1 00:00:00,984 --> 00:00:03,087 Let me introduce you to Whonix. 2 00:00:03,190 --> 00:00:06,350 Whonix is a free open source operating system 3 00:00:06,375 --> 00:00:11,608 that's focused specifically on anonymity, privacy, and security. 4 00:00:11,806 --> 00:00:14,528 It uses the TOR anonymity network 5 00:00:14,568 --> 00:00:17,401 which we cover in detail in its own section, 6 00:00:17,809 --> 00:00:20,610 and it's based on Debian GNU Linux, 7 00:00:20,880 --> 00:00:23,599 one of the operating systems I highly recommend, 8 00:00:23,624 --> 00:00:26,014 as you should know already by now. 9 00:00:26,667 --> 00:00:29,359 Whonix implements security through isolation, 10 00:00:29,393 --> 00:00:33,230 which is why it's here in the section on isolation. 11 00:00:33,357 --> 00:00:35,643 It's an operating system that specifically 12 00:00:35,865 --> 00:00:39,947 uses the principle of isolation to enable security 13 00:00:40,024 --> 00:00:41,982 for privacy and anonymity. 14 00:00:43,127 --> 00:00:45,321 What does Whonix help you do? 15 00:00:45,381 --> 00:00:47,935 Well, it will help you hide your 16 00:00:47,975 --> 00:00:50,937 internet service provider assigned IP address, 17 00:00:51,706 --> 00:00:55,210 it will prevent your ISP from spying on you, 18 00:00:56,230 --> 00:00:59,517 it can prevent websites from identifying you, 19 00:00:59,833 --> 00:01:03,020 it can prevent malware from identifying you, 20 00:01:03,405 --> 00:01:05,611 and it can help you circumvent censorship. 21 00:01:06,675 --> 00:01:08,662 Whonix isn't like the other operating systems 22 00:01:08,687 --> 00:01:11,005 and live operating systems we have gone through, 23 00:01:11,377 --> 00:01:15,239 in that it is focused on the principle of isolation. 24 00:01:15,595 --> 00:01:19,639 The Whonix developers provide a nice summary of what 25 00:01:19,714 --> 00:01:21,977 Whonix is and this is what they have to say. 26 00:01:23,183 --> 00:01:25,204 Whonix consists of two parts. 27 00:01:25,271 --> 00:01:29,636 One solely runs TOR and acts as a gateway, 28 00:01:29,825 --> 00:01:32,516 which they call the Whonix Gateway, 29 00:01:32,643 --> 00:01:35,633 and which you can see here in VirtualBox. 30 00:01:35,856 --> 00:01:38,770 The other, which they call the Whonix Workstation, 31 00:01:38,881 --> 00:01:41,482 is on a completely isolated network, 32 00:01:42,206 --> 00:01:44,582 only connections through TOR are possible. 33 00:01:45,063 --> 00:01:47,937 With Whonix you can use applications 34 00:01:48,159 --> 00:01:51,111 and run servers anonymously over the internet. 35 00:01:51,444 --> 00:01:54,584 DNS leaks for all intents and purposes are impossible 36 00:01:54,763 --> 00:01:56,811 and not even malware with root privileges 37 00:01:56,836 --> 00:02:00,754 can find out the user's real internet assigned IP address. 38 00:02:01,468 --> 00:02:03,957 So as you can see here, the workstation 39 00:02:04,095 --> 00:02:06,920 and the gateway are virtual machines 40 00:02:07,267 --> 00:02:11,251 available for download in the OVA format, 41 00:02:11,722 --> 00:02:13,758 which is an open standard for packaging 42 00:02:13,783 --> 00:02:15,948 and distributing virtual applications. 43 00:02:16,159 --> 00:02:18,596 We went through how to use these already 44 00:02:18,888 --> 00:02:20,890 in setting up a testing environment. 45 00:02:22,254 --> 00:02:25,561 This is where you would download the OVA virtual machines, 46 00:02:25,619 --> 00:02:27,929 the workstation and the gateway. 