Frequently Asked Questions - Whonix ™ FAQ
- 1 What is Whonix?
- 2 How does Whonix work?
- 3 What is Tor?
- 4 What are the Advantages of Whonix?
- 5 How is Whonix different from Tor Browser?
- 6 How is Whonix different from Tails?
- 7 How is Whonix different from a VPN?
- 8 What is a Virtual Machine?
- 9 Who Develops Whonix?
- 10 How Secure is Whonix?
- 11 Should I Set Up a VPN with Whonix?
- 12 Isn't it Dangerous to use a Platform based on Tor?
- 13 Where are the Separate Gateway and Workstation Download Files?
- 14 Footnotes
What is Whonix?
Whonix ™ is software designed to preserve privacy and anonymity by helping users run applications anonymously. Whonix ™ can be installed on Windows, macOS and Linux. Whonix ™ also comes pre-installed in Qubes (Qubes-Whonix ™).
To learn more about the design and intended user groups, refer to the wiki main page, overview.
How does Whonix work?
What is Tor?
Tor is free and open-source software for enabling anonymous communication. Thousands of volunteers are running computer servers that keep users anonymous on the Internet. It works by moving data across many Tor servers, called Tor relays. The role of each server is to move that data to another server, with the final hop moving data to the end site. As a result, information transmitted in this way is hard to trace. See also Why does Whonix use Tor?
What are the Advantages of Whonix?
Whonix ™ realistically addresses common attack vectors.
An IP address is a label which is used to identify a computer on the Internet. A simple analogy is an IP address is similar to a car license plate.
Hiding IP addresses is technically difficult for software. There is always a risk of so-called IP leaks, whereby a user mistakenly thinks the IP address is hidden when it is actually not.
Whonix ™ is the best solution to prevent IP leaks because it uses a more solid technical design. IP leak issues that previously applied to other software were not applicable to Whonix ™ in a number of cases; see Whonix ™ Protection against Real World Attacks.
IP leaks are not the only issue that can break a user's anonymity. Other threats include time attacks, keystroke deanonymization and data collection techniques. Whonix ™ deploys numerous security mechanisms [archive] to mitigate such attacks.
How is Whonix different from Tor Browser?
Whonix ™ is a complete operating system (OS) that can be installed on top of your existing OS. A web browser, IRC client, office suite, and more come pre-configured with security in mind. See also Comparison of Whonix and Tor Browser.
How is Whonix different from Tails?
Tails is a live OS with optional persistence that can be installed on external drives such as a DVD or USB.
Whonix ™ can be installed inside your existing OS which might be running on internal or external drives. Whonix ™ has an optional live mode, but there is no Whonix live iso at the time of writing -- this situation is likely to change in the future.
See also Comparison of Whonix and Tails.
How is Whonix different from a VPN?
Virtual Private Networks (VPNs) know your identity and online activity and can be compelled legally to share this information with authorities under various circumstances.
VPNs are usually faster than Tor, but they are not anonymity networks. VPN administrators can log both where a user is connecting from and the destination website, breaking anonymity in the process. Promises made by VPN operators are meaningless, since they cannot be verified. Tor provides anonymity by design rather than policy, making it impossible for a single point in the network to know both the origin and the destination of a connection. Anonymity by design provides much more security, since trust is removed from the equation. See also advantages of Whonix, Why does Whonix use Tor? and Comparison of Tor and VPN services.
What is a Virtual Machine?
In computing terms, a virtual machine (VM) is software which emulates a computer system and provides the functionality of a physical computer. In essence, VMs allow you to run OSes inside your current (real) OS -- Whonix ™ is specifically designed for this purpose.
Who Develops Whonix?
Whonix is being developed by an independent development team.
How Secure is Whonix?
Whonix has a solid history of providing Protection against Real World Attacks.
Should I Set Up a VPN with Whonix?
In a word, no. There are several reasons for this position: 
- It is impossible to verify a VPN provider is actually trustworthy and not logging data -- 'honeypot' providers might be ubiquitous.
- VPN traffic is sensitive to Deep Packet Inspection (DPI) [archive] and Website Traffic Fingerprinting [archive],  so it is ineffective in hiding use of Whonix ™ and Tor from the ISP or skilled adversaries.
- Depending on the configuration, VPN tunnels combined with Tor can worsen anonymity. For example it can lead to a permanent Tor exit relay in the network or remove Stream Isolation of different online activities.
- Complicated and lengthy instructions can lead to mistakes and insecure tunnel configurations.
- It is difficult to anonymously register and pay for VPN services.
- Certain variables make it likely Whonix ™ / Tor users can be identified. This includes: the hardened network configuration fingerprint, the list of installed packages and those fetched from repositories, the amount of traffic going to one IP address daily (guard nodes), and examination of dropped (invalid) versus non-dropped packets when the firewall is probed. 
- For a comprehensive list of additional reasons, see: VPN Tunnel Risks.
For documentation on how to set up a VPN with Whonix, see: Combining Tunnels with Tor.
Isn't it Dangerous to use a Platform based on Tor?
A number of myths and misconceptions concerning Tor are perpetuated by a lack of understanding, government propaganda, and a heavy media focus on the potential negative applications of Tor. Millions of people use Tor daily for wholly legitimate reasons, particularly to assert their privacy rights when faced with countless corporate / government network observers and censors. To learn more, see: Tor Myths and Misconceptions.
Where are the Separate Gateway and Workstation Download Files?
Whonix ™ has introduced unified ova / libvirt downloads.  Rather than separate Whonix-Gateway ™ and Whonix-Workstation ™ ova / libvirt downloads, there is now only a single Whonix ™ ova / libvirt which includes both Whonix VMs.   The Whonix split-VM design incorporating a separate Whonix-Gateway ™ and Whonix-Workstation ™ remains unchanged.
- https://forums.whonix.org/t/setting-up-vpn-with-whonix-is-it-a-good-idea/7568 [archive]
- https://www.computerweekly.com/news/252466203/Top-VPNs-secretly-owned-by-Chinese-firms [archive]
- The implication is that traffic might be routinely examined in a high percentage of cases, despite corporate promises to the contrary.
Website traffic fingerprinting is an attack where the adversary attempts to recognize the encrypted traffic patterns of specific web pages without using any other information. In the case of Tor, this attack would take place between the user and the Guard node, or at the Guard node itself.
- https://forums.whonix.org/t/hiding-tor-whonix-is-difficult-beyond-practicality/7408 [archive]
- From Whonix ™ 14 onward.
- https://forums.whonix.org/t/whonix-virtualbox-14-0-1-4-4-unified-ova-downloads-point-release/6996 [archive]
- https://forums.whonix.org/t/whonix-kvm-14-0-1-4-4-unified-tar-gz-download-point-release/7061 [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)