I also recently found ParrotSec OS I was using it as my main OS for about a month or two. I mostly used it because it is a Debian fork and it featured the latest of any programming language I wanted, which is great for me. I stopped using it because it felt cluttered for me to have so many different pentesting type of tools. It had built in support for connecting you to Tor and forcing all connections to go through Tor out of the box. A lot of things I don't need but others might find interesting. I may return to it now that they're building a flavor for developers. It comes with a few text editors out of the box including Atom. I wish Whonix would compare ParrotSec too. :)
Used parrotOS 2 years ago. I think it was newish then. Liked it a lot. Was fairly polished then. What do you use it for and what features do you like most?
I really just used it for programming. I loved having the latest of any programming language compiler / interpreter when I used it. Something I don't see in Ubuntu / Debian flavors I try. I'm using ElementaryOS atm because I like how minimal it is, I bring in what I need after installation. They have a "Studio" flavor that I wanted to try, but the Network manager seemed to be broken from install, I remember installing KDE from the ParrotOS based I installed initially and had the same problem, the networking wireless icon is completely missing. If they fix that on their "Studio" release I may start using it again. I enjoyed it overall. My only other issue was that I didn't need the "tools" ParrotSec came with. I would definitely recommend ParrotSec OS overall.
Linux Distros are always behind, and in the case of Ubuntu / Debian Python is locked into whatever they release because the OS actually relies on whatever version of Python they released the OS with, if you upgrade to latest and greatest on Debian Wheezy e.g. you might find your OS has bugs that Ubuntu 16.04 doesn't see (both use similar packages).
I guess it's mostly for interpreted languages. Try installing (not that I use it) Eclipse the Java IDE as another example, it's usually dated enough. This is probably why people use bleeding edge distributions. I guess in the case of compilers it's not as bad, though you can't usually get the latest and greatest Go compiler either, you have to grab the .deb off the website or use other tools. At least Rust just hands you rustup so I don't need to worry about this in the case of Rust, but with other languages like Python it's a concern of mine.
Qubes does not use Whonix for anything. Whonix can use Qubes, though.
Qubes and Whonix are fundamentally different. They attempt to solve two different issues.
Whonix solves privacy via obfuscation, Qubes solves security through virtualization / compartmentalization and specifically does not believe in security by obfuscation. You do not have to choose between the two if you run Whonix inside of Qubes, but I have a feeling most users who think they want privacy really want security, and it would be a hassle to constantly use Whonix.
I highly recommend Qubes, if you aren't already using it. It isn't for the faint of heart, however, and there are a long list of bugs to squash and features to add. Things are coming along nicely though, and this year they plan to test-drive corporate support for Qubes OS as a business platform, which if successful should give them quite a bit of capital for expansion and auditing of essential code.
Important distinction in terminology. Qubes _runs_ Whonix, Whonix can _use_ Qubes as a host. And the Whonix workstation is an optional addition that a lot of users find no need for. It does not come preloaded, you must enable it during installation. But Qubes does not use Whonix anymore than Windows uses Firefox when you run the firefox process.
In software, when you say something "uses" something, you are implying it uses it as a backend or API. But Qubes does not communicate with nor expose any information to Whonix, and especially does not utilize it for any sort of functionality.
sounds like a distinction without a significant difference. "To improve your privacy and anonymity on the internet, you can install the Whonix Template on your Qubes machine." https://www.qubes-os.org/doc/whonix/ to me that makes it sound like the quebes-os people use whonix to improve privacy
Why do you think an operator of a computer is called a user?
I use Qubes and do not use Whonix, and most users don't either. Qubes is security-focused, offering increased privacy in the process, but Whonix is for the privacy-focused and has separate use-cases. I'm not a journalist in some 3rd world dictatorship so using Whonix would just degrade my user experience.
But that's the thing. As users, we can use a piece of software, but our operating system is not using anything. And it is erroneous and misguiding to say that Qubes OS "uses" Whonix, because again, that implies special meaning, such as using it as a backend for main internet access. This isn't some trivial distinction. It is a very basic, important distinction when you are talking about software.
You may not personally launch Xfce Terminal either but it doesn't mean Qubes doesn't use it as a terminal emulator. Qubes uses Whonix for anonymous VMs. It's bizarre that you're so set on making this distinction that not even the creators attempt to make.