47 00:02:28,714 --> 00:02:30,672 So you would need to download 48 00:02:30,878 --> 00:02:33,239 and import into VirtualBox 49 00:02:33,264 --> 00:02:36,264 and you're good to go for testing out Whonix. 50 00:02:36,762 --> 00:02:38,921 You can also download the scripts 51 00:02:39,302 --> 00:02:41,325 and install Whonix from source. 52 00:02:42,135 --> 00:02:48,814 As you can see here, Whonix works in VirtualBox, KVM and Qubes. 53 00:02:49,111 --> 00:02:52,812 Qubes we haven't discussed yet, Qubes we're going to discuss later. 54 00:02:53,611 --> 00:02:57,080 For the best security you would use Whonix with Qubes, 55 00:02:57,170 --> 00:03:00,297 and then a step down would be to use it with KVM, 56 00:03:00,587 --> 00:03:03,683 and a step down further would be to use it with VirtualBox. 57 00:03:03,866 --> 00:03:07,079 But there's no reason why you can't use it with VirtualBox for testing it out 58 00:03:07,381 --> 00:03:08,614 and having a play with it. 59 00:03:09,008 --> 00:03:11,323 VirtualBox is not inherently insecure, 60 00:03:11,461 --> 00:03:14,159 it's just that KVM and particularly Qubes 61 00:03:14,627 --> 00:03:18,059 are a much more secure solution to put Whonix on. 62 00:03:18,548 --> 00:03:22,333 But as I said, we're going to cover Qubes a little bit later on. 63 00:03:23,500 --> 00:03:25,616 But no matter what hypervisor you use, 64 00:03:25,929 --> 00:03:29,373 it is two virtual machines, it is the gateway here, 65 00:03:29,937 --> 00:03:31,617 and it is a workstation here. 66 00:03:32,333 --> 00:03:34,899 Let me show you the network configuration, 67 00:03:35,056 --> 00:03:37,585 and all of the settings and configurations 68 00:03:37,802 --> 00:03:41,524 work straight out of the box because it's an OVA file, 69 00:03:41,730 --> 00:03:43,021 so you don't have to change 70 00:03:43,046 --> 00:03:45,179 these network settings that I'm about to show you. 71 00:03:50,056 --> 00:03:53,593 So if you look here, you can see adapter one is on NAT 72 00:03:54,833 --> 00:03:58,409 and adapter two is on internal network 73 00:03:59,087 --> 00:04:00,920 and the network name is Whonix. 74 00:04:01,214 --> 00:04:03,351 So two network adapters, 75 00:04:03,803 --> 00:04:07,466 this one is going on to my local network 76 00:04:07,604 --> 00:04:12,024 and therefore will go to the internet because it's assigned DHCP 77 00:04:12,103 --> 00:04:13,702 from my router and firewall. 78 00:04:14,508 --> 00:04:16,959 And then here is the internal network 79 00:04:16,960 --> 00:04:19,412 that is created, called the Whonix network, 80 00:04:20,111 --> 00:04:21,417 there is no other network. 81 00:04:22,754 --> 00:04:25,887 Now, if we go to the workstation, 82 00:04:28,444 --> 00:04:30,408 look at its network settings, 83 00:04:32,437 --> 00:04:36,971 and you can see its network adapter is set to be on the Whonix network, 84 00:04:37,530 --> 00:04:38,734 the internal network, 85 00:04:39,031 --> 00:04:43,438 so the workstation is only connected to the gateway, 86 00:04:43,825 --> 00:04:47,385 it is not connected to my local LAN in any way. 87 00:04:48,270 --> 00:04:51,146 So as the Whonix gateway name suggests, 88 00:04:51,437 --> 00:04:54,831 a gateway is a gateway for the workstation. 89 00:04:57,794 --> 00:05:01,075 So let me start the gateway and show you what this looks like. 90 00:05:01,183 --> 00:05:02,977 The gateway has to be started first 91 00:05:03,310 --> 00:05:05,652 because that creates the TOR connection. 