Whonix actually works better as a VM on Qubes, and Whonix devs actually recommend it as a second level of protection. Unless your QubesOS is compromised, you're practically invisible.
Been dabbling with Whonix for quite some time with VirtualBox, though it's not always the most secure option. Definitely an optimal choice for privacy and security when it comes to operating systems regardless of whether you use KVM or VirtualBox
@@moth5799 If you're USB mounting KVM's then yes, but otherwise VirtualBox is good for use by public computers or laptops that you'll only use when on public networks.
Been using this setup for a while now, thanks for providing some more detailed information especially swap file vulnerabilities and other things to consider.
Sleep keeps RAM powered, while hibernation writes RAM to swap. Setting up encrypted swap is actually really easy to do on most graphical installers for Linux.
I dont really know anything about all this but I always come back to channels like this just because of how interesting all these topics are. I've learned a good bit just dont really ever plan to go on the darkweb. Still really cool tho!
Of course you run Arch… the Elitist has spoken LuL! When I better understand our craft I’ll dive down the Arch hole. All Arch users I’ve met swear by it! 🍻.
Yah, when I saw that, upward security (ie protection against your enviroment) was what bothered me. It doesn't matter how secure WHONIX is, if the host it is running on is less secure. Weakest link and all. Especially if for some insane reason your host OS is Windows, I can't imagine the upward security will be very good.
I daily drive Qubes and love it. It has a large learning curve though, but if you know the basics and are comfortable enough to do a walkthrough video I'm sure people would love it!
I think the reason he hasn't is becuase a screen recorder is difficult to set up in Dom0. You could probably use an external capture card as that's how I'm planning on recording my QubesOS setup.
@@RashidSEC Yeah that is a good point 😁. Along with the security risk of installing any sort of software in Dom0 to begin with. But I suppose for an example video wouldn't make Joanna too angry 😂
I noticed you don’t have any videos on openSUSE, a lot of people seem to love it and a review would be pretty great from you, love the content as always
0:30 About this: Is it possible to do something like this on a host machine/VM running windows 10/7? I just saw Adrien Crenshaw's old Defcon presentation where @ the end he demonstrates getting people's IP addresses because other computer apps (like Office Word) don't respect Tor's proxy settings. Is there a method of doing something like what whonix did but on other OS's?
This really helps, thanks. Im going to run tails inside of whonix inside of a kvm/vert inside of an arch linux desktop inside of proxmox running inside a docker container inside a pod on truenas scale. 💥😎
A router with this running on it can be very useful. That or something that works similarly. Maybe run it on an old PC with two NICs as a firewall of sorts.
I think if you use this too much, NSA or FBI might tag the network packages thru your isp (which they always know where internet usage is from) just because you are shady
i like Qubes, but using an old thinkpad (air gapping my kit, i have the hardware so why not) really doesn’t permit having even more than 2 VMs running concurrently. Having a minimal and pruned Linux OS whilst running whonix is more ideal
I have questions... So the order of everything is PC > Storage Devices (SSD/HDD) > Hypervisor > VMs > Operating System > Web Browser, right? Qubes and Whonix are both operating systems. So why is Whonix ran INSIDE of Qubes, so Qubes > Whonix? KVM acts as a Hypervisor, thought the type, 1 or 2, is debated. Qubes uses a hypervisor called Xen. What's better, Xen or KVM? Why? And if KVM is considered better for whatever reason, then could you run Qubes inside of KVM, without security/performance disadvantages compared to Xen? So then the order of everything would be PC > Storage Devices > KVM OR Xen > Qubes > Whonix > Tor, correct? Another thing, I run Windows 10 with my SSD. I recently wanted to access the dark web, but I don't fuck around with security, so here I am asking every question thinkable after getting confused by my extensive research. I have an old 2TB HDD that hasn't been used in a long time with nothing important on it, as I backed up all the folders onto Google Drive and wiped my HDD. If I keep my SSD for my standard stuff on Windows, could I then install all my dark web stuff (Hypervisors, VMs, OSs, etc.) onto the HDD, set my HDD as my boot drive in my motherboard's BIOS, and then when I want to access the dark web do that and be safe? Would my SSD/Windows be safe if that's done? Oh, and before getting all the secure stuff, do you install standard Linux first? Thank you anyone in advance!
That's really interesting. I never heard of Whonix KVM before. I usually have a SD Card with Tails for that in my old ThinkPad since it's really easy to setup. Well, My T60 isn't really that secure but recently I bought and repaired an old IdeaPad with 6gb RAM (4gb Soldered/ 2gb user replaceable) , some Ryzen 5 CPU and Windows 7 Starter on it. I'm actually curious to try it out on that Ideapad after I transfer my SSD to it. After all, this week I'll be getting a package from Lenovo with a brand new battery and display. The 4c 8t CPU should have enough of a punch to run a Linux KVM.
