Operational security is never something that should be taken lightly.
We’ve all come to learn of the terrifying surveillance capabilities from federal intelligence agencies down to local law enforcement—as they ever increase their scope and bridge the gap between the two.
Being anonymous when accessing and using services on the dark web is a necessity, not a luxury. If you’re unable to use the anonymity tools in the right fashion, you’re out of your depth.
Almost all arrests or demasking, doxing or deanonymizing is done on the back of something small and technical, something the user forgets to switch on or use, such as a VPN, or by doing something that inadvertently connects your real life persona to your activity on the dark web.
In this guide, we’ll walk you through the installation and setup of the anonymity tool Whonix—an operating system designed to keep you secure generally, or while accessing the dark web.
Before We Start…
You should have at least 2Gb of RAM to keep things afloat, but any machine from the last few years will have this.
Remember that a tool is not an antidote. Tools give users power, power that can be used to help ensure they remain anonymous. But the tool itself is only as good as the craftsman. An antidote saves someone, but anonymity tools don’t save a user. They can only empower users.
Your threat modelling will vary based on who you are and the level of operational security you desire. Whonix is simply a tool, and if used correctly it will help you remain safe and give you a significant upper hand in remaining anonymous on the dark web. But even if you use Whonix flawlessly, if you do something to expose your real-life identity—like buying an item from a darknet market with Bitcoins connected to your credit card—then Whonix won’t save you.
This point is made abundantly clear by the Whonix team throughout installation and these warning screens won’t be highlighted in this tutorial except now. This is your warning. Be safe.
Step 0: First Thing’s First—Virtual Box
You need to install Virtual Box in order to use Whonix. This is because of the unique way that Whonix works.
Whonix operates as two virtual machines that run simultaneously. It’s a bit odd to think about initially but understanding the basics of how Whonix works helps wrap your head around the entire process.
There is a “Gateway” Whonix virtual machine and a “Workstation” Whonix virtual machine.
You never perform any tasks or installations or work on the Gateway; it serves only as a portal to the Tor network. It also acts as a firewall.
The Workstation virtual machine is where all the action happens, and it’s protected or insulated from the scary wide web by the Gateway: It’s connected to the Gateway virtual machine rather than being connected directly to the internet… I know, it’s complicated. But therein lies Whonix’s genius. By never connecting the Workstation directly to the internet, another layer of protection is added—a layer beyond that which similar tools, such as Tails, can provide.
With that short overview done, go ahead and install Virtual Box.
Since Whonix is running within Virtual Box, this tutorial will suit all operating systems with little variation. I’m installing Whonix on OSX today since it’s a popular operating system, and I can’t stomach Windows. Once Virtual Box is install, we can get started.
Step 1: Download Whonix
Navigate to this page. Hit “expand” under the first heading.
You need to download four files in total. Download the two .ova files, clocking in at just over 4Gb in total. These files are the foundations for what will be the two virtual machines: the Gateway and the Workstation.
The other two important files to download are the sha512 hash files for the .ova files.
It is important to verify all the files you download from the internet, even more so when it’s anonymity tools. We’ll walk you through the process of verifying using these two hash files.
Step 2: Verify the Downloads
Verifying the downloads can be done a few different ways, and this will vary based on operating system. If you’re on Windows, head here for a guide. If you are on a Linux distro, you more than likely already know what to do. If you’re on OSX, keep reading.
- First open up Terminal. You can do this by pressing Command and Space, then start typing ‘terminal’ and hit Enter.
- Type in ‘ls Downloads’ and hit Enter. This takes your terminal shell to the Downloads folder. If you downloaded your four files anywhere else, then you’ll need to replace ‘Downloads’ with the path to the file (in/this/format).
- Next, we need to get the hash of the ‘.ova’ files. Type in ‘shasum -a 512 Whonix-Gateway-220.127.116.11.4.ova’ and hit enter. Shasum is the task. This lets us dictate the hash rate of 512 (to match what Whonix have provided).
- Next, select the output, right click and select ‘copy.’
There are a few ways to actually verify using the hash. However, copying the file and opening the downloaded hash is, to this author, the easiest:
- Open up ‘Finder’ and head to ‘Downloads’ folder.
- Double click the file ‘Whonix-Gateway-18.104.22.168.4.sha512sum.’
- You choose to open with a program of your choice; head to the bottom of the list and select ‘TextEdit.’
- Next, hit ‘Command & F’ to open ‘Find.’ Then hit ‘Command V’ to paste the hash we obtained from the Terminal session. It should match exactly to the hash within the text file.
Repeat the entirety of this step but for the ‘Workstation’ files. Once done, you’ll have verified that you have indeed downloaded uncorrupted and accurate Whonix .ova files. Feel free to delete the two ‘.sha512sum’ files now.
Step 3: Create the Virtual Machines
Click the little folder icon to the right of the file path field, and head to Downloads. Click on the Gateway .ova file and hit continue.
After that you’ll have created the two usable, bootable virtual machines. At this point, you can choose to delete the two .ova files in your Downloads if you’re short on disk space on your computer. You won’t need them again.
With that said, if you ever want to reinstall from scratch, they may be useful later. It’s up to you.
We’ve discussed above roughly how Whonix works. Both virtual machines need each other, so you need to double click on both when you want to boot the system up. Double click both now and let them get to work.
You’ll see two boxes open. These are the two machines, and they will both run similar looking logs on boot. This is a familiar sight to anyone with a Linux machine, but it may look intimidating if you’re used to a shiny OSX boot. Don’t fear—it’s just showing you what it’s doing on the boot, something which happens behind the white curtains on an OSX system, but which happens nonetheless.
Once loaded, you’ll be left with the following:
Head to your Gateway machine (shown in the images as the top left machine). Click through the start up wizard and warnings after reading them. They contain important information.
Click ‘I am ready to enable Tor’ on the gateway VM. The other options are most likely unnecessary, however, if you are in a country like China, clicking that ‘Tor is censored or dangerous in my area’ is an option that will be necessary.
Click through the setup options. Automatic update is recommended as it’s the most secure option. The stable repository is also recommended unless you’re testing the newer less stable versions.
Your Gateway machine is now set up, connected to Tor and ready to funnel this connection through to the Workstation machine.
You can choose to open up the ‘Arm – Tor Controller’ program if you want to have a poke around at the data passing through the Gateway virtual machine.
Step 6: Workstation Configuration
Much the same as the Gateway virtual machine, click through the warnings once you’re satisfied. The ‘first run’ setup wizard will auto-run. Choose to take updates from the stable repository (it’s important to choose stable sources for any security software).
Once finished with the ‘first run’ wizard you’ll see a ‘Connected to Tor’ notification in the lower right if all went well. The system will now check for updates in the background.
Time to click on the Tor Browser desktop icon.
Once the download is done, it will run the browser. Hit the first link ‘Check IP.’ This will redirect you to the Tor Checker, something which you should run at every boot of the Tor Browser, just to confirm you’re connected to the network.
Whonix shields the Workstation virtual machine by isolating the virtual machine on the network. The Workstation is layered behind the Gateway, and any malicious connection attempts will in theory only get as far as the Gateway machine, which won’t contain any of your information or working files.
The most important final tip is that Whonix is not an antidote for carelessness. Humans are always the weakest elements in security systems, so be smart in the way you use this tool.
Latest posts by Con (see all)
- Latest News on Cryptocurrencies of the Dark Web | Week 27 – 2018 - July 3, 2018
- Essay: A Brief History of Kim Dotcom, the Internet’s Architect of Revolution - June 26, 2018
- Op-Ed: Going Dark—Encryption and the Dark Web - June 22, 2018