92 00:05:17,645 --> 00:05:18,865 So there it's starting. 93 00:05:25,167 --> 00:05:29,208 And this is a KDE desktop and it starts to do its initial checks. 94 00:05:31,929 --> 00:05:33,523 I’ll install the workstation. 95 00:05:49,524 --> 00:05:52,609 And you can see the workstation is also doing its initial checks. 96 00:05:54,333 --> 00:05:55,860 I'll show you how that network isolation 97 00:05:55,884 --> 00:05:57,822 is configured here on the workstation 98 00:05:58,611 --> 00:06:00,984 and there you can see the IP address, 99 00:06:01,405 --> 00:06:06,423 10.152.152.11 for the workstation. 100 00:06:08,278 --> 00:06:12,651 And for eth1, which is the local VM only network, 101 00:06:13,381 --> 00:06:19,165 is the 10.152.152.10 IP address for the gateway, 102 00:06:19,220 --> 00:06:22,215 they both have slash 18 subnets. 103 00:06:22,675 --> 00:06:24,148 Then if we look at the root, 104 00:06:27,278 --> 00:06:29,343 we can see that the workstation has 105 00:06:30,198 --> 00:06:35,674 10.152.152.10 as its default gateway, 106 00:06:35,937 --> 00:06:39,034 so all traffic is being sent to the gateway. 107 00:06:39,920 --> 00:06:42,686 The workstation here is used for your tasks 108 00:06:42,711 --> 00:06:45,162 like email, browsing the web, 109 00:06:45,797 --> 00:06:50,199 and the gateway's role is to enforce the TOR connection, 110 00:06:50,299 --> 00:06:52,529 this is the network isolation. 111 00:06:52,611 --> 00:06:56,191 The workstation cannot tell what it's real IP address is, 112 00:06:56,333 --> 00:06:58,044 so neither can an adversary 113 00:06:58,297 --> 00:06:59,927 who may have happened to hack 114 00:06:59,982 --> 00:07:03,863 the workstation via say a browser hack or a phishing attack. 115 00:07:04,048 --> 00:07:06,891 Which is why they say leaks are impossible in Whonix 116 00:07:07,016 --> 00:07:09,293 and malware with even root privileges 117 00:07:09,349 --> 00:07:11,865 cannot find out the user's real IP address, 118 00:07:11,912 --> 00:07:13,716 this is the isolation principle. 119 00:07:13,889 --> 00:07:17,275 It's not technically impossible, but it is more difficult, 120 00:07:17,492 --> 00:07:20,531 because as you can see, any malware that's on here 121 00:07:20,556 --> 00:07:23,228 would have to hack this gateway via the network, 122 00:07:23,595 --> 00:07:28,544 or find some other way to determine the real IP address, 123 00:07:28,607 --> 00:07:30,038 so it's much more difficult. 124 00:07:30,617 --> 00:07:33,738 Also because we're using VMs, hardware IDs 125 00:07:33,763 --> 00:07:36,360 and Mac addresses are also protected 126 00:07:36,693 --> 00:07:39,817 as virtual machines act as isolation 127 00:07:39,881 --> 00:07:41,883 from the host and other VMs. 128 00:07:48,929 --> 00:07:52,413 So there you are, you can see browsing the web using Tor. 129 00:07:53,810 --> 00:07:55,693 Let's have a look at the gateway first, 130 00:07:55,810 --> 00:07:57,656 so let's start at the top here. 131 00:07:58,635 --> 00:08:01,048 What we're looking at here is something called ARM. 132 00:08:01,073 --> 00:08:03,786 It's the anonymizing relay monitor, 133 00:08:03,811 --> 00:08:07,393 so it's like a status monitor for TOR and for this gateway. 134 00:08:07,479 --> 00:08:11,602 It shows things like resource usage, bandwidth, CPU. 135 00:08:11,643 --> 00:08:14,160 It's a little bit like Top but for TOR. 136 00:08:14,325 --> 00:08:15,578 So you can see there 137 00:08:15,944 --> 00:08:18,619 some data being downloaded from the workstation. 