Oh? Can you provide context where they say that Qubes uses Whonix? Under their doc file for Whonix they just mention that, if you want to use Tor, Qubes can make use of Whonix as a ProxyVM. That is the correct usage of the term "use". But not only is that not the same thing as using Whonix for a general backend for operation, many users forgo installing Whonix altogether.
This whole thing devolved from me just trying to make a distinction for other HN users so that they wouldn't get the wrong idea and not try out Qubes because they might think the systems are coupled and are worried of, say, being hacked by the FBI and put on more lists for using Tor.
Sorry to nitpick, but I believe you meant to say something along the lines of "Whonix runs on top of Qubes as a VM (virtual machine), just like any other typical OS does in Qubes."[1]
Not only are you not required to route traffic over Tor, but you can create arbitrary tree network topologies for all VMs.
For example, see the screenshot on https://github.com/kbrn/qubes-app-print-vm-status. VMs can access the 'net through "sys-firewall" (i.e. in the clear); or through "[redacted]-vpn", which has firewall rules enforced by "sys-firewall" that reject any traffic not to the designated VPN endpoint; or through "sys-whonix", which obviously routes all traffic over Tor.
Another great feature afforded by combining Qubes and Whonix is that it's trivial to use Whonix as a disposable VM, so you can really be sure one browser instance (say, for porn) can never affect another browser instance (say, for Facebook, or for leaking the next tranche of NSA docs).
Let's say I'm living in, say, Russia and I use this distro. Let's say I want to say some nasty things about Putin. Let's say they are so nasty, that Putin may want to kill me as a result. If I use this OS, is it possible to post the content in a way people can find it and not be identified? If so, what other steps would I have to take to do?
Is this a crazy question?
Are there trusted resources that spell out how to do it?
The Grugq has some awesome write ups on OpSec. He is the authoritative source on it. Google around for his tumblr, medium posts, and grugq's github [1].
Whonix theoretically provides better protection against de-anonymization via through-the-browser attacks, because it runs the Tor router and in a separate virtual machine from user applications like the browser. So if the browser is compromised, it can't "phone home" to the attacker over the regular internet: all the attacker's traffic is obliged to go over tor, unless he/she can break out of the VM.
Whonix can be configured to be not persistent, and Tails can be configured to be persistent. Out of the box configuration is the biggest difference. However, Whonix is set up to be run as a set of virtual machines. One of the reasons I like Whonix better is that this dual virtual machine setup means that, should you get kicked off of Tor in the virtual machine that acts as a gateway, the other virtual machine does not have any fallback connection, effectively preventing accidental access of the internet while unprotected.
The added risk to Whonix is that if your host system is sufficiently compromised, there's no real guarantee of anonymity. A lot of people end up running Tails in a VM, though, and someone has to be pretty serious about wanting to see what you're doing for that to be a real issue.
It can mount HD, but the read/write privileges are the same as any other OS I imagine. I've copied files from my HD to Tails, but I've yet to try dropping files into the shared folder on my HD.
I agree it should probably say "Whonix - A Linux Distro for..." Minor detail, though.
For others reading, a new OS for anonymity would be something like removing identifiers from and integrating Tor with seL4 (or Fiasco.OC), Genode, EROS, ExpressOS, or Redox. Key components of these don't make up a whole OS but could be with specific tech and a UI.
The VMs are just another measure added for anonymity not privacy. Specifically with regards to security we take anonymity to mean generally speaking protecting who we are and privacy to mean protecting what we are doing.
As an example; when I log in to my bank account this should be using a secure connection, but if I'm doing this from an internet cafe connecting to an untrusted wifi network I could be at risk that someone is ARP spoofing + SSL stripping. To not put myself at risk I would use a VPN with end to end encryption. This is privacy; I want to protect my banking data, but it does not provide anonymity; I do not care that anyone knows I'm checking my bank account so long as they can't steal my login/password.
Theoretically, nothing. In practice, the isolation it relies on is somewhat weak. And in general, it is new and exciting and changing frequently, which means security bugs. Also, most people seem to rather suck at configuring it, as far as I've seen. (That's not per se a problem with Docker, but it is frequently a problem with Docker as-deployed.) And then there are potential kernel bugs.
When talking about "trusting X", one always has to answer the question "trust X to do what, exactly, under what circumstances?" I don't yet trust Docker to be secure enough for production, internet-exposed business use. I know other people disagree; YMMV.
This link was really helpful and thorough:
https://www.whonix.org/wiki/Comparison_with_Others#General