Anonymity Tools: A Guide to Whonix

Published on:

Operational security is never something that should be taken lightly.

We’ve all come to learn of the terrifying surveillance capabilities from federal intelligence agencies down to local law enforcement—as they ever increase their scope and bridge the gap between the two.

Being anonymous when accessing and using services on the dark web is a necessity, not a luxury. If you’re unable to use the anonymity tools in the right fashion, you’re out of your depth.

Almost all arrests or demasking, doxing or deanonymizing is done on the back of something small and technical, something the user forgets to switch on or use, such as a VPN, or by doing something that inadvertently connects your real life persona to your activity on the dark web.

In this guide, we’ll walk you through the installation and setup of the anonymity tool Whonix—an operating system designed to keep you secure generally, or while accessing the dark web.

Before We Start…

You should have at least 2Gb of RAM to keep things afloat, but any machine from the last few years will have this.

Your TOR usage is being watched

Remember that a tool is not an antidote. Tools give users power, power that can be used to help ensure they remain anonymous. But the tool itself is only as good as the craftsman. An antidote saves someone, but anonymity tools don’t save a user. They can only empower users.

Your threat modelling will vary based on who you are and the level of operational security you desire. Whonix is simply a tool, and if used correctly it will help you remain safe and give you a significant upper hand in remaining anonymous on the dark web. But even if you use Whonix flawlessly, if you do something to expose your real-life identity—like buying an item from a darknet market with Bitcoins connected to your credit card—then Whonix won’t save you.

This point is made abundantly clear by the Whonix team throughout installation and these warning screens won’t be highlighted in this tutorial except now. This is your warning. Be safe.

Step 0: First Thing’s First—Virtual Box

You need to install Virtual Box in order to use Whonix. This is because of the unique way that Whonix works.

Whonix operates as two virtual machines that run simultaneously. It’s a bit odd to think about initially but understanding the basics of how Whonix works helps wrap your head around the entire process.

There is a “Gateway” Whonix virtual machine and a “Workstation” Whonix virtual machine.

You never perform any tasks or installations or work on the Gateway; it serves only as a portal to the Tor network. It also acts as a firewall.

The Workstation virtual machine is where all the action happens, and it’s protected or insulated from the scary wide web by the Gateway: It’s connected to the Gateway virtual machine rather than being connected directly to the internet… I know, it’s complicated. But therein lies Whonix’s genius. By never connecting the Workstation directly to the internet, another layer of protection is added—a layer beyond that which similar tools, such as Tails, can provide.

With that short overview done, go ahead and install Virtual Box.

Since Whonix is running within Virtual Box, this tutorial will suit all operating systems with little variation. I’m installing Whonix on OSX today since it’s a popular operating system, and I can’t stomach Windows. Once Virtual Box is install, we can get started.

Step 1: Download Whonix

Navigate to this page. Hit “expand” under the first heading.

You need to download four files in total. Download the two .ova files, clocking in at just over 4Gb in total. These files are the foundations for what will be the two virtual machines: the Gateway and the Workstation.

The other two important files to download are the sha512 hash files for the .ova files.

It is important to verify all the files you download from the internet, even more so when it’s anonymity tools. We’ll walk you through the process of verifying using these two hash files.

Step 2: Verify the Downloads

Verifying the downloads can be done a few different ways, and this will vary based on operating system. If you’re on Windows, head here for a guide. If you are on a Linux distro, you more than likely already know what to do. If you’re on OSX, keep reading.

  1. First open up Terminal. You can do this by pressing Command and Space, then start typing ‘terminal’ and hit Enter.
  2. Type in ‘ls Downloads’ and hit Enter. This takes your terminal shell to the Downloads folder. If you downloaded your four files anywhere else, then you’ll need to replace ‘Downloads’ with the path to the file (in/this/format).
  3. Next, we need to get the hash of the ‘.ova’ files. Type in ‘shasum -a 512 Whonix-Gateway-’ and hit enter. Shasum is the task. This lets us dictate the hash rate of 512 (to match what Whonix have provided).
  4. Next, select the output, right click and select ‘copy.’

There are a few ways to actually verify using the hash. However, copying the file and opening the downloaded hash is, to this author, the easiest:

  1. Open up ‘Finder’ and head to ‘Downloads’ folder.
  2. Double click the file ‘Whonix-Gateway-’
  3. You choose to open with a program of your choice; head to the bottom of the list and select ‘TextEdit.’
  4. Next, hit ‘Command & F’ to open ‘Find.’ Then hit ‘Command V’ to paste the hash we obtained from the Terminal session. It should match exactly to the hash within the text file.

