceForge Robot 2014-09-18

Release Candidate Whonix 9 ( 8.6.6.7 ) – testers wanted!

The version number for this testers-only release is 8.6.6.7, which will become Whonix 9 the moment it's blessed stable.

Download link for Virtual Box images (.ova), experimental kvm /qemu / Qubes images and OpenPGP signatures (.asc):
http://mirror.whonix.de/8.6.6.7

Upgrading Whonix 8 to Whonix 9
- You cannot upgrade using apt-get dist-upgrade or you will break the packaging system!
- You can upgrade using these instructions: https://www.whonix.org/wiki/Upgrading_Whonix_8_to_Whonix_9... read more

Posted by SourceForge Robot 2014-09-12

suggest trustworthy, https, stable, busy web servers for sdwdate

TLDR:

What web servers do you consider trustworthy, to take great care of their visitors' privacy, that are stable and that get great amounts of traffic, and most important, support https (ssl)?

Post in the comments below or in the forums. We need at least 26 more servers.

Full:

Up to Whonix 8, sdwdate used a similar design as Tails does with respect to how it gets the network time.... read more

Posted by SourceForge Robot 2014-09-07

restart services after upgrading – documentation update

Whonix's documentation on updating the operating system ( https://www.whonix.org/wiki/Security_Guide#Updates ) has been updated. There is now a new chapter "restart services after upgrading" that you should be aware of:
https://www.whonix.org/wiki/Security_Guide#Restart_Services_after_Upgrading

The post restart services after upgrading - documentation update appeared first on Whonix.
link

Posted by SourceForge Robot 2014-09-05

Running Whonix on top of Qubes – testers wanted!

Posted by SourceForge Robot 2014-08-30

The Tor Project’s apt repository key expired

At the moment The Tor Project's apt repository key is expired. You'll see the following warning.

W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.torproject.org stable Release: The following signatures were invalid: KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681

W: Failed to fetch http://deb.torproject.org/torproject.org/dists/stable/Release

W: Some index files failed to download. They have been ignored, or old ones used instead.
Instructions how to update the operating system ( https://www.whonix.org/wiki/Security_Guide#Updates ) have been extended:... read more

Posted by SourceForge Robot 2014-08-30

testers-only version 8.6.6.0 (Whonix 9) – testers wanted!

The version number for this testers-only release is 8.6.6.0, which will become Whonix 9 the moment it's blessed stable.

Download link for Virtual Box images (.ova), experimental kvm/qemu images and OpenPGP signatures (.asc):
http://mirror.whonix.de/8.6.6.0/

Upgrading Whonix 8 to Whonix 9
- You cannot upgrade using apt-get dist-upgrade or you will break the packaging system!
- You can upgrade using these instructions: https://www.whonix.org/wiki/Upgrading_Whonix_8_to_Whonix_9... read more

Posted by SourceForge Robot 2014-08-19

A Vulnerable Internet, Carrion for Spooks

HACIENDA is the latest program to be uncovered in this week's reporting. It is a collaborative program between FIVE EYES Intelligence agencies to scan for and infect computers outside their borders. You don't have to be a target to be a victim of their attacks. Your machine can be owned merely as a stepping stone on their quest to compromise a target.

Borrowing from Bruce Schneier's eloquent and concise summary of the implications:... read more

Posted by SourceForge Robot 2014-08-18

anonymous VoIP using Linphone – Testers wanted!

Instructions on using linphone for anonymous VoIP over Tor have been created:
https://www.whonix.org/wiki/Voip#linphone

Also see our full VoIP documentation:
https://www.whonix.org/wiki/Voip

Please test how it's working for you. We're interested to hear how voice quality and latency is for you.

The post anonymous VoIP using Linphone - Testers wanted! appeared first on Whonix.
link

Posted by SourceForge Robot 2014-08-17

OnionCat – tunnel TCP, UDP, ICMP, IPv6 or else Tor / i2p by using TAP/TUN tunneling device

OnionCat can tunnel TCP, UDP, ICMP, IPv6 or any other protocol through Tor or i2p by creating a TAP/TUN tunneling device.

