Ever wish that your entire operating system could be anonymous?
Sure, you could try to configure your existing computer to be as private as possible. You could spend hours, if not days, finding secure versions of all your software and fiddling with privacy settings.
But even then, there’s no guarantee you’d successfully lock down every aspect of your OS. And all it takes is one weak link to break the whole chain.
Plus, some OSes (looking at you, Windows 10) are so inherently un-private that removing invasive features could break other, more critical ones.
You could theoretically remove Microsoft’s voice assistant/omnipresent spy feature Cortana, for instance, but you’d lose your search function in the process.
That’s why, when it comes to OS security, it’s better to start fresh with a privacy-oriented OS.
Whonix OS aims to fill that void in your life. Its unique architecture emphasizes security over everything else, so you don’t have to think twice about staying safe — it’s automatic.
So how does Whonix accomplish this, and what makes it different from other secure OSes? Read on and find out if it’s the solution to your security woes.
What Is Whonix OS?
Whonix is a Linux distro originally released in 2012. It’s based on Debian, one of the most popular Linux distros, so it’s easy for beginners to navigate and configure.
But that’s where the similarities end. Whonix is a beast of its own in just about every other way.
Debian and other popular Linux distros are certainly more secure than, say, Windows. But they’re not designed to emphasize security over all else — versatility and usability are their main goals.
Whonix, on the other hand, puts security first in every aspect of the OS. It’s heavily modified to emphasize online anonymity, digital privacy and data security.
But it’s not quite like other security-oriented OSes, either.
Unlike them, it requires an existing OS to run; it can’t be installed directly onto hardware. That’s because Whonix runs inside a virtual machine, which we’ll discuss shortly.
This means that you can preserve your existing OS, software and files while still running Whonix. You can have the best of both worlds: the familiarity and functionality of your main OS, plus the extra security of Whonix when you need it.
What Makes Whonix OS Different?
If you’re in need of a security boost but find other secure OSes too daunting, Whonix will hold a lot of appeal for you.
Unlike pen-testing OSes like Kali Linux, Whonix isn’t geared towards infosec professionals or others with advanced cybersecurity knowledge. It’s easy to use regardless of skill level.
So how does it accomplish this? And what else sets it apart from other secure Linux distros?
Two Virtual Machines, One Host OS
Don’t wipe your hard drive before installing Whonix OS! It’s not a traditional OS — in fact, you’ll need a preexisting OS to even run it.
That’s because Whonix runs entirely inside a virtual machine. And you’ll need a host OS to run that virtual machine.
A virtual machine is exactly what it sounds like: a computer within a computer that behaves as if it’s an entirely separate machine. Despite sharing hardware, a virtual machine can’t interact with the host OS or anything outside of itself — it’s completely isolated.
So your Whonix installation runs on top of your host OS, but nothing you do within it affects the host.
Any unwanted connections, malware or other threats can’t leave Whonix, which keeps your main OS safe. Malicious applications and websites also can’t read information about your computer’s hardware, making fingerprinting and exploits more difficult, if not impossible.
But there’s more: Whonix actually runs as two separate virtual machines for even more safety.
The first is called Whonix-Gateway, and it runs in the background as a bridge between Whonix and the rest of the world. This part is responsible for connecting to the internet, anonymizing your connection via Tor and acting as a gateway for the other VM.
Whonix-Workstation, the second VM, is the one you actively use. It contains all of your programs and settings, operating much like a regular OS.
The difference is that instead of connecting to your network directly, the Workstation connects to the Gateway’s pre-anonymized network. This network uses the same IP address across all Whonix installations — every Whonix user shares it.
Any apps you run never see your real IP address or connect to the unsecured internet. Rather, they see only your anonymized Whonix IP and communicate over the encrypted Onion network.
This makes DNS and IP address leaks impossible, reducing your risk of being tracked by ISPs, governments, websites and other adversaries. Not even malware with root access can discover your real IP address on Whonix.
Built on Tor
Whonix is structured around Tor. The encryption and rerouting functions of the Tor browser are applied to all apps that use the network, from streaming apps to games to torrent clients.
Tracing Tor traffic is a futile task, since it’s bounced around several volunteer servers around the world in between its origin and destination. Anyone trying to connect you to your internet activity won’t get very far when you use Whonix.
And if your traffic is intercepted along the way, Tor’s encryption will prevent the interceptor from reading it. Without the proper keys found only in Tor, all of your data will appear to be gibberish.
Each app also uses its own Tor circuit — that is, each has a separate connection so that your activities can’t be associated with each other. Every app takes a different path through the Tor network, so anyone watching can’t tell that they’re all coming from the same machine.
The Whonix Workstation comes preloaded with most of the apps you need for everyday computing. Most of them are custom-configured for the highest security and privacy.
Tor is the default web browser. Its default configuration prevents browser fingerprinting and anonymizes all of your traffic, though you’re free to adjust the settings or install a different browser without losing Tor protection.
Whonix comes with the Thunderbird email client. It’s preloaded with two add-ons: Enigmail, which provides encryption; and TorBirdy, which routes your emails through the Onion network.
HexChat and qTox enable IRC and IM chatting, respectively. VLC is the default media player for video and audio files.
Other programs aren’t preinstalled but can be easily downloaded from the Terminal. These include LibreOffice (for word processing, spreadsheets and other MS-Office-like functions), Audacity (for audio recording and editing) and Scribus (for publishing and page layouts).
What Do I Need to Run Whonix OS?
To run Whonix, you’ll need a computer running Windows, macOS, Linux, BSD, Qubes or another OS that supports virtual machines.
You’ll also need 10GB of free hard drive space and at least 1GB of free RAM to run Whonix.
Note that “free RAM” refers to RAM that’s not used by the host OS. If Windows and VirtualBox use 4GB of RAM, for instance, you’ll need at least 5GB total RAM.
Once these requirements are met, installing Whonix is as easy as downloading the appropriate VM image and opening it in your VM software.
Should I Use a VPN with Whonix OS?
Whonix provides excellent security on its own. The app isolation combined with Tor’s internet protections make it one of the most private OSes even without additional measures.
But for the ultimate secure internet experience, using a VPN with Whonix will make your computer virtually impenetrable.
Your traffic will be encrypted not once but twice — once by Tor and again by your VPN. Even if someone does somehow manage to decrypt your traffic, they’ll only be met with more encryption.
And your traffic will get rerouted through the Onion network and through your chosen VPN server. This lets you customize your otherwise random new location, unblock streaming sites and get fine control over your data.
Whonix provides a guide for connecting to a VPN before Tor. You’ll need to use OpenVPN on the Whonix-Gateway for optimal results.
So you’ll want to choose a VPN provider that makes its OpenVPN configuration files available for download. You’ll also want one with excellent speeds, as combining Tor with a VPN will slow your connection down significantly.
We recommend ExpressVPN, a VPN with fantastic speeds and a convenient OpenVPN configuration generator.
NordVPN is another great choice, boasting some of the industry’s best speeds. It’s not open-source, but you can download OpenVPN config files for any server.
Summary: Tor is possibly the world’s most secure browser, and Whonix OS takes its protections system-wide. It runs in isolation on top of your existing OS, letting you safely use potentially sketchy apps and sites.