2025-01-08 03:12:06 +07:00
6 changed files with 6 additions and 218 deletions
--- a/content/tutorials/whonix-on-kvm/feature-whonix-kvm.jpg
+++ b/content/tutorials/whonix-on-kvm/feature-whonix-kvm.jpg
--- a/content/tutorials/whonix-on-kvm/index.md
+++ b/content/tutorials/whonix-on-kvm/index.md
@ -1,212 +0,0 @@
 ---
 title: Whonix on KVM for Online Privacy
 description: Get started with Whonix KVM, how to install and configure this secure environment for better online privacy.
 summary: Get started with Whonix KVM, how to install and configure this secure environment for better online privacy.
 date: 2024-11-17T17:30:00+07:00
 lastmod:
 draft: false
 noindex: false
 nav_weight: 1000
 categories:
    - Privacy
 tags:
    - Whonix
    - KVM
    - Linux
 images:
 authors:
    - ditatompel
 ---
 In today's digital age, online privacy is a crucial aspect of our lives. With
 the increasing amount of personal data being collected and stored online, it is
 essential to understand the importance of protecting our individual rights to
 privacy.
 ## Intro to Whonix
 If you're looking for a solution to protect your online privacy,
 [Whonix][whonix-web] is an excellent option. Whonix is a Linux-based
 distribution specifically designed with privacy and security in mind, providing
 its users with a robust platform for shielding their digital footprints.
 One of the key features that makes Whonix an attractive option for me is its
 KVM images. These images enable users to create isolated virtual machines that
 can be easily spun up and down as needed.
 In this article, I will summarize my steps to set up and run Whonix system
 using KVM and Virt-Manager. This covers everything from creating the KVM
 images and virtual networks for both the Gateway and Workstation
 configurations to successfully booting up your secure Whonix environment.
 However, before starting, you need to install [KVM][kvm-web] and
 [Virt-Manager][virt-manager-web] first. I have uploaded a [video documentation
 of my installation process for Virt-Manager on Arch
 Linux][virt-manager-install-yt]; please watch the video if needed.
 ## Download and Configuring Whonix KVM
 Download the [compressed archive of Whonix KVM][whonix-kvm-archives] from its
 official page and place it in the `~/Downloads` directory. There are two
 versions: GUI and CLI. The Whonix CLI version is designed for advanced users
 who want to use Whonix without a graphical user interface (GUI). In this
 article, I will be using the GUI version, which uses **Xfce** as its desktop
 environment.
 Extract the downloaded archive using the `tar` utility:
 ```shell
 cd ~/Downloads
 tar -xvf Whonix*.libvirt.xz
 ```
 The extracted archive contains important documents, including the License
 Agreement and disclaimer, as well as XML templates and Whonix image files for
 both Gateway and Workstation.
 You can modify the XML files and adjust the virtual machine settings before
 importing them. But, unless you're familiar with libvirt's XML structure,
 editing the default configuration is not recommended; instead, make
 modifications through Virt-Manager later if needed.
 ### Adding Whonix Virtual Networks
 To add virtual networks for your Whonix virtual machines, import both
 `Whonix_external_network.xml` and `Whonix_internal_network.xml` by issuing
 these commands:
 ```shell
 sudo virsh -c qemu:///system net-define Whonix_external*.xml
 sudo virsh -c qemu:///system net-define Whonix_internal*.xml
 ```
 Open the Virt-Manager application, right-click on your KVM connection, and
 select **"Details"** from the menu. Then, go to the **"Virtual Networks"** tab
 and ensure that the **"Auto Start on Boot"** checkbox is checked for both
 Whonix Internal and Whonix External virtual networks.
 ![Whonix Network Auto Start](whonix-network-auto-start.jpg#center)
 The Whonix Internal network is an isolated, virtual network shared between
 the Whonix-Gateway and the Whonix-Workstation. This network is entirely
 separate from the external network and does not directly connect to the
 Internet.
 The external network used by the Whonix-Gateway to establish a connection with
 the Tor network via the host machine's network interface. In summary, the
 Whonix-Gateway acts as the sole router for the Whonix-Workstation, ensuring
 that all traffic is anonymized through the Tor Network.
 ![Whonix Concept](whonix-concept-detailed.jpg#center)
 ### Whonix Image Files
 The Whonix XML files are configured to use image files from the
 `/var/lib/libvirt/images` directory, which is the default libvirt storage
 location for most Linux distributions.