138 00:08:18,833 --> 00:08:19,841 If I press M 139 00:08:20,016 --> 00:08:23,172 you'll see similar sort of functionality as you do in the TOR browser. 140 00:08:23,197 --> 00:08:26,608 So I can create a new identity, I can stop TOR, restart, 141 00:08:27,111 --> 00:08:29,018 I can go through the setup wizard 142 00:08:29,270 --> 00:08:32,991 and set the gateway up as a relay or bridge or client, 143 00:08:33,102 --> 00:08:36,111 that's not going to mean much to you yet unless you understand TOR, 144 00:08:36,254 --> 00:08:38,640 but we do cover all this in the section on TOR, 145 00:08:38,905 --> 00:08:40,556 so don't worry about that for now. 146 00:08:41,873 --> 00:08:43,607 Then you can view the connections, 147 00:08:44,357 --> 00:08:46,877 various circuits there that set up, 148 00:08:49,019 --> 00:08:50,805 the current configurations, 149 00:08:55,000 --> 00:08:58,596 the talk file, talk file is used to configure TOR, 150 00:08:58,698 --> 00:09:01,806 again we're going to talk through this later in section on TOR. 151 00:09:02,222 --> 00:09:04,700 So that's arm, you can think of it as top for TOR. 152 00:09:07,357 --> 00:09:09,110 Next is time sync. 153 00:09:09,770 --> 00:09:14,616 TOR requires an accurate time or it will fail to work. 154 00:09:14,727 --> 00:09:18,032 Establishing the correct time using standard methods 155 00:09:18,057 --> 00:09:23,258 such as an unauthenticated NTP is a potential deanonymizer, 156 00:09:23,587 --> 00:09:25,595 so Whonix has to use another method. 157 00:09:25,995 --> 00:09:29,217 Whonix uses something called SDW date 158 00:09:29,291 --> 00:09:33,490 and this is it now running in order to try and establish the time. 159 00:09:33,754 --> 00:09:37,386 When Whonix starts, if it doesn't believe it has the correct time, 160 00:09:37,431 --> 00:09:39,961 it will automatically start time sync 161 00:09:39,986 --> 00:09:42,465 and as it says here, don't use the internet 162 00:09:42,490 --> 00:09:45,084 until time sync has been successful. 163 00:09:45,327 --> 00:09:48,794 While waiting for that, there's also Whonix check, 164 00:09:50,556 --> 00:09:53,928 this checks the VM, it looks for TOR browser updates, 165 00:09:53,974 --> 00:09:57,478 OS updates, Whonix versions, Whonix news, 166 00:09:57,786 --> 00:09:59,954 plus a long list of other checks that it does. 167 00:10:03,817 --> 00:10:06,264 So we can see there the time sync was good. 168 00:10:08,524 --> 00:10:10,651 And this is the Whonix check 169 00:10:10,920 --> 00:10:12,512 and you can see here this is warning me 170 00:10:12,537 --> 00:10:16,662 that you need to do an app-get update and an app-get dist upgrade 171 00:10:16,722 --> 00:10:20,263 in order to get the latest packages from Debian and Whonix. 172 00:10:20,326 --> 00:10:23,567 That check happens every time you start the virtual machines. 173 00:10:24,659 --> 00:10:28,899 You can make configurations to the talk file using this link here. 174 00:10:31,159 --> 00:10:33,429 We cover the talk file in the section on TOR. 175 00:10:33,454 --> 00:10:35,962 I've got an extra setting here, Sandbox 1. 176 00:10:37,675 --> 00:10:40,467 You can make user firewall setting changes, 177 00:10:40,654 --> 00:10:42,837 these are the global settings, 178 00:10:47,810 --> 00:10:50,499 and this is where a lot of the gateway’s configuration 179 00:10:50,524 --> 00:10:51,980 is as to what it does, 180 00:10:52,005 --> 00:10:55,138 whether it's a transparent proxy, on what port, 181 00:10:57,929 --> 00:10:58,937 and so on. 182 00:11:01,456 --> 00:11:03,400 One of the best things about Whonix 183 00:11:03,444 --> 00:11:05,352 is the Whonix gateway itself. 