It is a much underrated, neglected tool.

It can also be used in Whonix. Documentation on using OnionCat has been updated:
https://www.whonix.org/wiki/OnionCat

The post OnionCat - tunnel TCP, UDP, ICMP, IPv6 or else Tor / i2p by using TAP/TUN tunneling device appeared first on Whonix.
link

Posted by SourceForge Robot 2014-08-17

Open letter to Edward Snowden

At HopeX conference, Edward Snowden encouraged those who have heard of Tor, Tails, Whonix, and Linux to defend Internet liberties.

Thank you Edward Snowden for the attention, the motivating words and your continued activism.

It is a shame, that you are not getting asylum in Germany. Needless to say, that I oppose the cowardice of my government and the gibberish they are talking.... read more

Posted by SourceForge Robot 2014-08-12

Public Letter of Thanks to our Whistleblower Heroes

Independent news publisher 'The Intercept' that handles news stories based on Edward Snowden's disclosures gives a hint of the existence of more than one Whistleblower who decided to step forward.

This is further confirmed by the renown cryptographer Bruce Schneier, who has access to the Snowden docuemnts.

This is great news indeed and I, among many, would like to publicly thank these great people who have underwent immense risks and sacrifices to expose how our basic universal human rights are being violated. Thank you Snowden for your courage and initiative that inspired others to follow the same path of integrity.... read more

Posted by SourceForge Robot 2014-08-09

Hidden Service Tor security advisory: “relay early”

Quote The Tor Blog.

[...] Hidden service operators should consider changing the location of their hidden service. [...]

For technical information see the full blog post on The Tor Blog.

(This is the same security advisory as Tor security advisory: "relay early" traffic confirmation attack - just highlighting the news for hidden service hosts here.)... read more

Posted by SourceForge Robot 2014-08-05

Tor security advisory: “relay early” traffic confirmation attack

Quote The Tor Blog.

SUMMARY:

On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.

The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.

Unfortunately, it's still unclear what "affected" includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too.

[...], to close the particular protocol vulnerability the attackers used [...]... read more

Posted by SourceForge Robot 2014-08-05

Testers wanted! Whonix 9 early first test version

The version number for this testers-only release is 8.6.2.8, which will become Whonix 9 the moment it's blessed stable.

Download link for Virtual Box images (.ova), experimental kvm/qemu images and OpenPGP signatures (.asc):
http://sourceforge.net/projects/whonixdevelopermetafiles/files/8.6.2.8/

Thanks to everyone who made this test release possible! Next step is working on that.

Upgrading from Whonix 8, 8.1, 8.2, 8.3 to 8.6.2.8 is not yet possible!... read more

Posted by SourceForge Robot 2014-07-14

Mentioning Privacy on the Internet is Illegal

Did you know that merely visiting the  Tor website or any place where Linux, data anonymity,privacy or security is mentioned, is enough to earn you a place in a NSA database? Meaning our communications will be retained indefinitely in their data centers.

This of itself is nothing new. We know that everything is  already collected anyway, so looking really, really, really hard at encrypted Tor traffic shouldn't change anything.... read more

Posted by SourceForge Robot 2014-07-05

Coverage by Wired.com

In a story about precautions to take against illegal, warrant-less surveillance, Whonix has been given special mention on Wired.com - a major technology new site on the internet.