11:05 encrypt the volume?? You mean like a luksFormat?? If so, could you make an episode of that? Or do you mean put the *.qcow2 files in an encrypted Truecrypt/Veracrypt container before you use it? I used to do that with my old VBOX files, but I think an encypted os volume would be more secure
I have a question What is the advantage of using Whonix, vs using two alpine data-disk installs configured to use tor? Also, how hard would it be to run a Whonix gateway in front of your bare metal?
As I see it whonix's only advantage over TAILS is that it runs on a VM so if your dark web session is hacked your real OS/fs is safe; but kvm requieres too much resources; I'd prefer the risk of booting TAILS from a usb pendrive: it's fast, amnesiac (which whonix is not) and I won't save anything on my notebook fs
With Tails, if your dark web session is hacked your real OS/fs is safe too. The advantage of Whonix is being able to run both your dark web OS and real OS securely at the same time
No. Whonix is much better than Tails. Whonix is more secure/hardened, impossible to leak IP Address even if your Workstation has been compromised (since the tor gateway are not on Workstation like Tails) Full torified system and a lot of interesting tools like Kloak. Also you can make Whonix amnesic with Qubes-Whonix DispVM.
@@andrepipo4542 Is it safer though? Virtualbox+Whonix is not that hard to install, but, what I understand is that it leaves traces on my hard drive? I can still reset the pc, there is not much stuff on it anyway. Soo I really don't know, I just want the safest option here, I'll probably be resetting the pc after browsing for a couple of days, not doing anything illegal, I'm just looking for a specific info. soo, tails or whonix?
i set up kali in virtualbox using whonix as a gateway without any issues, one thing i'm trying to figure out is if it's possible to configure the network settings to switch between routing traffic through the whonix gateway or using NAT to connect directly to my host machine. after spending 3 hours downloading updates through the tor network at 300kb/s i realized that it would be less painful to temporarily disconnect from whonix to do the updates.
Hey apparently Apple is going to release a lockdown mode to protect against Pegasus and similar software I imagine it will mostly mitigate the damage Pegasus can do
Great news but sooner or later linux privacy folks need to expand their arsenal with opensource hardware. More & more attacks are getting hardware & cryptography based.
Isn't the lockdown mode a step after believing that someone is in your phone? In which case won't protect anything that they have already accessed. The problem with pegasus is that most people have no idea they are infected, so it's kind of pointless for most iphones.
Tor is more hardened than Firefox and protects you from fingerprinting, since everyone who use Tor Browser and don't modify him (adding extensions, changing Proxy settings, etc) have the same fingerprint.
i got some error when i was trying to run the gateway and then noticed it only gets 256MiB of RAM by default thus wasn't able to launch all the required systemd services
Can you recommend a video for invisible/anonymous/untraceable use of the internet? I know its actually not possible (reading the research papers) but I could at least protect against most pen-testing?
tails but riceable basically. I like the ability to customize, I normally just leave the gateway as CLI only, and put a window manager or something on the workspace VM
Kenny, I've been trying to get a dualboot working for a month and I'm losing my shit. I only need windows for a handful of applications, but they're all GPU intensive stuff like CAD and illustration software. I don't know if using a windows VM will run well enough with the performance hit but I'm sick of fucking with Windows and having it run its slimy tentacles through my entire system and break Linux every time I boot into it. do you have any recommendations?
I have a secondary gpu ( Gtx 1050). For GPU intensive Windows only applications I use a Windows VM and pass through the second GPU. Since I also only have one monitor I use looking glass to access the video output. This works really well, no need to dual boot but you do need to dedicate a gpu to the vm.
Qubes also uses whonix. It is probably the most nightmarish thing to learn. I suggest having a dedicated laptop for it that you can afford to be out of comission on
@@trik9464 after installing Arch from the command line and daily driving it for a while, I do plan to in a future get a separate laptop just to dedicate myself to run Qubes but I can already imagine what a nightmarish task it will be to learn it.
I mean, a look on NIxOS would be good. I'm not really a fan of transactional operating systems (really more of the rolling release type guy) but yeah, tested it a bit but I still think it's a more "advanced" user type of OS (at least for me) and, if I'm like, installing a transactional/atomic update system to someone like my grandmother or smt, I'd definitely prefer Fedora Silverblue tbh
How good is the general software availability? I've been wanting to switch for a lil bit but I'm worried there's less applications and drivers available than what I use right now (Manjaro).