184 00:11:05,690 --> 00:11:09,308 Any VM, not just a Whonix workstation, 185 00:11:09,357 --> 00:11:11,360 as long as it's configured correctly, 186 00:11:11,577 --> 00:11:13,289 could use the Whonix gateway 187 00:11:13,314 --> 00:11:16,074 to take advantage of its security features 188 00:11:16,238 --> 00:11:19,390 and the torrification of that internet connection. 189 00:11:19,481 --> 00:11:22,552 In fact, you don't technically have to be a VM either. 190 00:11:22,738 --> 00:11:25,540 If the gateway is configured in a certain way, 191 00:11:25,881 --> 00:11:28,986 a physical machine could also use the gateway. 192 00:11:29,471 --> 00:11:33,157 If you want to connect your own workstation 193 00:11:33,262 --> 00:11:35,254 to the Whonix gateway, 194 00:11:35,405 --> 00:11:39,061 then you will need to connect it to the Whonix network, 195 00:11:39,365 --> 00:11:40,373 as we saw here. 196 00:11:40,548 --> 00:11:42,144 Once it's on the Whonix network, 197 00:11:42,169 --> 00:11:44,755 it needs to have the right IP addresses set up. 198 00:11:45,317 --> 00:11:48,373 You can use the IP address of the workstation 199 00:11:48,398 --> 00:11:53,210 if you're not using the workstation 10.152.152.11, 200 00:11:53,262 --> 00:11:56,943 but I believe you can use any IP address that's in that subnet. 201 00:11:57,095 --> 00:12:00,163 So for example I've got a workstation with dot 50, 202 00:12:00,753 --> 00:12:03,728 it'll need a subnet mask which is slash 18. 203 00:12:03,776 --> 00:12:09,228 which translates into 255.255.192.0, 204 00:12:09,341 --> 00:12:13,008 your default gateway should be settled obviously as the Whonix gateway 205 00:12:13,278 --> 00:12:17,267 which always has this address 10.152.152.10 206 00:12:17,397 --> 00:12:20,535 and preferred DNR should also be the same, 207 00:12:20,608 --> 00:12:23,298 and then your own custom workstations should work 208 00:12:23,414 --> 00:12:24,874 with the Whonix gateway. 209 00:12:24,914 --> 00:12:27,850 Your own custom workstation is inferior 210 00:12:27,936 --> 00:12:29,937 if you're not using socks proxy. 211 00:12:29,993 --> 00:12:32,095 So that's something you're going to have to look into 212 00:12:32,120 --> 00:12:35,366 setting up if you want to use your own work station, 213 00:12:35,524 --> 00:12:38,783 but that's a more advanced usage of Whonix. 214 00:12:39,929 --> 00:12:43,257 And there’s a useful link here for setting up your own workstation, 215 00:12:43,282 --> 00:12:44,328 so check that out. 216 00:12:45,698 --> 00:12:48,089 What you can see here is a representation 217 00:12:48,114 --> 00:12:50,191 of the Whonix workstation here, 218 00:12:50,921 --> 00:12:52,532 the Whonix gateway here 219 00:12:53,563 --> 00:12:58,144 and then the three hop circuit of the TOR network, 220 00:12:58,222 --> 00:13:02,736 first node, second node, third node, and then the destination. 221 00:13:04,008 --> 00:13:06,148 The Whonix gateway here 222 00:13:06,601 --> 00:13:14,013 acts as both a transparent TOR proxy and a socks proxy. 223 00:13:15,604 --> 00:13:20,594 Transparent means that even if downloaded applications 224 00:13:20,664 --> 00:13:22,719 aren't configure to use TOR, 225 00:13:22,857 --> 00:13:26,708 they will still go through the Whonix gateway 226 00:13:26,748 --> 00:13:29,341 and be transparently torrified, 227 00:13:29,576 --> 00:13:32,656 transparent as in transparent TOR proxy. 