Computer Security Introduction

From Whonix


Whonix ™ comes with many security features [archive]. Whonix ™ is Kicksecure ™ Security Hardened by default and also provides extensive Documentation including a Security Hardening Checklist. The more you know, the safer you can be.

This page is an introduction into computer security.


Whonix ™ first time users warning Before reviewing chapters in the Computer Security section, be sure to also read the Warning page.

Info Wiki entries in this section purposefully focus on:

  • General computing security information.
  • Host operating system security advice.
  • Preparatory steps before installing Whonix ™ using a Type I hypervisor (Qubes-Whonix ™) or a Type II hypervisor like VirtualBox or KVM.

General Advice[edit]

With its default settings, Whonix ™ may provide better protection than Tor alone. Achieving greater security depends on how much time the user is willing to invest in Whonix ™ configuration. Security also rests upon the daily practices and procedures that have been adopted by the user, see Documentation.


Info It is important to store multiple, encrypted backups of sensitive data.

If the user does not possess at least two copies of the original data, then it should be considered lost. The reason is data on one medium might become inaccessible and beyond repair at any minute. In this case, the computer would not even detect the risk, so data recovery tools would not be of help either. [1]

Best practice recommendations:

  • Store the original, encrypted file on a medium like the internal hard drive.
  • Create a first encrypted backup: for example, on an external hard drive from manufacturer A.
  • Create a second encrypted backup: for example, on an external hard drive from manufacturer B.

For greater security and to protect from incidents like fire or theft, backups in separate physical locations are recommended. Additionally, backups can be stored on remote servers, but the user must be sure it is encrypted properly. [2]

Safer Upgrades[edit]

If Whonix ™ is already installed, before a Whonix ™ upgrade is performed on the current platform it is best to shutdown any running virtual machine (VM) instances, particularly if they are attached to the internal virtual network ("Whonix" or sys-whonix):

  • Non-Qubes-Whonix ™: If running VM instances are not shutdown, there is a cross-contamination risk for new machines being imported into the virtualizer. For example, this is possible if a powerful adversary has taken control over those VMs currently in use. This action is not required if the user intends to create a new virtual network for the machines being imported.
  • Qubes-Whonix ™: Before upgrading Whonix ™ TemplateVMs, close as many open VMs as possible. Do not run VMs from different domains at the same time as upgrading.

Tor Browser[edit]

Info Tip: Non-Qubes-Whonix ™ users are recommended to always have the latest Tor Browser Bundle (TBB) [archive] (v2 onion [archive]) release installed on the host operating system (OS). Qubes-Whonix ™ users may also want to have TBB installed in a non-Whonix ™ TemplateVM, like Fedora or Debian.

Refer to the Non-Whonix ™ Tor Browser chapter for TBB installation instructions on all platforms. TBB is useful to test whether or not:

  • The user lives in a censored area.
  • Tor is blocked by the Internet Service Provider (ISP).
  • (Private) (obfuscated) bridges will be needed for operation of Tor Browser in Whonix ™, see Bridges.

If TBB fails to properly connect to Tor on the host OS or from a non-Whonix ™ AppVM in Qubes, then Whonix ™ will similarly fail to work. Another benefit of installing TBB in this fashion is that if Tor Browser unexpectedly stops running in Whonix ™, then Tor Browser can still be independently used to visit the Whonix ™ website for a solution to this issue.

For better security and privacy, users should read and follow the advice in the Tor Browser chapter.

Known Bugs[edit]

To learn about known bugs affecting all platforms, see here. Refer to the issue tracker for a list of all all open issues affecting Whonix ™.

Greater Security and Next Steps[edit]

After reading and applying relevant steps outlined in this section:

In all cases, users should follow the Post-installation Security Advice.

For greater security pre- and post-Whonix ™ installation, users should read the Documentation pages widely to learn more about potential threats and mitigations. For instance, users might like to consult the Design pages, and consider the recommendations outlined in the Basic Security Guide and Advanced Security Guide sections. Users with limited time can refer to the System Hardening Checklist.


  1. In such cases the user might get lucky with professional data recovery companies, but the usual cost is a few thousand dollars.
  2. That is, with a recommended encryption method and a suitably long passphrase.

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Please consider a recurring donation [archive]!

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.