Dev/Build Anonymity

From Whonix

< Dev

Build Anonymity[edit]

This does only apply, if you are going to build Whonix ™ from source, and/or if you are going to redistribute Whonix ™ and/or if you are going to use Physical Isolation. This is not a Whonix ™ specific problem. Most projects do not even have a chapter about build anonymity. While building Whonix ™, software has to be downloaded. It is a unique selection of software and there is no way to make it non-unique. Therefore your internet service provider (ISP) could guess, that you are building Whonix ™. This should not be of any concern in a free country (free by your own definition), if the content of your traffic is not being observed or logged.

Especially, but not exclusively, in case you want to redistribute Whonix ™, you might be interested to hide the fact, you are building Whonix ™ (i.e. you want to stay anonymous).

To prevent any kind of personally identifiable or even fingerprintable information leaking from the build system into the Whonix ™ images, it is recommended to build inside of an already torified Virtual Machine. [1] You can build Whonix ™ inside an existing Whonix-Workstation ™, but it can also be built on a headless server.

It is also recommended to build in an already torified Virtual Machine, because that prevents leaks from the build system, which could help an attacker (with root access to the Whonix-Workstation ™), to gather identifiable information about that build system, that could ultimately lead back to your identity.

Beginning with Whonix ™ 0.4.0, we use grml-debootstrap and chroot for virtual machine image creation. The grml-debootstrap source code tells, that it copies /etc/network/interfaces and /etc/resolv.conf into the chroot. grml-debootstrap also mounts a lot devices (/dev, /proc etc.) inside the chroot and later Whonix ™ chroot also mounts some devices. That's why it is recommended to build inside an already torified virtual machine.

Building from source code naturally also leaves local traces on the disk, such as the source code itself and build dependencies. If that is of concern to you, it can be more easily disposed, when it is contained in a Virtual Machine.

It would also be possible to build directly on the host and torify all connections the scripts make, but we don't know what other grml-debootstrap/chroot related leaks there might be.

We know it is not the best solution to build inside a VM.

VirtualBox inside VirtualBox[edit]

See Nested Virtualization.


corridor, a Tor traffic whitelisting gateway [archive] might be useful. See also discussion on the tor-talk mailing list [archive].


  1. Yes, this creates a bootstrap, chicken or egg problem. To solve it you can either download already existing Whonix ™ binary builds or if you prefer to build from source, build a minimal torified machine yourself first while running any network traffic over Tor. Any help required with that? Contact us. See also Manually Creating Whonix ™.

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Want to help create awesome, up-to-date screenshots for the Whonix wiki? Help is most welcome!

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.