228 00:13:32,897 --> 00:13:34,127 This is a good feature, 229 00:13:34,381 --> 00:13:37,786 it means you can download and install things that you need 230 00:13:37,929 --> 00:13:42,108 and they don't need to be specifically configured to use TOR, 231 00:13:42,391 --> 00:13:46,328 they can go through the transparent proxy. 232 00:13:46,722 --> 00:13:52,110 But note, all trans proxied apps use the same TOR circuit. 233 00:13:52,650 --> 00:13:54,628 As you can see illustrated here, 234 00:13:54,864 --> 00:13:57,245 it goes through the same nodes, 235 00:13:57,880 --> 00:14:00,803 they'll have the same exit IP address 236 00:14:00,910 --> 00:14:04,164 and be seen as the same to the destination. 237 00:14:04,627 --> 00:14:06,992 Now, socks proxies on the other hand, 238 00:14:07,190 --> 00:14:10,053 is used when an application is specifically 239 00:14:10,078 --> 00:14:12,689 configured to use TOR as a proxy. 240 00:14:12,944 --> 00:14:16,778 So for example, the proxy settings within the browser. 241 00:14:17,738 --> 00:14:21,617 If you look here, these are the socks proxied applications 242 00:14:21,789 --> 00:14:24,892 within Whonix and the ports that they use 243 00:14:25,151 --> 00:14:30,078 and whether they are preinstalled and preconfigured to use socks. 244 00:14:30,253 --> 00:14:32,615 So you can see the TOR browser here 245 00:14:32,640 --> 00:14:35,221 is connecting locally on the workstation 246 00:14:35,571 --> 00:14:39,773 on port 9150 and is using the socks proxy. 247 00:14:40,035 --> 00:14:41,840 If you install Thunderbird, 248 00:14:43,008 --> 00:14:45,126 then this will also use a socks proxy. 249 00:14:46,222 --> 00:14:47,994 There's also command line apps 250 00:14:48,066 --> 00:14:50,599 that you do need to go through TOR, 251 00:14:50,792 --> 00:14:53,619 and of course these also go through the socks proxy, 252 00:14:53,644 --> 00:14:56,270 so you've got things like wget, curl, 253 00:14:56,865 --> 00:15:01,274 aptitude and app get for downloading your apps from the repository, 254 00:15:01,643 --> 00:15:03,295 so plenty of preconfigured 255 00:15:03,810 --> 00:15:06,248 applications to use as socks proxy. 256 00:15:07,190 --> 00:15:09,689 And that's good, because using the socks proxy 257 00:15:09,737 --> 00:15:11,589 is better for security 258 00:15:11,819 --> 00:15:16,247 because it provides what is called stream isolation, i.e. 259 00:15:16,334 --> 00:15:22,011 each application uses a different TOR circuit, as illustrated here. 260 00:15:22,395 --> 00:15:24,356 So you can see this one's going that way, 261 00:15:25,056 --> 00:15:26,699 this one's going that way, 262 00:15:27,376 --> 00:15:28,820 this one's going that way. 263 00:15:29,079 --> 00:15:32,235 Therefore, each application going through the socks proxy 264 00:15:32,497 --> 00:15:35,453 potentially has a different IP address. 265 00:15:35,666 --> 00:15:38,635 Not always, they may have a different circuit, 266 00:15:38,749 --> 00:15:40,948 but their exit may be the same. 267 00:15:41,352 --> 00:15:45,919 Even so, this protects against identity correlation attacks 268 00:15:46,008 --> 00:15:48,678 because of TOR circuit sharing. 269 00:15:48,960 --> 00:15:52,366 It is recommended you use a different workstation 270 00:15:52,476 --> 00:15:56,192 per alias to prevent correlation attacks. 