I would like to thank our users who have spread the word. The more people who use Whonix the more testing it gets, which allows the project to grow and improve in addition to encouraging new contributors to join our effort.... read more

Posted by SourceForge Robot 2014-06-21

Testers wanted! Whonix 8.3 VPN-Firewall Feature

A new feature for VPN lovers has been added. VPN's can now also be easily installed on Whonix-Gateway. Previously, many VPN users who wanted to route Tor through a VPN (user -> VPN -> Tor), preferred to install VPNs on the host and had little different choice. Some in conjunction with VPN-Firewall, to avoid connecting without the VPN, if the VPN (software) breaks down. Physical isolation users could not easily use a VPN on Whonix-Gateway and naturally had no host.... read more

Posted by SourceForge Robot 2014-06-07

Whonix 8.2 Maintenance Release

Download:
https://www.whonix.org/wiki/Download

Changelog:
- updated Debian packages including Heartbleed OpenSSL bug fix
- Whonix's Tor Browser updater: download from torproject's clearnet domain instead of torproject's onion domain by default, because the onion domain is too slow/can't handle the load. Downloading form the onion domain is possible using -onion.
- no longer recommending to use VirtualBox's snapshot feature in VirtualBox's VM import text due to data loss bug in VirtualBox... read more

Posted by SourceForge Robot 2014-05-01

Looking for mirror hosts! – Mirroring instructions updated

TLDR / Short
Want to mirror Whonix releases?

Updated instructions can be found here:
https://www.whonix.org/wiki/Hosting_a_Whonix_Mirror

Full Story

At the moment we're still using sourceforge as primary download mirror, because there is a problem with mirror.whonix.org and non-https downloads. That is, for better security, we asked to get whole whonix.org to be added to HSTS Preload List before we had mirror.whonix.org in mind. Now some browsers rightly attempt to enforce https on mirror.whonix.org, which our mirrors do not support. Changing whonix.org hsts settings would take a long time until it hit major browsers and operating systems (not sure if Debian stable uses a hard coded hsts list).... read more

Posted by SourceForge Robot 2014-04-12

Testers wanted! Whonix 8.2

Testers wanted for security / maintenance release.

Download link for Virtual Box images (.ova), experimental .qcow images and OpenPGP signatures (.asc):
https://sourceforge.net/projects/whonixdevelopermetafiles/files/8.2/

Changelog:
- updated Debian packages including Heartbleed OpenSSL bug fix
- Whonix's Tor Browser updater: download from torproject's clearnet domain instead of torproject's onion domain by default, because the onion domain is too slow/can't handle the load. Downloading form the onion domain is possible using -onion.
- no longer recommending to use VirtualBox's snapshot feature in VirtualBox's VM import text due to data loss bug in VirtualBox... read more

Posted by SourceForge Robot 2014-04-12

Testers wanted! New FIN ACK / RST ACK Leak Test

Mike Perry recently discovered a leak bug in custom transparent proxies (not related to Whonix!) and published his findings on the tor-talk mailing list:
https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html

This leak test has been adapted for Whonix and documented here:
https://www.whonix.org/wiki/Dev/Leak_Tests#FIN_ACK_.2F_RST_ACK_-_Leak_Test

Fortunately, I wasn't able to reproduce this leak using Whonix. Probably because the Linux version Whonix is using isn't affected by this bug and/or because Whonix's Firewall uses iptables default policy drop for input-, output-, fowardchain and only allows the Tor user to establish external connections. However, other users using different host operating systems and setups than I should repeat the test.... read more

Posted by SourceForge Robot 2014-04-11

The Linux Security Circus: On GUI isolation – Your opinion?

Check this out…

Already a bit older, but if true - and it seems to be true (I've tested this!) - it would be still up to date - and quite a scandal!

The Linux Security Circus: On GUI isolation:
http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html

[

](http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html)

The post The Linux Security Circus: On GUI isolation - Your opinion? appeared first on Whonix.
link

Posted by SourceForge Robot 2014-04-10

new SSL certificate and new secondary .onion domain

Our clearnet domain continues to be reachable:
https://www.whonix.org

Due to the heartbleed bug we needed to create a new .onion domain:
http://xxxxxxxxxxh5kyrx.onion

If you are wondering what our .onion domain is useful for anyway, see this note:
https://www.whonix.org/wiki/Forcing_.onion_on_Whonix.org

Due to the heartbleed bug we also needed to get a new SSL certificate. We used this opportunity to get an SSL certificate from Gandi. (We used a SSL certificate from startssl.com before.)... read more

Posted by SourceForge Robot 2014-04-09