Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.
Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.
After approximately one year of development, the Whonix Project is proud to announce the release of Whonix 15.
Whonix 15 is based on the Debian
10) distribution. This means users have access to many new software packages in concert with existing packages, such as a modern branch of GNuPG, and more.
Major Changes and New Features
- port Whonix from Debian stretch to Debian buster 5
- kernel hardening 7
- Blacklist uncommon network protocols 6
- systemd unit sandboxing 5
- improve entropy collection through extensive research and installation by default of jitterentropy-rngd 3
- research implications of spectre / meltdown / retpoline / L1 Terminal Fault (L1TF) 5 vs Whonix
- Non-Qubes-Whonix: kloak - Keystroke Anonymization Tool 5
- Non-Qubes-Whonix: Whonix Live 3 / Live Mode Indicator / grub-live / grub-default-live 1
- Non-Qubes-Whonix: switch desktop environment from KDE to XFCE (poll 2) (other desktop environments 3)
- Non-Qubes-Whonix: reduced image size using zerofree 2
- Whonix VirtualBox: CLI version 2 (Whonix ™ with CLI is a version suited for advanced users – those who want Whonix ™ without a GUI.)
- Whonix VirtualBox: unified ova downloads 5
- Qubes-Whonix: change Qubes-Whonix default applications from KDE-ish to XFCE-ish 5
- Qubes-Whonix: simplify installation of VM kernel 2 by installing the same recommended Qubes packages as Qubes Debian packages (source 1 (source 2)
- Whonix KVM: serial console support 3
- update sdwdate time sources 1
- List of processed Whonix 15 tickets
- arm64 / RPi 5 port
- install by default zulucrypt, qtox, onionshare, keepassxc, firejail
- new usability wrappers: scurlget 1, curlget, pwchange, upgrade-nonroot 1, apt-get-noninteractive, apt-get-update-plus
- remove mixmaster, ricochet since dead upstream
- support for Bisq - The P2P Exchange Network 4
- port build script to cowbuilder; build packages in chroot and use mmdebstrap for better security
- add UsrMerge compatibility