271 00:15:56,406 --> 00:15:59,919 I talk more on correlation attacks in the section on TOR. 272 00:16:01,134 --> 00:16:03,957 If you want to get a little bit more advanced with Whonix, 273 00:16:03,982 --> 00:16:07,886 it is possible to run Whonix on a physical machine 274 00:16:08,095 --> 00:16:10,373 to provide physical isolation, 275 00:16:10,611 --> 00:16:14,070 which has its security pros and cons. 276 00:16:14,389 --> 00:16:18,733 The Whonix gateway is best to be physically isolated 277 00:16:18,955 --> 00:16:20,720 and if you want to know more about that, 278 00:16:21,105 --> 00:16:24,181 read here and understand the various options, 279 00:16:24,206 --> 00:16:26,222 and the pros and cons if you want to 280 00:16:26,429 --> 00:16:29,794 consider going down the physical isolation route. 281 00:16:30,627 --> 00:16:32,341 Let's have a look at the workstation now. 282 00:16:35,032 --> 00:16:37,602 As I said, this is where you use the internet 283 00:16:37,627 --> 00:16:40,078 and you find the TOR browser. 284 00:16:40,195 --> 00:16:44,528 You'll find the workstation to be very sparse on applications, 285 00:16:44,553 --> 00:16:48,650 this is by design to reduce the possible attack surface. 286 00:16:49,024 --> 00:16:50,664 So if you're looking at applications here, 287 00:16:51,085 --> 00:16:54,331 you can go through and have a look what they've got. 288 00:16:55,373 --> 00:16:57,638 As I said, not too much, 289 00:17:00,484 --> 00:17:01,961 but that's by design. 290 00:17:04,135 --> 00:17:07,188 But you're able to install any applications that you want, 291 00:17:07,341 --> 00:17:11,349 and after installing, it will use the trans proxy 292 00:17:11,468 --> 00:17:15,164 unless you specifically configure it to use a socks proxy. 293 00:17:15,458 --> 00:17:20,595 You download apps in just the same way as on any other Debian distribution. 294 00:17:20,746 --> 00:17:23,619 So for example that's how you install 295 00:17:23,897 --> 00:17:26,802 Icedove, Enigmail and Torbirdy, 296 00:17:26,897 --> 00:17:31,099 just the same app get or aptitude, there's no restrictions. 297 00:17:32,452 --> 00:17:35,400 Check here for what socks proxies might be available 298 00:17:35,432 --> 00:17:38,416 for any apps that you might want to install. 299 00:17:40,127 --> 00:17:42,281 What's great is that whatever you install, 300 00:17:42,524 --> 00:17:46,189 will go through the gateway and it will be torrified, 301 00:17:46,389 --> 00:17:48,249 so there's no chance of leaks. 302 00:17:48,455 --> 00:17:51,307 With any operating system where TOR 303 00:17:51,373 --> 00:17:53,865 isn't happening on a gateway, 304 00:17:53,968 --> 00:17:56,834 newly installed applications could leak. 305 00:17:57,032 --> 00:18:01,387 This is why it's not advisable to install applications on Tails 306 00:18:01,474 --> 00:18:04,604 because the torrification happens within Tails, 307 00:18:04,937 --> 00:18:08,476 so you need to specifically configure applications 308 00:18:08,523 --> 00:18:11,349 to go through TOR socks proxies 309 00:18:11,424 --> 00:18:13,463 or TOR transparent proxies. 310 00:18:14,730 --> 00:18:17,048 Let's look at its features list here. 311 00:18:17,376 --> 00:18:20,288 So obviously you got a lot of anonymous services, 312 00:18:20,313 --> 00:18:23,537 you can do IRC, you can do email, 313 00:18:23,817 --> 00:18:26,359 as we said it's based on Debian, which is great. 