Design and Goals

From Whonix



Whonix ™ aims to preserve privacy and anonymity by helping users run applications anonymously. A web browser, IRC client, office suite, and more come pre-configured with security in mind.

Whonix ™ is a complete operating system with advanced security and anonymity features [archive]. It consists of two virtual machines -- Whonix-Gateway ™ and Whonix-Workstation ™ -- which are designed to be used on a host operating system (OS). The host OS supporting Whonix ™ is usually the one installed on the user's computer, but OSes installed on external drives will also work. Users choose the preferred Whonix ™ configuration and may use either a Type I hypervisor (Qubes-Whonix ™), or a Type II hypervisor like KVM and Virtualbox.

Whonix ™ is Freedom Software and is based on Kicksecure ™ (security-focused Linux Distribution), Tor [1], Debian GNU/Linux [2], and the principle of security by isolation.

Security by Isolation[edit]

Whonix ™ is divided into two VMs: Whonix-Workstation ™ for work activities and Whonix-Gateway ™ to enforce all Internet traffic through the Tor network. [3] This security by isolation configuration averts many threats posed by malware, misbehaving applications, and user error.

Figure: Whonix ™ Operating System Design

Whonix concept refined.jpg

Online Anonymity via Tor[edit]

Whonix ™ relies on the Tor network to protect a user's anonymity online; all connections are forced through Tor or otherwise blocked. Tor helps to protect users by bouncing communications around a distributed network of relays run by volunteers all around the world. Without advanced, end-to-end, netflow correlation attacks, anybody watching a user's Internet connection cannot easily determine the sites visited, and those sites cannot learn the user's physical location. [4]

To learn more about Tor, read the official documentation on the Tor website [archive] (.onion [archive]):

Based on Debian[edit]

Info Tip: Since Ubuntu is a Debian derivative, online help for Ubuntu most often works for Whonix ™.

In oversimplified terms, Whonix ™ is just a collection of configuration files and scripts. Whonix ™ is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Whonix ™. Likewise, most problems and questions can be solved in the same way. For example: "How do I install VLC Media Player on Whonix ™?" -- "The same way as in Debian apt-get install vlc. Whonix ™ does not break anything, limit functionality, or prevent installation of compatible software.

Whonix Version[edit]

Each Whonix ™ release is based on a particular version of Debian:

Whonix ™ version Debian Version Debian Codename
Whonix ™ 10 buster [archive]

Users can manually check the Whonix ™ version at any time by following this step.

Release Schedule[edit]

Note that Whonix ™ does not have a fixed release schedule. A new stable release only becomes available when it is deemed ready. Interested users can query the issue tracker [5] and release notes to track developer progress. Stay Tuned.

Support Schedule[edit]

Debian Hosts[edit]

New Debian Release

One month after a new stable version of Debian is released, Whonix ™ VMs may no longer be supported on any older version of Debian. All users need to upgrade the Debian platform promptly after the deprecation notice in order to use Whonix ™ safely.

New Whonix ™ Release

One month after a new stable version of Whonix is released, older versions will no longer be supported. All users need to upgrade the Whonix ™ platform promptly in order to remain safe.

Deprecation Notices

The deprecation notice is provided at least one month in advance and posted in the Whonix ™ News forum [archive]. Stay Tuned! All users need to upgrade the respective platform promptly in order to remain safe. [6]

Debian-based and Other Hosts[edit]

As per Debian Hosts.

Windows Hosts[edit]

The support schedule is mostly undefined at present, but likely to mirror Debian Hosts.

Qubes Hosts[edit]

Quote Qubes-Whonix ™ version support policy [archive]:

Whonix ™ TemplateVMs are supported by our partner, the Whonix ™ Project. The Whonix ™ Project has set its own support policy for Whonix ™ TemplateVMs in Qubes.

This policy requires Whonix ™ TemplateVM users to stay reasonably close to the cutting edge by upgrading to new stable versions of Qubes OS and Whonix ™ TemplateVMs within a month of their respective releases. To be precise:

  • One month after a new stable version of Qubes OS is released, Whonix ™ TemplateVMs will no longer be supported on any older version of Qubes OS. This means that users who wish to continue using Whonix ™ TemplateVMs on Qubes must always upgrade to the latest stable Qubes OS version within one month of its release.
  • One month after new stable versions of Whonix ™ TemplateVMs are released, older versions of Whonix ™ TemplateVMs will no longer be supported. This means that users who wish to continue using Whonix ™ TemplateVMs on Qubes must always upgrade to the latest stable Whonix ™ TemplateVM versions within one month of their release.

We aim to announce both types of events one month in advance in order to remind users to upgrade.


Table: Whonix ™ Goals, Design and Limitations

Category Description
Whonix ™ is
  • a free and open operating system
  • an anti-censorship tool
  • the first step among many in hiding a user's identity
Whonix ™ helps to
  • disguise a user's IP address
  • prevent ISP spying
  • prevent websites from identifying the user
  • prevent malware from identifying the user
  • circumvent censorship
Whonix ™ is not
  • a one-click anonymization solution

Next Steps[edit]

Learning more about Whonix ™ is the best way to determine whether it is a suitable solution in your personal circumstances. The following chapters are recommended:

  • The Warning page to understand the security limitations of Whonix ™ and Tor.
  • Further information about Whonix ™ Features.
  • The implied Trust placed in Whonix ™ when it is used.
  • The Security Guide, Advanced Security Guide and Design chapters detailing the Whonix ™ specifications, threat model and implementation.
  • Other relevant Documentation explaining how to use Whonix ™ safely.


  1. [archive]
  2. [archive]
  3. In Qubes-Whonix ™, these VMs are named sys-whonix and anon-whonix, respectively.
  4. Current practical, low-latency, anonymity designs like Tor fail when the attacker can see both ends of the communication channel (traffic going into and out of the Tor network). If both flows are visible [archive], simple statistics can determine whether they match up.
  5. For example, for the next release use the tag "Whonix ™ 16" and status "Open".
  6. This also relieves Whonix ™ developers from needing to diagnose and support old-stable versions of Qubes/Debian/Whonix ™, which duplicates the maintenance burden.


Whonix ™ About wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix ™ About wiki page Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP <>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.

Gratitude is expressed to JonDos [archive] for permission [archive] to use material from their website. (w [archive]) (w [archive]) [1] The "Summary" chapter of the Whonix ™ Design and Goals wiki page contains content from the JonDonym documentation Features [archive] page.

Fosshost is sponsors Kicksecure stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png Iconfinder Apple Mail 2697658.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Interested in becoming an author for the Whonix ™ News Blog or writing about anonymity, privacy and security? Please get in touch!

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) software / wiki. Whonix ™ is Freedom Software / Open Source. (Why?) Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network.

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor ® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.