Friday, January 4, 2013

How to Evade Government Surveillance and Stay Anonymous Online

Chris Dougherty, Contributor
Activist Post

Why stay anonymous online? In today’s society there are people and automated devices that are recording your deepest, most private thoughts and activities. Each day we voluntarily divulge the most intimate details of our lives through social networking accounts, email, banking apps, online games and more. In addition, governments and corporations can censor and block our traffic based on whatever standards are in place that day.

Government agencies, hackers and sophisticated bot networks are capturing every piece of digital data that we transmit through all of our Internet-connected gadgets. Smartphones, Smart TVs, computers, tablets, and so much more…they are all vulnerable, nothing is safe these days. Even your old clam-shell phone isn’t safe. This is because many phone providers route your calls over media using the Internet Protocol at some point within their network. For example, long distance providers transfer calls over VoIP all the time.

Whether you’re browsing the Web, signing up for a new online game, or simply checking your email, you are constantly leaving tracks and giving away information to anyone with access and the knowledge to analyze the traffic. Once the data is compiled the attacker can build an incredibly accurate profile of not only your online life but your real-world life as well.

I know, most people say, “Why would hackers want to hack into my life? I am not that important.” You have to understand that these “intruders into our lives” are scanning huge blocks of Internet addresses at a time. They don’t care who you are. Your computer is simply another target IP address as they scan through thousands of computers and devices in their search for more information. Once collected they take all the information and funnel it into databases where they can search through it later for high-valued loot.

Don’t believe me? Just read the following two stories about what our own government does:

NSA Utah Data Center Largest Spy Compound Ever – Part 1

NSA Utah Data Center Largest Spy Compound Ever – Part 2

So, the big question is, how can you stay anonymous online? Free from government censorship and potential eavesdropping from some hacker or three-letter government agency that wants to invade your privacy while you use your computer. In comes Whonix, the Anonymous Operating System!

Use Whonix, The Anonymous Operating System, Stay Anonymous Online

Whonix is a free, general purpose computer operating system based on Virtual Box, Linux and Tor. The purpose of Whonix is to allow Internet users the ability to stay anonymous online. This is most beneficial to users in regimes that censor and monitor access to the Internet, but it can also be used by anyone who values their privacy, or doesn’t want their activities tracked online.

By design, IP address leaks are meant to be impossible while using Whonix. The developers claim even malware with admin privileges can’t find the Whonix Workstation’s real IP address or location. This is because Whonix consists of two (virtual) computers. One machine acts as a gateway or router and runs only Tor, a sophisticated anonymity software. This machine is called the Whonix-Gateway. The other machine, which called the Whonix-Workstation, is on a completely isolated network that only allows Internet connections to be routed through the Whonix-Gateway.

Tor, the technology on which Whonix is built, is a free software, along with an open network consisting of thousands of computers located around the world. Together they strive to provide anonymity for individuals accessing the Internet. The Tor Project helps you defend against a form of network surveillance, known as traffic analysis, that threatens everyone’s personal freedom and privacy.

Tor helps to reduce the risks of both simple and advanced traffic analysis by distributing your Internet requests over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a hard-to-follow series of roads while driving in order to throw off somebody who is tailing you.

Whonix automatically sets up an isolated network environment where your virtual “Workstation” can perform all normal Internet related tasks such as checking email, browsing web sites, blogging, connecting to corporate VPNs, etc. However all of that outbound traffic is then routed in such a way that it can only pass through your virtual “Gateway”, which encrypts the packets and sends them over several hops on the TOR network prior to landing at their final destination.

How Whonix Works: Figure 1
Once your traffic leaves the Whonix Gateway it is routed directly through the TOR network. Instead of taking a direct route from source to destination, data packets on the Tor network take a random path through several relays, so no observer at any single point can tell where the data came from or where it’s going. The relays even take additional steps to erase your tracks periodically along the way.

How Whonix Works: Figure 2 – Routing Through TOR
In the event that the Workstation user initiates a request to a new website or Internet resource, the Gateway simply selects an alternate path through the TOR network as seen in Figure 3.

How Whonix Works: Figure 3 – Using An Alternate TOR Path
There is a bit of a caveat to this system, however. As indicated by the red dotted-lines in the images above, the last hop in the TOR network passes the traffic in the clear to the final destination. One of the primary functions of this computer, as an exit node, is to decrypt the data packets before they are passed off to their final destination. This means this exit node could be vulnerable to a man-in-the-middle attack, or it could have even been placed there for the specific purpose of monitoring exit traffic by a hacker or government agency. While the exit node would still have no information regarding the IP address or location of the original Workstation user, it would know the type of Internet request that they sent to the destination server.

This scenario can be averted by using SSH tunnels or a VPN on top of the TOR network. One would only have to install the appropriate software on the Whonix Workstation in order to provide an end-to-end encryption solution for the traffic. Another method to bypass the man-in-the-middle scenario would be to employ the use of TOR Private Bridges or Private Exit Nodes.

It is important to note however that Whonix can be effectively used by most people right out of the box for web browsing, blogging and private conversations.

In order to make use of Whonix you will need to download a free copy of VirtualBox from the link below:

Once VirtualBox has been downloaded and installed you can download the Whonix-Workstation and the Whonix-Gateway packages from SourceForge:

Once downloaded, just import the machine files into VirtualBox as-is and start them up, you don’t need to change any settings…also be sure to start the Whonix-Gateway machine before firing up the Workstation image.