314 00:18:26,497 --> 00:18:30,346 It's also based on TOR, you can use it with VirtualBox, 315 00:18:30,394 --> 00:18:32,450 although VirtualBox is not recommended 316 00:18:32,499 --> 00:18:34,531 for the most secure configuration. 317 00:18:34,610 --> 00:18:38,250 As it says here, you can torrify almost any application, 318 00:18:38,452 --> 00:18:40,810 that's one of its major major bonuses, 319 00:18:40,984 --> 00:18:45,026 and you can potentially torify any operating system as well. 320 00:18:45,230 --> 00:18:50,129 If you set up your own workstation DNSSEC over TOR, 321 00:18:50,444 --> 00:18:51,893 encrypted DNS. 322 00:18:54,041 --> 00:18:55,906 It's free open source 323 00:18:56,040 --> 00:18:58,815 and you have the IP DNS leak protection, 324 00:18:58,965 --> 00:19:02,219 which is so important, and the list goes on. 325 00:19:02,992 --> 00:19:05,240 Oh yes, it also includes JonDonym 326 00:19:05,746 --> 00:19:09,436 and it can also be used for torring anonymizing services 327 00:19:09,461 --> 00:19:11,271 through other anonymizing services. 328 00:19:11,581 --> 00:19:14,033 We talk about that in its own section. 329 00:19:15,016 --> 00:19:17,572 And here it's got some advantages of Whonix, 330 00:19:19,095 --> 00:19:20,441 what do we think of these. 331 00:19:21,151 --> 00:19:24,578 Install any software package, that's a great feature. 332 00:19:24,675 --> 00:19:28,000 That’s a great advantage over live operating systems 333 00:19:28,025 --> 00:19:29,143 where you cannot do that. 334 00:19:29,389 --> 00:19:32,602 And then all the rest of this is about preventing leaks 335 00:19:32,754 --> 00:19:37,264 which again is its main benefit really because of the isolation. 336 00:19:38,238 --> 00:19:40,290 Let me read a couple of recommendations 337 00:19:40,329 --> 00:19:42,179 from the Whonix site 338 00:19:42,204 --> 00:19:45,505 which I think are important for you to know about. 339 00:19:46,262 --> 00:19:49,622 So it's recommended that you keep a master copy 340 00:19:50,063 --> 00:19:53,212 of Whonix workstation, keep it updated, 341 00:19:53,476 --> 00:19:57,533 make regular clean snapshots, but do not edit any settings 342 00:19:57,559 --> 00:20:01,856 or install additional software, or use it directly for any activity. 343 00:20:02,111 --> 00:20:03,562 Instead, make a clone 344 00:20:03,960 --> 00:20:05,663 or use snapshotting, 345 00:20:05,743 --> 00:20:09,041 but never mix up clean and unclean states 346 00:20:09,258 --> 00:20:12,150 for activities that require anonymity. 347 00:20:12,325 --> 00:20:13,774 After importing the VMs, 348 00:20:13,857 --> 00:20:16,704 do a first run of the Whonix gateway 349 00:20:16,729 --> 00:20:20,240 and workstation virtual machines, securely update it, 350 00:20:20,675 --> 00:20:24,454 after that stop and do not browse anywhere 351 00:20:24,770 --> 00:20:27,617 or open any unauthenticated 352 00:20:27,681 --> 00:20:29,468 communication channel to the internet. 353 00:20:30,040 --> 00:20:32,996 Shut down the virtual machines and create snapshots 354 00:20:33,021 --> 00:20:36,230 of their clean state before browsing 355 00:20:36,325 --> 00:20:39,308 or initiating any connections with the outside world. 356 00:20:39,752 --> 00:20:43,578 Note, the only exception to this is running APT 357 00:20:43,770 --> 00:20:45,165 which has a guaranteed way 358 00:20:45,190 --> 00:20:48,103 of securely downloading and verifying packages. 359 00:20:48,388 --> 00:20:50,896 So some important steps there that you should follow.