@@sethadkins546 I think enough for you to use. The only part that if you grab source from Internet and try to install or compile like normal mostly it won't be work so therefore you need to learn nix to touch it. Also installer is pretty easy now.
If I got host encrypted volume and only boot partition unencrypted is imposible to read swap data if I turn off the computer Right? I mean I don't have to disable nothing I'm with LUKS + lvm and LUKS over lvm
I don't remember exactly what it's called but I've seen a modification that uses ddr2 Ram. It makes it act like temporary hard drive storage. If you had something like that you could install any operating system on it, then it would all disappear Once you turn your computer off.
I'm running into a "no bootable device" error and wondering if it has something to do with permissions. The gateway is owned by libvirt-qemu and the Workstation is owned by me (user). I have a Kali VM I run through KVM and it is set as root. Not sure how any of these got set, but do you think this is the issue?
KVM or Oracle VM VirtualBox for better option security and anonymity? (Maybe ı will start to use Linux for KVM, should ı do it or use Oracle VM VirtualBox)
@znapz 1. I’m not arguing. I’m stating a fact. Whether u choose to agree or disagree is your choice. 2. I never asked what was overkill or not, so your reply to the comment doesn’t answer the question appropriately. 3. I don’t need to provide u with references. Not interested in a debate. What is this? Who are u? Go THAAAT way 👋
@@rishirajsaikia1323 Not necessarily, Tails does offer encrypted persistent storage for exactly this type of application. Its probably super overkill but it is definitely doable.
@@DanteHaroun Wouldn't be good. Tails blocks all clearnet traffic. If you use KVM with any VM, the VM will have the traffic through tor too. Whonix Workstation need Whonix Gateway to work. If you use Tails + Whonix, you will have tor over tor traffic, which is slow and insecure. Qubes-Whonix is 100x better, more secure, stable and faster.
This is from the official Whonix Wiki Why use VirtualBox over KVM? VirtualBox advantages: The virtual network interfaces are better encapsulated inside the VM by VirtualBox. Virtual network interfaces by VirtualBox: Are invisible on the host using tools such as "sudo ifconfig". corridor leak tested. Therefore Whonix VirtualBox has a higher leak-proofness then Whonix KVM. KVM disadvantages: Virtual network interfaces by KVM: Are visible on the host using tools such as "sudo ifconfig". KVM: This complicates leak tests because tshark / wireshark on the host can see connections between Whonix-Workstation and Whonix-Gateway . KVM: Therefore also leak-testing using corridor on the host failed. KVM: host software such as for example NordVPN client kill-switch can break Whonix-Workstation KVM network connectivity.
Whonix is more secure/hardened than Tails. Whonix have so many good tools like Kloak, anon-apps-configs, etc. Whonix have the tor gateway separated from the Workstation, so IP leaks are impossible even if your Workstation Whonix gets compromised. And since Whonix use VM, your hardware information doesn't get leaked/exposed. Whonix is 10x better than Tails. Tails is more a easy anonymous portable OS to use on untrusted computers. There's no reason to use Tails instead Qubes-Whonix on personal computer.
@@bcz1337unless whonix and qubes is packaged together on a live usb. Then I say TAILS is better. All that isn’t so great when it has to be downloaded from windows 11
This seems less secure than tails or kodachi because it runs in a VM, which means that your host can be compromised and then your guests are insecure. I believe using tails or kodachi on a system without Intel ME enabled (or present at all if possible) in live mode (for tails) or loaded entirely in RAM (for Kodachi) would be more secure.
@Spada from what I recall, it's a thing that boots up with the computer. It's why earlier versions of it, you could strip it out of the bios but in later ones you cant. Same goes for amd's ppsp or whatever it's called, it runs when the computer is turned on.
@znapz Yes, but a custom BIOS will only disable it, but it's still there. The only way to fully remove Intel ME is to not have it in the first place, which means you need a system with a CPU from 2007 or earlier.
@znapz That's not a solution either. AMD has AMD PSP which is AMDs own version of Intel ME. ARM won't save you either as ARM manufacturers have their own variants too. Go for old Intel or maybe RISC V.
You should really try out docker, its not as complicated as most think it is. Considering its used by by all cloud providers, its the most secure and up to date solution running instanced VMs.
@@DanLivings That doesnt stop you from having VMs, with containers within. Its just silly to have a separate VMs to isolate your 'virtual world' from the 'real world' computers. Easier to have just one, that is filled with containers.