Repeat the entirety of this step but for the ‘Workstation’ files. Once done, you’ll have verified that you have indeed downloaded uncorrupted and accurate Whonix .ova files. Feel free to delete the two ‘.sha512sum’ files now.

Step 3: Create the Virtual Machines

Now that we have the two verified .ova files, it’s time to use them to create the two usable virtual machines. Open up Virtual Box and under ‘File’ click ‘Import Appliance.’

Click the little folder icon to the right of the file path field, and head to Downloads. Click on the Gateway .ova file and hit continue.

Then hit ‘Import.’

It’s going to essentially unpack the ‘.ova’ files. Once completed, repeat the same in step 5 for the Workstation .ova file.

After that you’ll have created the two usable, bootable virtual machines. At this point, you can choose to delete the two .ova files in your Downloads if you’re short on disk space on your computer. You won’t need them again.

With that said, if you ever want to reinstall from scratch, they may be useful later. It’s up to you.

Step 4: Boot the Two Virtual Machines

We’ve discussed above roughly how Whonix works. Both virtual machines need each other, so you need to double click on both when you want to boot the system up. Double click both now and let them get to work.

You’ll see two boxes open. These are the two machines, and they will both run similar looking logs on boot. This is a familiar sight to anyone with a Linux machine, but it may look intimidating if you’re used to a shiny OSX boot. Don’t fear—it’s just showing you what it’s doing on the boot, something which happens behind the white curtains on an OSX system, but which happens nonetheless.

Once loaded, you’ll be left with the following:

Step 5: Gateway Configuration

Head to your Gateway machine (shown in the images as the top left machine). Click through the start up wizard and warnings after reading them. They contain important information.

Click ‘I am ready to enable Tor’ on the gateway VM. The other options are most likely unnecessary, however, if you are in a country like China, clicking that ‘Tor is censored or dangerous in my area’ is an option that will be necessary.

Click through the setup options. Automatic update is recommended as it’s the most secure option. The stable repository is also recommended unless you’re testing the newer less stable versions.

Hit finish and let the system auto-boot it’s Tor connection and check for updates.

Since the Gateway is the machine that connects to the internet, it also acts as the firewall. You can configure this by clicking on the Desktop icon should you wish, but you won’t likely need to.

Your Gateway machine is now set up, connected to Tor and ready to funnel this connection through to the Workstation machine.

Optional Step

You can choose to open up the ‘Arm – Tor Controller’ program if you want to have a poke around at the data passing through the Gateway virtual machine.

Double click the icon and you will see the following information.

This step isn’t necessary, but the Gateway machine won’t be doing much else so why not give it something to do?

Step 6: Workstation Configuration

Much the same as the Gateway virtual machine, click through the warnings once you’re satisfied. The ‘first run’ setup wizard will auto-run. Choose to take updates from the stable repository (it’s important to choose stable sources for any security software).

Once finished with the ‘first run’ wizard you’ll see a ‘Connected to Tor’ notification in the lower right if all went well. The system will now check for updates in the background.

Time to click on the Tor Browser desktop icon.

The Tor Browser isn’t actually installed yet. This is presumably to keep the size of the Whonix downloads smallest. Confirm you want to download the browser, then select the most stable version.

As it downloads, it will be using the Tor network. It may take longer than you’re used to, so go make yourself a cup of coffee.

Once the download is done, it will run the browser. Hit the first link ‘Check IP.’ This will redirect you to the Tor Checker, something which you should run at every boot of the Tor Browser, just to confirm you’re connected to the network.

There! You’re done. You can now access the dark web safely and anonymously using Whonix. You have the added protection in your Workstation by using the Gateway virtual machine as a shell layer.

Whonix shields the Workstation virtual machine by isolating the virtual machine on the network. The Workstation is layered behind the Gateway, and any malicious connection attempts will in theory only get as far as the Gateway machine, which won’t contain any of your information or working files.

The most important final tip is that Whonix is not an antidote for carelessness. Humans are always the weakest elements in security systems, so be smart in the way you use this tool.



Con's education background is law, where he's published on crypto-currency regulation. His opinion editorials range across the relationships between people and technology and the societal challenges it presents. His passion is for information security and the intertwining legal issues
Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.