 Go back to the terminal and move the Whonix VM image files to the
 `/var/lib/libvirt/images` directory:
 ```shell
 sudo mv Whonix-Gateway*.qcow2 /var/lib/libvirt/images/Whonix-Gateway.qcow2
 sudo mv Whonix-Workstation*.qcow2 /var/lib/libvirt/images/Whonix-Workstation.qcow2
 ```
 **Note**: Whonix disk images are **sparse files**, which means that you need
 to use the `--sparse=always` flag when copying them instead of moving them. For
 example:
 ```shell
 sudo cp --sparse=always Whonix-Gateway*.qcow2 /var/lib/libvirt/images/Whonix-Gateway.qcow2
 sudo cp --sparse=always Whonix-Workstation*.qcow2 /var/lib/libvirt/images/Whonix-Workstation.qcow2
 ```
 ### Importing Whonix VM Templates
 Import your Whonix-Gateway and Workstation virtual machines from the XML
 configuration file. To do this, run the following commands in the terminal:
 ```shell
 sudo virsh -c qemu:///system define Whonix-Gateway*.xml
 sudo virsh -c qemu:///system define Whonix-Workstation*.xml
 ```
 Note that these commands will import the XML configuration files and create the
 corresponding virtual machines. Make sure you have the correct file names and
 paths to avoid errors.
 Additionally, after importing the templates, you may want to verify that your
 virtual machines are created successfully by checking their status using the
 following command:
 ```bash
 sudo virsh list --all
 ```
 This will display a list of all the virtual machines running on your system,
 including the Whonix-Gateway and Workstation.
 ### Whonix-Gateway CLI mode
 If your host operating system has limited RAM, you can run Whonix-Gateway in
 CLI mode by simply changing the memory allocation to 512MB or less. However,
 please be aware that resource-intensive operations, such as upgrading the
 operating system with a minimum amount of memory, can cause virtual machines
 to freeze or become unresponsive. To avoid this, make sure to allocate
 sufficient resources to your Whonix VMs, especially when performing any
 software updates or upgrades.
 Apart from controlling Tor and installing updates, there is not much else to
 do on Whonix-Gateway. Activities such as running applications, especially the
 Tor Browser, should never be started on Whonix-Gateway. Instead,
 all user-centric applications ought to be launched from Whonix-Workstation to
 safely utilize the Tor network.
 ## Using Whonix-Workstation
 Since Whonix-Workstation relies on Whonix-Gateway for online functionality, you
 need to start the Whonix-Gateway before booting up the Whonix-Workstation.
 Failure to do so will result in the Whonix-Workstation being unable to connect
 to the Internet or access external resources.
 ### Pre-installed Applications and Utilities
 Whonix-Workstation provides bunch of utilities to maintain the VM, such as
 upgrading the operating system without requiring root privileges using
 `upgrade-nonroot` utility. It also provides stream isolation for many
 pre-installed or custom-installed applications, such as **Hexchat** and
 **Thunderbird**, using a dedicated Tor `SocksPort` to prevent identity
 correlation that may otherwise occur.
 ## My View on Privacy and Anonymity
 Online privacy and anonymity have become intertwined concepts, but, they're
 not exactly the same thing. In my view, online privacy refers to the ability
 to control who has access to our personal information, while online anonymity
 refers to the ability to conceal or hide our identity online.
 Online anonymity can often increase online privacy in several ways:
 1. **Masking Personal Data**: By using Tor or I2P, individuals can mask their
   IP addresses, locations, and browsing habits.
 2. **Reducing Surveillance**: Online anonymity can reduce the amount of
   surveillance being conducted on individuals, as it becomes harder for
   governments and corporations to monitor their online interest and activities.
 But I'm a little skeptical about online anonymity. I believe that with
 sufficient time, power, and resources, it's possible to trace everything back
 to its origin. While this might sound pessimistic, it's a harsh reality we must
 confront. With advancements in technology and data collection, it has become
 increasingly easy for governments, corporations, and hackers to track down
 individuals online.
 Although online anonymity can increase online privacy, it's not a foolproof
 solution. However, it's always a good idea to use a combination of tools and
 strategies to maintain online privacy and security.