The default login credentials for both virtual machines are as follows:


Username: user
Password: changeme

Username: root
Password: changeme


Once the images have completed the boot process you can login and run the “whonixcheck” command from the CLI (command line interface) in order to verify proper connectivity to the TOR network. The Workstation output should look similar to the following (click image to enlarge):

How Whonix Works: Figure 4 – Workstation output from the “whonixcheck” command.
Be sure to watch for my article in the next few days detailing step-by-step instructions on how to install VirtualBox and Whonix on your computer. Let me know what you think of this anonymity solution in the comments below…

Chris Dougherty is a hacker and online security expert.  Please visit his blog,, for more excellent news and information about protecting yourself in cyberspace.


This article may be re-posted in full with attribution.


If you enjoy our work, please donate to keep our website going.


Anonymous said...

What about using a VPN service? I though using VPN was enough?

Anonymous said...

Do not use Whonix. It will not be safe from spyware.

No computer environment is safe from spyware if the operating software -Windows, Linux OS -is running from a read - write drive like a computer hard drive.

You should only use a live Linux CD or DVD which you boot and run your computer from the CD or DVD and not your hard drive.

Just download and use Tails which is a live Linux DVD which is free and easy to use and it connects to the Tor VPN network.

Using Virtual Box and Whonix will not give you any security or protection from spyware.

Anonymous said...

Startpage also tries to claim the same thing.
IMO, nothing we do online is anonymous.

Always tell the truth, always assume what you write will be recorded and could in some way be used by the authorities against you.
I advocate peaceful informed aware resistance and believe that until a critical mass of people wake up, nothing will change. I have my doubts that this critical mass will ever be reached, but we all have to try to help make it happen anyways.

Anonymous said...

Startpage was explained very good & tested & so far has worked, go to startpage & see what you think!

Anonymous said...

I hope starpage works, we need it.

Anonymous said...

Tor is a good start, but it's not enough. Do a net search for "tor exit nodes Washington D.C." to see what you're up against. For example, see:

For a pretty thorough description of what remaining "anonynous" on the internet entails, see:

Note that this is from May 2nd, 2007, and technology has grown in abilities and installations since then. I run nothing but Linux. Contrary to a previous post here, there is no Linux "spyware", unless you count the listening stations installed on the internet by government agencies and private organizations.

Anonymous said...

I use Startpage and it works well.

Anonymous said...

Thanks for posting this.

Trina Hays said...

I feel the same way :)

Anonymous said...

The problem with Startpage is it won't allow you to login to any account, it only keeps your net surfing anonymous. If you attempt to go through Startpage to login to an account, it will say, "to safeguard the users' security, Startpage Proxy does not support most forms. Would you like to submit this form to the original site, without proxy?".

Anonymous said...

I use iPredator vpn. Costs money but I can surf safely and appears I'm in Sweden. My husband and kids use different vpns. I haven't tried Linux because of the software issue. It will take time to research all that. I also use Countermail for my encrypted email.

Anonymous said...

Just wanted to add my 2 cents :

- Commercial/Free VPN service alone does not ensure to anonymity, even if the provider doesn't have your name/cc info. You have to connect to a VPN server, then your traffic is re-routed to the destination via such server. If necessary narcs can force the provider to release a log, or start logging your activity.

- Using Tor cannot guarantee your anonymity either, but it guarantees that narcs will need coordinated efforts from other narcs around the world to attempt to trace back to you. -- Usually, they don't have to try that hard, the target usually leaks his/her identity in some other way.

- As mentioned by other poster, using this kind of anonymity OS on a Virtual Machine gives you low confidence of security. Your host machine could have been bugged and logging anything you do on your computer. -- Your best bet is to burn the OS on the CD/DVD, then boot up from said CD/DVD when you need anonymity.

- A so-called web-based, encrypted email service cannot give you high degree of confidence. While you hold the encryption key on your computer, a piece of software (applet) from the provider must run on your computer to use the key to encrypt/decrypt email. -- Theoretically, your private key should never be transmitted to the provider.

But, the only way to guarantee that no private key or decrypted message will be leaked by the applet is to do full audit on the source code. In the past, some providers provide applet's source code for full audit, and an applet built from such source matches the applet sent from the provider.

Mysteriously, some time later, the applet built from the source no longer match the one from provider. Theoretically, narcs could "convince" the provider to bug the applet to steal your encryption key / decrypted message.

The ONLY way to ensure security of encrypted email is to encrypt/decrypt emails on YOUR secure machine, using the software that YOU trust. If you got it right, you can even use Gmail for your email. No need to pay for a so-called encrypted webmail which can be easily compromised by narcs.

False security is much worse than no security at all.

Anonymous said...

Keep getting this error and can't seem to find a solution on the forums, looking forward to next article!


VMDK: Compressed image is corrupted 'C:\Users\computer\Documents\Virtual Machines\Whonix-Workstation-disk1.vmdk' (VERR_ZIP_CORRUPTED).

orgoknight said...

wasnt TOR developed by the military at the first place?!

Passionate Pragmatist said...

I use StartPage and IxQuick and I hope they truly are anonymous browsers.

wiggleware said...

Anonymous disposable email helps, too:

Felix said...

There is a tool to check if you are really anonymous

Post a Comment