Whonix is a pair of linux VMs that route all your traffic through Tor. One VM (gateway) does tor. The other (workstation) has no direct internet at all, only a private adapter that connects to the gateway. If something in the workstation gets compromised, it still can't see your real IP, because it doesn't have a path to it.
That gateway/workstation isolation is the whole pitch and it works. The part people don't talk about as much is that the workstation VM itself has a bunch of communication channels back to the host machine, and those channels are not protected by the tor isolation at all. They're configured in VirtualBox, and VirtualBox defaults assume you want a usable desktop, not an isolated one.
I built a powershell installer for Whonix on windows. The first version downloaded the OVA, imported it, started the gateway, started the workstation. Done. I opened the workstation settings in the VirtualBox GUI to take a screenshot for the README, and saw this:
- Audio: enabled, PulseAudio driver
- Shared clipboard: bidirectional
- Drag and drop: bidirectional
- USB controller: enabled (USB 2.0 OHCI/EHCI)
- 3D acceleration: enabled
- Remote display: enabled on port 3389
For a privacy VM, every one of those is a problem.
Clipboard and drag-and-drop
Bidirectional clipboard means anything copied on the host shows up in the workstation, and anything copied in the workstation shows up on the host. If you're using Whonix to do something you don't want associated with your real identity, and you have a password manager on the host that auto-pulls clipboard, you've crossed the boundary in two directions.
Drag-and-drop is the same thing for files. Either disable both or set them to one direction. I default to off:
VBoxManage modifyvm "Whonix-Workstation-Xfce" --clipboard-mode disabled
VBoxManage modifyvm "Whonix-Workstation-Xfce" --draganddrop disabled
Audio
PulseAudio in a privacy VM is just noise (literal and figurative). The audio device gets a name from the host config, which can be a fingerprintable string. Even ignoring fingerprinting, you almost never want sound out of a tor-routed VM.
VBoxManage modifyvm "Whonix-Workstation-Xfce" --audio-driver none
USB controller
USB passthrough lets the guest see USB devices on the host. Plug in a YubiKey, the guest can read serial number, vendor ID, product ID. Same with USB drives, webcams, phones. None of that should be reachable from a workstation that's supposed to be isolated.
VBoxManage modifyvm "Whonix-Workstation-Xfce" --usb-ohci off --usb-ehci off --usb-xhci off
3D acceleration
3D accel routes guest graphics calls through the host GPU driver. The history of VM escapes through 3D drivers is long enough that it's the first thing to turn off on any VM you actually care about. For a workstation running tor browser and a text editor, you don't need it.
VBoxManage modifyvm "Whonix-Workstation-Xfce" --accelerate3d off
Remote display
Default-on RDP inside a VM that's supposed to be isolated. Bound to localhost by default, but it's still a service running that the workstation has no reason to expose.
VBoxManage modifyvm "Whonix-Workstation-Xfce" --vrde off
What I had to learn the hard way
Two things tripped me up writing this.
First, you can't apply most of these settings while the VM is running. VBoxManage gives you a polite error and exits. The installer order matters: import the OVA, configure with VM stopped, then start. I had import-then-start before I added the configure step, and the script ran without errors but quietly never applied any hardening.
Second, VirtualBox has both --clipboard-mode (newer) and --clipboard (older). Depending on which version is installed, one of them throws an unknown option error. I pin VirtualBox to a known version in the installer to dodge this, but it bit me on a friend's machine that had an old 6.x version laying around from a previous install.
The installer also does SHA-512 verification of the OVA, and there's an optional flag to pin the VirtualBox installer hash. Different post. If you trust the OS image but not the hypervisor binary, your supply chain story has a hole in it.
What still bugs me
The big one: clipboard fully off is annoying. If someone uses Whonix as a daily-driver browsing VM, they want to copy URLs in and out. The right call is probably host-to-guest only (you can paste in, the workstation can't push back to the host). I haven't shipped that change because picking a default direction the user can't easily fight is its own design problem, and I haven't decided which direction wins.
Top comments (0)