 [whonix-web]: https://www.whonix.org "Whonix Official Website"
 [kvm-web]: https://linux-kvm.org/page/Main_Page "KVM Official Website"
 [virt-manager-web]: https://virt-manager.org/ "Virt-Manager Official Website"
 [virt-manager-install-yt]: https://www.youtube.com/watch?v=Y01SwRqkX8I "My Virt-Manager Installation Process Video"
 [whonix-kvm-archives]: https://www.whonix.org/wiki/KVM#Download_Whonix
--- a/content/tutorials/whonix-on-kvm/whonix-concept-detailed.jpg
+++ b/content/tutorials/whonix-on-kvm/whonix-concept-detailed.jpg
--- a/content/tutorials/whonix-on-kvm/whonix-network-auto-start.jpg
+++ b/content/tutorials/whonix-on-kvm/whonix-network-auto-start.jpg
--- a/go.mod
+++ b/go.mod
@ -63,7 +63,7 @@ require (
 	github.com/hugomods/base v0.7.2 // indirect
 	github.com/hugomods/bootstrap v0.23.0 // indirect
 	github.com/hugomods/code-block-panel v0.7.1 // indirect
-	github.com/hugomods/font-awesome v6.7.1+incompatible // indirect
+	github.com/hugomods/font-awesome v6.6.0+incompatible // indirect
 	github.com/hugomods/fuse-js v0.1.0 // indirect
 	github.com/hugomods/giscus v0.1.1 // indirect
 	github.com/hugomods/google-adsense v0.2.1 // indirect
@ -72,7 +72,7 @@ require (
 	github.com/hugomods/i18n-js v0.2.1 // indirect
 	github.com/hugomods/icons v0.6.6 // indirect
 	github.com/hugomods/icons/vendors/bootstrap v0.5.9 // indirect
-	github.com/hugomods/icons/vendors/font-awesome v0.6.12 // indirect
+	github.com/hugomods/icons/vendors/font-awesome v0.6.10 // indirect
 	github.com/hugomods/icons/vendors/simple-icons v1.0.60 // indirect
 	github.com/hugomods/idb-js v0.1.0 // indirect
 	github.com/hugomods/images v0.11.2 // indirect
--- a/go.sum
+++ b/go.sum
@ -118,8 +118,8 @@ github.com/hugomods/bootstrap v0.23.0 h1:/Mj6VCk+xUNan72m4ulupu+oRug7IuvpBO1jp+M
 github.com/hugomods/bootstrap v0.23.0/go.mod h1:eL5Y6abDndTt/LZu1VtgprvkdZgsV7/d3jpSoCcDkKQ=
 github.com/hugomods/code-block-panel v0.7.1 h1:WP3xzQC++Bh5SiSke0csO0H1O4G6VejwdPazHD9DY5o=
 github.com/hugomods/code-block-panel v0.7.1/go.mod h1:3J9yUxaShbhYvFFZbGVHcBoHPl6TUKLL3f2fTsnVNNg=
-github.com/hugomods/font-awesome v6.7.1+incompatible h1:eM2vtHyQJVMnD9tgdGFbEgEiPh3sqnmu3EP3CFTyPLY=
+github.com/hugomods/font-awesome v6.6.0+incompatible h1:LRI2HqrbS2epfl5/DOfPzpCI6H33GBss1SLb670GsLw=
-github.com/hugomods/font-awesome v6.7.1+incompatible/go.mod h1:C2wW6xDvHkcMlJMVTPQ+Npt+rO0OGv13xT1iyll2z2Q=
+github.com/hugomods/font-awesome v6.6.0+incompatible/go.mod h1:C2wW6xDvHkcMlJMVTPQ+Npt+rO0OGv13xT1iyll2z2Q=
 github.com/hugomods/fuse-js v0.1.0 h1:CmWHBZANvjOP44RDNQNLntqlLf9GLqeM29jekxTNcPE=
 github.com/hugomods/fuse-js v0.1.0/go.mod h1:srCqvtBQR02HS/abTraDU4oINv1D3PljNPdexdoHhpo=
 github.com/hugomods/giscus v0.1.1 h1:Kb8137Cp2nQJPFb6e+CdXy8nyIAJ2dFIymG4bDdaXWI=
@ -136,8 +136,8 @@ github.com/hugomods/icons v0.6.6 h1:gGlafcBDRP7sSID+tgLcWdog+s/QBj8DIfU+h9tZj1U=
 github.com/hugomods/icons v0.6.6/go.mod h1:cIkSvK6W0q6N4U6n9KGz+QfRWQXAW0INd+1P31gPNGg=
 github.com/hugomods/icons/vendors/bootstrap v0.5.9 h1:IlKsW1iybTNZLYnMipyc2d9w51rUtu89lPMkocGaP6c=
 github.com/hugomods/icons/vendors/bootstrap v0.5.9/go.mod h1:DuB5N1o3GCUyvYFnEeBvJRBrCHqbMWEbjoEWVLULggw=
-github.com/hugomods/icons/vendors/font-awesome v0.6.12 h1:I8ckJFuxr8mD8bJ4NX9NrmnHd3f6XvITuD2ME8a9wXc=
+github.com/hugomods/icons/vendors/font-awesome v0.6.10 h1:rneykY+FWcFpyBhTbva5tP4vZJd+mKsIUGxRIJ9LjB8=
-github.com/hugomods/icons/vendors/font-awesome v0.6.12/go.mod h1:6YBo/5GaNpAocKwnKNWcd9xkliiRJXmwz2mstY5lr9I=
+github.com/hugomods/icons/vendors/font-awesome v0.6.10/go.mod h1:3izAIdRkMg2O0N1RWB4Uw615VErx75b/nC/199BYV50=
 github.com/hugomods/icons/vendors/simple-icons v1.0.60 h1:cfAx6+n6XQfEOoGIzdLqRQzGzfc3xq5Sjy3Hx1oUrDs=
 github.com/hugomods/icons/vendors/simple-icons v1.0.60/go.mod h1:/skqfU1fJ+WnPV8nX3sP2yTBJc7PLMdciMp8qNXDKYU=
 github.com/hugomods/idb-js v0.1.0 h1:mA6hEGtR0aFEdmq9zYMGpfSpCU6SMilx9RzC4uK3DqY=