@@draken5379 I'm not sure what the point that you're trying to make is. Docker containers and VMs solve related but distinct problems. Sometimes the level of isolation provided by a container isn't enough and you will need a full VM.
finally a secure way to use facebook
Yes, just use my link
kek
@@notafbihoneypot8487 lmaoo
Lmao
😂😂😂
Whonix vs QubesOS vs Tail for security and privacy? Would make for an interesting video, since all three aim for a different use case
Yes please do this
Oh yes please!
Qubes gang
Whonix actually works better as a VM on Qubes, and Whonix devs actually recommend it as a second level of protection. Unless your QubesOS is compromised, you're practically invisible.
id say they are all have very different uses but id still like to see a comparison
Been dabbling with Whonix for quite some time with VirtualBox, though it's not always the most secure option. Definitely an optimal choice for privacy and security when it comes to operating systems regardless of whether you use KVM or VirtualBox
In your opinion what’s most secure?
@@Joseph-ws5de I know I'm not OP but KVM is definitely more secure.
Good for gaming on the side?~
@@moth5799 If you're USB mounting KVM's then yes, but otherwise VirtualBox is good for use by public computers or laptops that you'll only use when on public networks.
@@NotACutie Gaming on the Tor network is asking for 1 second lag. Unless you are talking about offline.
Been using this setup for a while now, thanks for providing some more detailed information especially swap file vulnerabilities and other things to consider.
Sleep keeps RAM powered, while hibernation writes RAM to swap. Setting up encrypted swap is actually really easy to do on most graphical installers for Linux.
Links and easy how to guide? 😅
Encrypted swap? That sounds like black magic to me
@@xmvziron why? its just swap but encrypted. probably slow as hell
Huh didn't know that. Thx for that
Do you have a link to a tutorial?
I dont really know anything about all this but I always come back to channels like this just because of how interesting all these topics are. I've learned a good bit just dont really ever plan to go on the darkweb. Still really cool tho!
Same. I love seeing how these things work, though I don't have an use case for it.
Don't worry, some day you will see your search history popping up somewhere & you will realise data security is important.
I don't think anyone has a use case for it here.
Whonix is brilliant. Thanks for finally making a video about it.
Your coverage is super actionable
Thanks for covering this OS
Whonix is amazing, I've been using it on my burner laptop for a while and it's kept me safe from the Dark Web's malicious activity.
I use Arch BTW
Of course you run Arch… the Elitist has spoken LuL! When I better understand our craft I’ll dive down the Arch hole. All Arch users I’ve met swear by it! 🍻.
WHO CARES?!!!
@@NeverTrust298 it's a meme, welcome to the internet!
@@NeverTrust298 welcome to the internet my friend
@@ColdSteel-dz3pf Just go straight to Artix/Parabola, depending on your hardware.
Thrilled to see some Whonix love...all the edgy "youtuber hackers" only talk about Tails. Do Qubes next!
NetworkChuck? Lmao yeah.
Yah, when I saw that, upward security (ie protection against your enviroment) was what bothered me. It doesn't matter how secure WHONIX is, if the host it is running on is less secure. Weakest link and all. Especially if for some insane reason your host OS is Windows, I can't imagine the upward security will be very good.
Agreed
So the solution is to run Whonix, on Whonix.
@@skinwalker69420 engineer pfp checks out
@@skinwalker69420 No, on Cubes.
I bought a laptop on 1 November,2023 pre-installed with windows 11 home. How do i completely wipe windows off my laptop and install whonix KVM?. 😊
Thanks for all your hard work thinking about all the details like swap files, etc.
I daily drive Qubes and love it. It has a large learning curve though, but if you know the basics and are comfortable enough to do a walkthrough video I'm sure people would love it!
I think the reason he hasn't is becuase a screen recorder is difficult to set up in Dom0. You could probably use an external capture card as that's how I'm planning on recording my QubesOS setup.
@@RashidSEC Yeah that is a good point 😁. Along with the security risk of installing any sort of software in Dom0 to begin with. But I suppose for an example video wouldn't make Joanna too angry 😂
Yeah that would be awesome, qubes user here too!
@@RashidSEC usb capture card to loop the hdmi and send the output to a vm with obs LOL it does actually work
@@trik9464 We will find out. My thinkpad has 64 gb of ram wish me luck.
11:26 Why is the User Firewall settings using the Nero Burner 6 icon?
I noticed you don’t have any videos on openSUSE, a lot of people seem to love it and a review would be pretty great from you, love the content as always
0:30 About this: Is it possible to do something like this on a host machine/VM running windows 10/7? I just saw Adrien Crenshaw's old Defcon presentation where @ the end he demonstrates getting people's IP addresses because other computer apps (like Office Word) don't respect Tor's proxy settings. Is there a method of doing something like what whonix did but on other OS's?
