Tor at the Heart: Whonix

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!


Whonix is a privacy ecosystem that utilizes compartmentalization to provide a private, leak-resistant environment for many desktop computing activities. Whonix helps users use their favorite desktop applications anonymously. A web browser, IRC client, word processor, and more come pre-installed with safe defaults, and users can safely install custom applications and personalize their desktops with Whonix.

Whonix is designed to run inside a VM and to be paired with Tor. Whonix is composed of two or more virtual machines that run on top of an existing operating system. The primary purpose of this design is to isolate the critical Tor software from the risk-laden environments that often host user-applications, such as email clients and web browsers. Whonix consists of two parts: the first part solely runs Tor and acts as a gateway for a user's Internet traffic, called Whonix-Gateway. The other, called Whonix-Workstation, is for a user's work and is located on a completely isolated network. Even if the user's workstation is compromised with root privileges, it cannot easily reveal IP addresses or leak DNS requests or bypass Tor, because it has neither full knowledge nor control over where and how its traffic is routed. This is security by isolation, and it averts many threats posed by malware, misbehaving applications, and user error.

One of Whonix's core strengths is its flexibility. Whonix can run on Linux, MacOS, or Windows. It can torrify nearly any application's traffic running on nearly any operating system, and it doesn't depend on the application's cooperation. It can even isolate a server behind a Tor Hidden Service running on a separate OS. It can route traffic over VPNs, SSH tunnels, SOCKS proxies, and major anonymity networks, giving users flexibility in their system setups.

Whonix was originally built around compatibility-focused Virtualbox, then time-tested KVM was added as an option. Now Whonix is shipped-by-default with the advanced, security-focused virtualization platform QubesOS. Whonix even supports Qubes' DisposableVMs.

Whonix has a safe default configuration that includes a restrictive firewall, privacy-enhanced settings for Debian, AppArmor profiles, and pre-configured and stream isolated applications.

The Whonix team is currently focused on improving usability for new Whonix users. A Quick-Start Guide will be available shortly to allow users to install and try Whonix on most existing systems.

Whonix is based in Germany but has users and developers from around the world. Like many open-source projects, Whonix depends on the donations and contributions of supporters. It's easy to get involved!


December 27, 2016


YAAAAY! Finally a blog post on Whonix :D

By the way they are looking for a new developer now

I skimmed their blog and a couple of their forums but didn't see anything about a new dev spot. Can you link? Not a dev myself, just want to see more.


December 27, 2016


Is it really German i thought the main developer was from or living in Austria.
Would be great if you make another Tor at Heart about Qubes and Tails


To adjust your bridges in Whonix you need to edit the torrc file. If you want to have obfs4 bridges you should add:

UseBridges 1

ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed

Bridge obfs4 ........

Hope that helps!

why have not they chosen Tomoyo (apparmor is buggy) ?
i did not read that whonix could be installed (is it not a live distro ?).

Unpopular. Too few usage examples. It's a volunteer project. No one contributed that.

firefox is not secure especially for china user,for firefox (en) will disable extension search function after auto update in china but good before update.

Whonix uses Tor Browser which at the moment is the most sophisticated browser for privacy and anonymity.

so do not use tor to bandage with firefox,but google.

Whonix is a general purpose OS operating as two VMs: Tor Gateway VM and Tor Workstation (all apps can be torrified in the workstation). It also has stream isolation to make sure apps don't use the same Tor circuits.

Basically Whonix or Qubes-Whonix is what most Tor Browser users should be defaulting to, unless they want their ass hacked in the New Year.

no whonix is a virtual machine image to be run within virtualbox/vmware or Qubes OS

Whonix in VMware is not really maintained at this time.

> Whonix was originally built around compatibility-focused Virtualbox, then time-tested KVM was added as an option. Now Whonix is shipped-by-default with the advanced, security-focused virtualization platform QubesOS. Whonix even supports Qubes' DisposableVMs.

KVM is a pretty nice option, but doesn't QubesOS use Xen for virtualization? That said, how does Whonix work under QubesOS, given that neither KVM nor Virtualbox works under Xen? Unless Whonix is able to detect and use Xen instead of KVM/Virtualbox under the hood?

In my opinion, Xen is the way to go for security. It supports things like FLASK (similar to Linux Security Modules, for the Xen hypervisor), networking domains (unprivileged virtual machines that only have access to networking hardware, the Dom0 (administrative domain) can be air-gapped), and some hardware drivers can be run in their own unprivileged mini-VMs (called Stub Domains). It supports paravirtualization for security and performance, and hardware virtualization (i.e. QEMU) for compatibility, and the QEMU emulator can even be run inside its own unprivileged paravirtual VM. If your processor has an IOMMU (Intel VT-d), Xen can even isolate DMA access by hardware assigned to an unprivileged VM. It's a really underappreciated project in my opinion.

On the other hand, I guess if you're just using Whonix as an application you install in any OS, Xen would be very cumbersome and difficult to setup for that.

There are seperate images/versions for KVM, Virtualbox and Qubes. The Qubes one is considered to be the safest and also is the easiest to set up.

Thanks. So is Whonix just a guest OS image then? And not an application you install inside the host also?

Yes, OS images for various virtualizers.

is it not too much complicated ?
if whonix is not compatible with my soft & my hard ... i mean that it must work under any desktop choice xen & kde & gnome & flubox etc. and if i have intel vt-d ; it must better compatible & that without trouble, bug , ... it is not user-friendly and need too much tweak, care etc. i prefer the torproject : sandbox tor.(virtualprotection).
intel vt-d was made for communicating inside a platform over the world and manage a lot of machine and this special embedded function is a really underappreciated project in my opinion.... maybe a tor dev will know how to join the both for improving sandbox tor in a near future.

Very interesting! I also think Xen is really underappreciated project.

Qubes (and therefore Qubes-Whonix also) does make use of Xen, IOMMU, Intel VT-d, isolate DMA access.

Whonix was ported to Qubes. Called Qubes-Whonix. It is officially supported.

There is also Whonix for VirtualBox and KVM.