From Whonix

Update Notice[edit]

This FAQ has been rebooted. All the previous contents were moved to more appropriate places in the existing documentation. It is possible to find those entries with the Whonix wiki internal search or via an internet search engine. The old version of the FAQ can still be found here [archive].


Why aren't the SKS Keyserver Wiki Steps always Functional?[edit]

The SKS keyserver network has recently come under attack after a critical vulnerability was discovered which allows certificates to be spammed using a flaw in the OpenPGP protocol itself. Future releases of OpenPGP software will likely mitigate this flaw, but high profile contributors to the protocol suggest that data should not be retrieved form the network at present if possible. For more details, see here [archive]. [1] [2]

Tor Browser[edit]

Does Whonix Change Default Tor Browser Settings?[edit]

Tor Browser changes implemented by Tor developers are sometimes mistakenly attributed to Whonix developers: [3] [4]

I've been looking for how to fix some bad default settings in the whonix tor browser. Namely, they removed NoScript from the toolbar, so that the NoScript cannot be used as intended.

As noted in the Whonix Tor Browser Differences entry, Whonix does not:

  • change Tor Browser's internal updater checking mechanism;
  • change or remove proxy settings by default; or
  • modify Tor Browser's startup script, default settings and so on.

In fact, the NoScript URL bar change was a conscious decision by Tor developers which became part of a recent release: [5] [6] [7] [8] [9]

boklm said:

NoScript and HTTPS Everywhere are still present in the URL bar if you upgraded from an older version. They are not present if you did a new install with a recent version.

boklm said:

If you want to turn off javascript, then you can change the security level. There is also nothing preventing you from adding NoScript on the toolbar even if it is not there by default.

Why do I have White Bars around my Tor Browser Content?[edit]

Users who ignore advice to not maximize/resize the Tor Browser window will now notice white borders surrounding the Tor Browser content: [10]

Ever since 9 update I have had white bars at the bottom and top of my browser. Even with using the TBB on non-whonix I still have them. Am I the only one & am I exposed?

This is not an indicator of compromise, but a new fingerprinting defense called Letterboxing [archive]:

Tor Browser in its default mode is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That worked so far until users started to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing [archive], a technique developed by Mozilla and presented earlier this year [archive]. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

Whonix Prevents Tor Browser from Launching![edit]

Bugs that prevent Tor Browser from launching are most often related to The Tor Project code, and are outside the control of Whonix ™ developers: [11]

I’m guessing this is from the Tor Browser update to 9.0.1 but I haven’t tried to run the browser since several small Whonix updates either so:

"ERROR: Tor Browser ended with non-zero (error) exit code!

Tor Browser was started with:

/home/user/.tb/tor-browser/Browser/start-tor-browser --allow-remote /usr/share/homepage/whonix-welcome-page/whonix.html.

Tor Browser exited with code: 2

To see this for yourself, you could try: Start Menu -> System -> Xfce Terminal Then run:


In this case, the error is likely related to existing Tor bugs reported against (incremental) [archive] updates [archive]. If Tor Browser problems emerge, refer to the Tor Browser Troubleshooting chapter for a possible solution.

Virtual Private Networks[edit]

Should I Set Up a VPN with Whonix?[edit]

In a word, no. There are several reasons for this position: [12]

  • It is impossible to verify a VPN provider is actually trustworthy and not logging data -- 'honeypot' providers might be ubiquitous.
    • Recent research reveals that around one-third of all popular VPN providers are owned by Chinese companies, while others are based in countries like Pakistan, with non-existent or weak privacy laws. [13] [14]
  • VPN traffic is sensitive to Deep Packet Inspection (DPI) [archive] and Website Traffic Fingerprinting [archive], [15] so it is ineffective in hiding use of Whonix ™ and Tor from the ISP or skilled adversaries.
  • Depending on the configuration, VPN tunnels combined with Tor can worsen anonymity. For example it can lead to a permanent Tor exit relay in the network or remove Stream Isolation of different online activities.
  • Complicated and lengthy instructions can lead to mistakes and insecure tunnel configurations.
  • It is difficult to anonymously register and pay for VPN services.
  • Certain variables make it likely Whonix ™ / Tor users can be identified. This includes: the hardened network configuration fingerprint, the list of installed packages and those fetched from repositories, the amount of traffic going to one IP address daily (guard nodes), and examination of dropped (invalid) versus non-dropped packets when the firewall is probed. [16]
  • For a comprehensive list of additional reasons, see: VPN Tunnel Risks.

For documentation on how to set up a VPN with Whonix, see: Combining Tunnels with Tor.

Whonix Downloads[edit]

Isn't it Dangerous to use a Platform based on Tor?[edit]

A number of myths and misconceptions concerning Tor are perpetuated by a lack of understanding, government propaganda, and a heavy media focus on the potential negative applications of Tor. Millions of people use Tor daily for wholly legitimate reasons, particularly to assert their privacy rights when faced with countless corporate / government network observers and censors. To learn more, see: Tor Myths and Misconceptions.

Where are the Separate Gateway and Workstation Download Files?[edit]

Whonix ™ has introduced unified ova / libvirt downloads. [17] Rather than separate Whonix-Gateway ™ and Whonix-Workstation ™ ova / libvirt downloads, there is now only a single Whonix ™ ova / libvirt which includes both Whonix virtual machines. [18] [19] The Whonix split-VM design incorporating a separate Whonix-Gateway ™ and Whonix-Workstation ™ remains unchanged.


  1. New, experimental keyservers have been established which afford protection against this attack.
  2. The author notes the potential downsides of this attack:
    • If you fetch a poisoned certificate from the keyserver network, you will break your GnuPG installation.
    • Poisoned certificates cannot be deleted from the keyserver network.
    • The number of deliberately poisoned certificates, currently at only a few, will only rise over time.
    • We do not know whether the attackers are intent on poisoning other certificates.
    • We do not even know the scope of the damage.
  3. [archive]
  4. [archive]
  5. Tor Bug 30600: Restore NoScript control widget icon to the Tor Browser toolbar [archive]
  6. [archive]
  7. [archive]
  8. The same blog discussion confirms that moving the NoScript icon back onto the URL bar does not pose a known fingerprinting risk.
  9. [archive]
  10. [archive]
  11. [archive]
  12. [archive]
  13. [archive]
  14. The implication is that traffic might be routinely examined in a high percentage of cases, despite corporate promises to the contrary.
  15. Website traffic fingerprinting is an attack where the adversary attempts to recognize the encrypted traffic patterns of specific web pages without using any other information. In the case of Tor, this attack would take place between the user and the Guard node, or at the Guard node itself.

  16. [archive]
  17. From Whonix ™ 14 onward.
  18. [archive]
  19. [archive]

Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

Have you contributed [archive] to Whonix ™? If so, feel free to add your name and highlight what you did on the Whonix authorship [archive] page.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.