This really helps, thanks. Im going to run tails inside of whonix inside of a kvm/vert inside of an arch linux desktop inside of proxmox running inside a docker container inside a pod on truenas scale. 💥😎
Then what?
Honestly I'm not sure if this is safer than TailsOS(from USB boot)+TOR+Tunel.
A router with this running on it can be very useful. That or something that works similarly. Maybe run it on an old PC with two NICs as a firewall of sorts.
Funny I was just wondering if would work with rasp pi as a VPN/tor router. Been looking at making one for a travel system.
The only thing that those "Finally, it's here" comments should be about
whonix is great and not a hastle to set up 10/10 👍
I think if you use this too much, NSA or FBI might tag the network packages thru your isp (which they always know where internet usage is from) just because you are shady
How to be safe from that
Public wifi?
@@BOSS_1417 You may use a VPN to hide tor usage from your isp
Instead of TOR, would the new Beacon browser be a more secure option?
was waiting for this video for ages
Whonix is really an interesting distro
i like Qubes, but using an old thinkpad (air gapping my kit, i have the hardware so why not) really doesn’t permit having even more than 2 VMs running concurrently.
Having a minimal and pruned Linux OS whilst running whonix is more ideal
I hopefully never have to use this, but its nice to know that it exists.
Literally as I was attempting to use Whonix!
I have questions...
So the order of everything is PC > Storage Devices (SSD/HDD) > Hypervisor > VMs > Operating System > Web Browser, right?
Qubes and Whonix are both operating systems. So why is Whonix ran INSIDE of Qubes, so Qubes > Whonix?
KVM acts as a Hypervisor, thought the type, 1 or 2, is debated. Qubes uses a hypervisor called Xen. What's better, Xen or KVM? Why? And if KVM is considered better for whatever reason, then could you run Qubes inside of KVM, without security/performance disadvantages compared to Xen?
So then the order of everything would be PC > Storage Devices > KVM OR Xen > Qubes > Whonix > Tor, correct?
Another thing, I run Windows 10 with my SSD. I recently wanted to access the dark web, but I don't fuck around with security, so here I am asking every question thinkable after getting confused by my extensive research. I have an old 2TB HDD that hasn't been used in a long time with nothing important on it, as I backed up all the folders onto Google Drive and wiped my HDD.
If I keep my SSD for my standard stuff on Windows, could I then install all my dark web stuff (Hypervisors, VMs, OSs, etc.) onto the HDD, set my HDD as my boot drive in my motherboard's BIOS, and then when I want to access the dark web do that and be safe? Would my SSD/Windows be safe if that's done?
Oh, and before getting all the secure stuff, do you install standard Linux first?
Thank you anyone in advance!
Bah! You can select KVM from within VirtualBox to be your virtualization hypervisor.
Now I know how to do things without the FBI seeing. Thanks, FBI!
That's really interesting. I never heard of Whonix KVM before. I usually have a SD Card with Tails for that in my old ThinkPad since it's really easy to setup.
Well, My T60 isn't really that secure but recently I bought and repaired an old IdeaPad with 6gb RAM (4gb Soldered/ 2gb user replaceable) , some Ryzen 5 CPU and Windows 7 Starter on it.
I'm actually curious to try it out on that Ideapad after I transfer my SSD to it. After all, this week I'll be getting a package from Lenovo with a brand new battery and display. The 4c 8t CPU should have enough of a punch to run a Linux KVM.
10/10 tech tips, great video
11:05 encrypt the volume?? You mean like a luksFormat?? If so, could you make an episode of that?
Or do you mean put the *.qcow2 files in an encrypted Truecrypt/Veracrypt container before you use it?
I used to do that with my old VBOX files, but I think an encypted os volume would be more secure
Your view on downloading Qemu/kvm on windows 10 ?
Been waiting for this episode
I have a question
What is the advantage of using Whonix, vs using two alpine data-disk installs configured to use tor?
Also, how hard would it be to run a Whonix gateway in front of your bare metal?
As I see it whonix's only advantage over TAILS is that it runs on a VM so if your dark web session is hacked your real OS/fs is safe; but kvm requieres too much resources; I'd prefer the risk of booting TAILS from a usb pendrive: it's fast, amnesiac (which whonix is not) and I won't save anything on my notebook fs
With Tails, if your dark web session is hacked your real OS/fs is safe too. The advantage of Whonix is being able to run both your dark web OS and real OS securely at the same time
No. Whonix is much better than Tails. Whonix is more secure/hardened, impossible to leak IP Address even if your Workstation has been compromised (since the tor gateway are not on Workstation like Tails) Full torified system and a lot of interesting tools like Kloak. Also you can make Whonix amnesic with Qubes-Whonix DispVM.
