Secure communication on the Internet with Whonix

Workstation

Use the Whonix workstation for anonymous surfing of the Internet. After booting, the system – like the gateway – will start the whonixcheck program to check system parameters. For whonixcheck to complete successfully, the Whonix gateway must be active, because the workstation uses its isolated network to access the Internet. Without a properly working gateway, Whonixcheck exits with an error message.

Like the gateway, the workstation also comes with KDE desktop version 4.14.2 configured for the US keyboard layout. The following steps are already known: Go to System Settings | Input Devices to enable your choice of keyboard layout if needed, then type

sudo apt-get dist-upgrade

to install all the pending updates.

Next, click on the Tor Browser (AnonDist) desktop icon. Whonix opens a dialog for the cryptographically verified installation of the Tor browser: It is missing on the VM because of the fast update cycles. The script always gives you the latest version of the browser; the routine lets you select from multiple versions. The Tor browser is downloaded via the Tor network, which is much slower than using a direct connection (Figure 6).

Figure 6: The Whonix workstation loading the Tor browser off the web for the first time and installing it automatically.

During the session, you can trace the entire data transfer very conveniently on the Whonix gateway. You can call monitoring by clicking on Arm - Tor Controller. A straightforward ncurses screen displays the transfer rates, as well as various statistical data for the active Internet connection and system resources (Figure 7).

Figure 7: The Whonix gateway monitor clearly shows what is happening on the line tunneled through Tor.

Test

After installing the Tor browser, the Tor Browser (AnonDist) icon is now ready for use on the desktop; otherwise, only two launchers for chat applications can be found on the desktop. Even the submenus lack the usual applications and only show you the software for online applications, such as video and audio players or a PDF viewer.

To verify the security of your Internet access, enter http://www.ip-check.info in the Tor browser address bar. After a detailed examination of the connection parameters, you will see a list of components relevant to safety (Figure 8). To avoid the kind of insecure technologies that websites tend to use, the Tor browser uses the NoScript and HTTPS Everywhere extensions, which stop scripts and unencrypted connections.

Figure 8: More or less all systems are go! Whonix has succeeded in keeping the system from revealing too much about the user.

Conclusions

You can achieve a high degree of anonymity on the Internet by deploying Whonix on conventional Linux systems. Unlike special external solutions, such as hardened distributions on USB flash drives that only work in read-only mode, Whonix is also suitable for machines running from a hard drive, saving the user the trouble of booting to change to the secure system. Whonix is fully isolated from the host PC so that no data exchange can take place between the Whonix VM and the host – whether wanted or unwanted.

The Whonix developers always keep the Debian derivative up to date. Tough hardware requirements, thanks to VirtualBox, and having to run two VMs are the only shortcomings. For a smooth experience, the computer should have a reasonably recent processor and enough RAM and disk space. If these conditions are fulfilled, Whonix is one of the best ways of establishing an anonymous Internet connection at any time.

The Author

Erik Bärwaldt is a self-employed IT admin and technical author living in Scarborough (United Kingdom). He writes for several IT magazines.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Whonix Linux

    The Whonix desktop operating system lets you use the web without revealing your identity.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News