Tor at the Heart: Whonix

by ssteele | December 27, 2016

UPDATE, AUGUST 2020 - Since the writing of this blog post, the Tor Project Community has become increasingly concerned by reports of a pattern of tolerance for sexism, racism, and other bigotry within the Whonix community. Therefore, we can no longer endorse Whonix, and do not encourage others to get involved with them. We want to foster a diverse, inclusive, and welcoming environment for all and we feel that associating with Whonix jeopardizes these goals.

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!


Whonix is a privacy ecosystem that utilizes compartmentalization to provide a private, leak-resistant environment for many desktop computing activities. Whonix helps users use their favorite desktop applications anonymously. A web browser, IRC client, word processor, and more come pre-installed with safe defaults, and users can safely install custom applications and personalize their desktops with Whonix.

Whonix is designed to run inside a VM and to be paired with Tor. Whonix is composed of two or more virtual machines that run on top of an existing operating system. The primary purpose of this design is to isolate the critical Tor software from the risk-laden environments that often host user-applications, such as email clients and web browsers. Whonix consists of two parts: the first part solely runs Tor and acts as a gateway for a user's Internet traffic, called Whonix-Gateway. The other, called Whonix-Workstation, is for a user's work and is located on a completely isolated network. Even if the user's workstation is compromised with root privileges, it cannot easily reveal IP addresses or leak DNS requests or bypass Tor, because it has neither full knowledge nor control over where and how its traffic is routed. This is security by isolation, and it averts many threats posed by malware, misbehaving applications, and user error.

One of Whonix's core strengths is its flexibility. Whonix can run on Linux, MacOS, or Windows. It can torrify nearly any application's traffic running on nearly any operating system, and it doesn't depend on the application's cooperation. It can even isolate a server behind a Tor Hidden Service running on a separate OS. It can route traffic over VPNs, SSH tunnels, SOCKS proxies, and major anonymity networks, giving users flexibility in their system setups.

Whonix was originally built around compatibility-focused Virtualbox, then time-tested KVM was added as an option. Now Whonix is shipped-by-default with the advanced, security-focused virtualization platform QubesOS. Whonix even supports Qubes' DisposableVMs.

Whonix has a safe default configuration that includes a restrictive firewall, privacy-enhanced settings for Debian, AppArmor profiles, and pre-configured and stream isolated applications.

The Whonix team is currently focused on improving usability for new Whonix users. A Quick-Start Guide will be available shortly to allow users to install and try Whonix on most existing systems.

Whonix is based in Germany but has users and developers from around the world. Like many open-source projects, Whonix depends on the donations and contributions of supporters. It's easy to get involved!


Please note that the comment area below has been archived.

December 27, 2016


YAAAAY! Finally a blog post on Whonix :D

By the way they are looking for a new developer now

December 27, 2016


Is it really German i thought the main developer was from or living in Austria.
Would be great if you make another Tor at Heart about Qubes and Tails


To adjust your bridges in Whonix you need to edit the torrc file. If you want to have obfs4 bridges you should add:

UseBridges 1

ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed

Bridge obfs4 ........

Hope that helps!

December 27, 2016


why have not they chosen Tomoyo (apparmor is buggy) ?
i did not read that whonix could be installed (is it not a live distro ?).

December 27, 2016


firefox is not secure especially for china user,for firefox (en) will disable extension search function after auto update in china but good before update.

December 28, 2016


Whonix is a general purpose OS operating as two VMs: Tor Gateway VM and Tor Workstation (all apps can be torrified in the workstation). It also has stream isolation to make sure apps don't use the same Tor circuits.

Basically Whonix or Qubes-Whonix is what most Tor Browser users should be defaulting to, unless they want their ass hacked in the New Year.

December 28, 2016


no whonix is a virtual machine image to be run within virtualbox/vmware or Qubes OS

December 28, 2016


> Whonix was originally built around compatibility-focused Virtualbox, then time-tested KVM was added as an option. Now Whonix is shipped-by-default with the advanced, security-focused virtualization platform QubesOS. Whonix even supports Qubes' DisposableVMs.

KVM is a pretty nice option, but doesn't QubesOS use Xen for virtualization? That said, how does Whonix work under QubesOS, given that neither KVM nor Virtualbox works under Xen? Unless Whonix is able to detect and use Xen instead of KVM/Virtualbox under the hood?

In my opinion, Xen is the way to go for security. It supports things like FLASK (similar to Linux Security Modules, for the Xen hypervisor), networking domains (unprivileged virtual machines that only have access to networking hardware, the Dom0 (administrative domain) can be air-gapped), and some hardware drivers can be run in their own unprivileged mini-VMs (called Stub Domains). It supports paravirtualization for security and performance, and hardware virtualization (i.e. QEMU) for compatibility, and the QEMU emulator can even be run inside its own unprivileged paravirtual VM. If your processor has an IOMMU (Intel VT-d), Xen can even isolate DMA access by hardware assigned to an unprivileged VM. It's a really underappreciated project in my opinion.

On the other hand, I guess if you're just using Whonix as an application you install in any OS, Xen would be very cumbersome and difficult to setup for that.

There are seperate images/versions for KVM, Virtualbox and Qubes. The Qubes one is considered to be the safest and also is the easiest to set up.

is it not too much complicated ?
if whonix is not compatible with my soft & my hard ... i mean that it must work under any desktop choice xen & kde & gnome & flubox etc. and if i have intel vt-d ; it must better compatible & that without trouble, bug , ... it is not user-friendly and need too much tweak, care etc. i prefer the torproject : sandbox tor.(virtualprotection).
intel vt-d was made for communicating inside a platform over the world and manage a lot of machine and this special embedded function is a really underappreciated project in my opinion.... maybe a tor dev will know how to join the both for improving sandbox tor in a near future.

December 31, 2016


Qubes (and therefore Qubes-Whonix also) does make use of Xen, IOMMU, Intel VT-d, isolate DMA access.

Whonix was ported to Qubes. Called Qubes-Whonix. It is officially supported.

There is also Whonix for VirtualBox and KVM.