What should I use on my main computer (not a burner) connected with ethernet cable?
Tails or Whonix?
@@pier_is_losing tails. Its easier
@@andrepipo4542 Is it safer though?
Virtualbox+Whonix is not that hard to install, but, what I understand is that it leaves traces on my hard drive? I can still reset the pc, there is not much stuff on it anyway.
Soo I really don't know, I just want the safest option here, I'll probably be resetting the pc after browsing for a couple of days, not doing anything illegal, I'm just looking for a specific info.
soo, tails or whonix?
I wonder how Whonix would do against an Intel computer with an Intel management engine. The low level "spyware" thing.
Hello, love your content. What host distro do you use? Do you have a video on that?
At 11:03 it turned out funny that you say that you could encrypt the volume and at the same time the volume window appears on the top right :)
i set up kali in virtualbox using whonix as a gateway without any issues, one thing i'm trying to figure out is if it's possible to configure the network settings to switch between routing traffic through the whonix gateway or using NAT to connect directly to my host machine. after spending 3 hours downloading updates through the tor network at 300kb/s i realized that it would be less painful to temporarily disconnect from whonix to do the updates.
I have a Linux VM. In this VM I installed Whonix using KVM.
We still don't have a working version of Whonix for ARM-based Macs, have we?
There is testing version, but it’s not recommended
@@nothingtoseeherelolkek Last time I checked they hadn't compiled it. Do they have a working alpha release now?
Hey apparently Apple is going to release a lockdown mode to protect against Pegasus and similar software
I imagine it will mostly mitigate the damage Pegasus can do
Great news but sooner or later linux privacy folks need to expand their arsenal with opensource hardware. More & more attacks are getting hardware & cryptography based.
Isn't the lockdown mode a step after believing that someone is in your phone? In which case won't protect anything that they have already accessed. The problem with pegasus is that most people have no idea they are infected, so it's kind of pointless for most iphones.
Hey, can you also make a video on invidious? It’s a secure frontend for youtube that you can make your own instance for.
When my traffic is already routed through the tor network, does it make sense to use the tor browser then? Wouldn't that be unnecessary?
I don't know a lot about this, but I'm pretty sure it brings more anonymity since pretty much everyone else is using Tor Browser as well
tor to some extent prevents fingerprinting your browser
Tor is more hardened than Firefox and protects you from fingerprinting, since everyone who use Tor Browser and don't modify him (adding extensions, changing Proxy settings, etc) have the same fingerprint.
i got some error when i was trying to run the gateway and then noticed it only gets 256MiB of RAM by default thus wasn't able to launch all the required systemd services
I run with 512MiB RAM
Can you recommend a video for invisible/anonymous/untraceable use of the internet? I know its actually not possible (reading the research papers) but I could at least protect against most pen-testing?
Saved to watch later before shaband
What about running Whonix on Tails OS, which itself is a VM on QubesOS?
Should one run Mullvad or some kind of VPN on the gateway VM?
I live in a Post-USSR country, I might need this lol
tails but riceable basically. I like the ability to customize, I normally just leave the gateway as CLI only, and put a window manager or something on the workspace VM
@Not Convinced no one asked you to interject, but here you are, the difference between us is that you're acting like an ass-hat and I'm not.
If you have enough RAM, just put the virtual disk file in a tmpfs ramdisk 😎 (and disable swap)
Genuine question, why do you have 128gb of ram
cracking passwords
Kenny, I've been trying to get a dualboot working for a month and I'm losing my shit. I only need windows for a handful of applications, but they're all GPU intensive stuff like CAD and illustration software. I don't know if using a windows VM will run well enough with the performance hit but I'm sick of fucking with Windows and having it run its slimy tentacles through my entire system and break Linux every time I boot into it.
do you have any recommendations?
I have a secondary gpu ( Gtx 1050). For GPU intensive Windows only applications I use a Windows VM and pass through the second GPU. Since I also only have one monitor I use looking glass to access the video output. This works really well, no need to dual boot but you do need to dedicate a gpu to the vm.
I want a video on Qubes now.
Finally a way to protect my deep fried dank memes from the glowies
How does whonix os compair to qubes os?
Qubes OS is more secure, but requires more technical knowledge to setup from my understanding.
