Jump to: navigation, search

Dev/Default Application Policy

< Dev

How to decide which apps come with Whonix?[edit]

Overall: not killing the project for being badmouthed by The Tor Project and/or geeks due to bad decisions.

The following numbers are not referring to priorities, just to reference them. Not written in stone!

  1. There must be a reliable upgrade path. Stuff that is in Debian is perfect.
  2. Upgrading must not eat up Whonix maintainer's time to keep Whonix maintainable.
  3. If the applications issues network activity, there must be a way to properly configure it for Stream Isolation, to keep Tor's TransPort clean for the user's own stuff.
  4. When downloading applications, especially since downloads run over Tor, strong verification must be supported (Ex: OpenPGP, apt-get does that well.) or be so trivial that some trusted devs can audit the code for being not intentionally malicious.
  5. Must be Tor-safe. (Definition: must not be totally pseudonymous. No major protocol leaks. For example, using Tor Browser instead of Firefox and recommending Thunderbird/TorBirdy and not some other client.)
  6. Must be Free Software / Open Source.
  7. Must not be a total security disaster.
  8. Must not issue network activity while the application is not in use.
  9. Installation/modification must not limit discussion about Whonix to the controversy of that application. (Ex: No Tor modifications.)
  10. Installing it by default in Whonix must not totally f*ck up The Tor Project.


  • We must believe that a fair amount of users likes it.
  • We must believe that it's usable by a fair amount of users.
  • Mature behaving and communicative upstream, not important if the application/script is trivial and maintenance is simple.


a) There is no BitCoin client installed by default in Whonix, because no gui client was available in Debian stable at time of release. Shipping a manually installed one by default would be nightmare, because users wouldn't know how it was installed and not update it. Updating would be left to the user. It is better if the whole process download, verification, install, upgrade notification and upgrade is up to the user.

b) There is no Email client installed by default in Whonix, because no Tor-safe client (Thunderbird + TorBirdy) was available in Debian stable at time of release.

c) There is no torrent client installed by default in Whonix, because we know of none fulfills 3. If one has been found, this topic has to be brought up on tor-talk mailing list, asking for their official position, due to contradictory prior statements to fulfill 10.

Random News:

Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables. Please come and introduce yourself in the development forum.

Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, the content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.