Qubes also uses whonix. It is probably the most nightmarish thing to learn. I suggest having a dedicated laptop for it that you can afford to be out of comission on
@@trik9464 ok Thanks
@@Keniisu thanks for the info
@@trik9464 after installing Arch from the command line and daily driving it for a while, I do plan to in a future get a separate laptop just to dedicate myself to run Qubes but I can already imagine what a nightmarish task it will be to learn it.
Could you take a look at NixOS? I recently switched from a 4 year arch journey and I think its fantastic and probably the future of linux
I mean, a look on NIxOS would be good.
I'm not really a fan of transactional operating systems (really more of the rolling release type guy) but yeah, tested it a bit but I still think it's a more "advanced" user type of OS (at least for me) and, if I'm like, installing a transactional/atomic update system to someone like my grandmother or smt, I'd definitely prefer Fedora Silverblue tbh
How good is the general software availability? I've been wanting to switch for a lil bit but I'm worried there's less applications and drivers available than what I use right now (Manjaro).
@@sethadkins546 I believe it has the biggest repo of any distro 90k+, and adding custom packages is super simple
@@vicstoron it definitely requires some tinkering but once it's setup it's the most comfy os experience I've ever had
@@sethadkins546 I think enough for you to use. The only part that if you grab source from Internet and try to install or compile like normal mostly it won't be work so therefore you need to learn nix to touch it. Also installer is pretty easy now.
If I got host encrypted volume and only boot partition unencrypted is imposible to read swap data if I turn off the computer Right? I mean I don't have to disable nothing I'm with LUKS + lvm and LUKS over lvm
The question is should you use a VPN on your host os so that they cant tell (Your ISP) youre connecting to tor?.... Or there's no need for that?
There's no reason for you to hide that you're using Tor, since you can't know what you did using this proxy
lmao did you just put tor in full screen
Will this run on a Debian 11 Live USB ? I always get an error when trying to run the Workstation...
15:08 a lot more convenient to _use_ sure but a lot more of a pain to set up. Tails is probably the easiest thing to actually set up
Can it run from RAM?
I would like to boot it from BD-R and run from RAM.
How do I set up the whonix gateway to use kicksecure os so I can set up I2P?
Is this like CIA and FBI trap OS?
@@neighbor472 ok, so who is checking?
@@wvladimir21 Just checked it out while pooping… you’re good to go.
Great video Thank you
is there a video of you compiling gentoo on your threadripper?
How about zero Knowledge at network base layer instead ?
What do they mean by "watertight"?
Doesn't leak
Lmfao not water proof for sure.
Would you say this is more secure than Tails OS ?
Is there a way to boot and run it completely from RAM in a PC without any HDD/SSD?
I don't remember exactly what it's called but I've seen a modification that uses ddr2 Ram. It makes it act like temporary hard drive storage. If you had something like that you could install any operating system on it, then it would all disappear Once you turn your computer off.
@@msas6020 That's the intent.
I'm running into a "no bootable device" error and wondering if it has something to do with permissions. The gateway is owned by libvirt-qemu and the Workstation is owned by me (user). I have a Kali VM I run through KVM and it is set as root. Not sure how any of these got set, but do you think this is the issue?
I got it to work. Honestly, I think the problem was that I didn't unzip the files the way the instructions dictate.
@@TechLifeForLife hey how did you get it to work?
I want to use to upload files without compromising my privacy can i do it?
KVM or Oracle VM VirtualBox for better option security and anonymity? (Maybe ı will start to use Linux for KVM, should ı do it or use Oracle VM VirtualBox)
KVM
Virtualbox is closed-source, KVM not
Is there a reason why I cant extract the download file so I can have the files separate therefore I can open in terminal and install?
im using Linux MInt
Like the thread ripper high siding.😁
can I safely use soulseek to download scatman john with this?
so should i do tails live boot + whonix or qubes + whonix? why?
i'm guessing tails live boot (for forensic protection) +. whonix, but correct me if i'm wrong please
@znapz not according to a number of pros.
@znapz 1. I’m not arguing. I’m stating a fact. Whether u choose to agree or disagree is your choice. 2. I never asked what was overkill or not, so your reply to the comment doesn’t answer the question appropriately. 3. I don’t need to provide u with references. Not interested in a debate. What is this? Who are u? Go THAAAT way 👋
@znapz yet, ur the one answering the wrong question nobody asked. then, defaulting to name calling when i point it out and tell u to move on 🤣
@znapz dude, take my nuts outta ur mouth. go troll someone else. i’ll no longer respond. get the last comment if u must. have fun.
what is the state of the tor netwok? i mean do really anyone runs an end node at home?
Is this a virtual machine I can use on my windows
Is there an VM for android?
Then why not use QubeOS with a disposable Whonix Qube
Which is Good Quebes Or Whonix Or Tails ?
Qubes
why iso version is taking so long
Babe wake up Mental Outlaw just dropped
thanks i legit tried doing this a few weeks ago and couldnt get it working
Same. I thought KVM was like, a cool version of VMware or something. But I think I was mistaken….. lmao
This vs Tails? Lol imagine running Whonix ON Talis
After you remove the tails live usb, all the KVM setup and whonix will be gone.
@@rishirajsaikia1323 Not necessarily, Tails does offer encrypted persistent storage for exactly this type of application. Its probably super overkill but it is definitely doable.
@@DanteHaroun Wouldn't be good. Tails blocks all clearnet traffic. If you use KVM with any VM, the VM will have the traffic through tor too. Whonix Workstation need Whonix Gateway to work. If you use Tails + Whonix, you will have tor over tor traffic, which is slow and insecure. Qubes-Whonix is 100x better, more secure, stable and faster.
This is from the official Whonix Wiki
Why use VirtualBox over KVM?
VirtualBox advantages:
The virtual network interfaces are better encapsulated inside the VM by VirtualBox.
Virtual network interfaces by VirtualBox: Are invisible on the host using tools such as "sudo ifconfig".
corridor leak tested.
Therefore Whonix VirtualBox has a higher leak-proofness then Whonix KVM.
KVM disadvantages:
Virtual network interfaces by KVM: Are visible on the host using tools such as "sudo ifconfig".
KVM: This complicates leak tests because tshark / wireshark on the host can see connections between Whonix-Workstation and Whonix-Gateway .
KVM: Therefore also leak-testing using corridor on the host failed.
KVM: host software such as for example NordVPN client kill-switch can break Whonix-Workstation KVM network connectivity.
Is it better to use whonix in vmware instead of virtualbox ?
QEMU/KVM is the best option
Vmware is proprietary (its gay)
TAILS > Whonix ; no VM needed with Tails if started from a USB
Whonix is more secure/hardened than Tails. Whonix have so many good tools like Kloak, anon-apps-configs, etc. Whonix have the tor gateway separated from the Workstation, so IP leaks are impossible even if your Workstation Whonix gets compromised. And since Whonix use VM, your hardware information doesn't get leaked/exposed. Whonix is 10x better than Tails. Tails is more a easy anonymous portable OS to use on untrusted computers. There's no reason to use Tails instead Qubes-Whonix on personal computer.
@@bcz1337unless whonix and qubes is packaged together on a live usb. Then I say TAILS is better. All that isn’t so great when it has to be downloaded from windows 11
All fine and dandy until you the pleasure to go through compromised Tor exit nodes
Finally a honeypot from the ATF and NSA
Does it work on 32bit?
This seems less secure than tails or kodachi because it runs in a VM, which means that your host can be compromised and then your guests are insecure. I believe using tails or kodachi on a system without Intel ME enabled (or present at all if possible) in live mode (for tails) or loaded entirely in RAM (for Kodachi) would be more secure.
@Spada from what I recall, it's a thing that boots up with the computer. It's why earlier versions of it, you could strip it out of the bios but in later ones you cant. Same goes for amd's ppsp or whatever it's called, it runs when the computer is turned on.
Tails can be run it entirely in RAM with the *toram* boot option
@Not Convinced Yes
@znapz Yes, but a custom BIOS will only disable it, but it's still there. The only way to fully remove Intel ME is to not have it in the first place, which means you need a system with a CPU from 2007 or earlier.
@znapz That's not a solution either. AMD has AMD PSP which is AMDs own version of Intel ME. ARM won't save you either as ARM manufacturers have their own variants too. Go for old Intel or maybe RISC V.
In, Russia, 80% of imported computers do not have a Windows operating system
Now we just need a whonix-qubes video
You should really try out docker, its not as complicated as most think it is.
Considering its used by by all cloud providers, its the most secure and up to date solution running instanced VMs.
Docker containers aren't full VMs, they share the same kernel as the host OS.
@@DanLivings like wsl container OSs which share the wsl kernel.
@@DanLivings That doesnt stop you from having VMs, with containers within.
Its just silly to have a separate VMs to isolate your 'virtual world' from the 'real world' computers.
Easier to have just one, that is filled with containers.
@@draken5379 I'm not sure what the point that you're trying to make is. Docker containers and VMs solve related but distinct problems. Sometimes the level of isolation provided by a container isn't enough and you will need a full VM.