Frequently Asked Questions - Whonix FAQ
How does Whonix work?
Being anonymous on the internet is extremely difficult. Whonix is an operating system that utilizes top level security research and best practices to help users stay anonymous on the internet. The users themselves however have to be vigilant too so Whonix also provides thorough guides and user documentation that help users be prepared against online traps, scams, tracking and tracing.
To protect a user's anonymity on the Internet on the technological level Whonix uses virtualization and the Whonix-Workstation combined with the Whonix-Gateway to force all connections through the Tor network. Also numerous security mechanisms are deployed. See also About.
What is Tor?
Tor is a free and open-source software for enabling anonymous communication on the internet. Tor runs a global decentralized network of thousands and thousands of servers called Tor relays - hosted by idealistic volunteers who value user privacy. These servers keep Tor users anonymous on the internet by moving data across each other while always hiding some user meta data from the next server so after 4 hops the user is completely anonymous to the requested website but also to the Tor network itself. It's like a tunnel through which the user sends data and requests a website and after 4 hops between Tor servers this Tor tunnel releases the user data to the requested website but with the user IP completely anonymized. As a result, information transmitted in this way is hard to trace. See also: Why does Whonix use Tor?
What are the Advantages of Whonix?
Using Whonix to go on the internet has several advantages over going unprotected with your Windows, macOS, Linux or other system. Whonix is the most watertight privacy operating system in the world that runs like an app in your host operating system. Whonix realistically addresses common attack vectors which cannot be prevented by using a plain operating system without protection. Data harvesters abuse operating system and browser vulnerabilities in order to unmask the users, track and trace them. As an actively maintained research project Whonix can protect the user and even addresses some theoretical attack vectors which are not yet known to be abused by data harvesters.
Whonix is the best solution to prevent IP leaks (when the user IP address becomes known). Whonix provides a leak shield based on a rock solid, decade long tested, successful architecture. IP leak issues that previously affected to other software were not applicable to Whonix in a number of cases; see Whonix Track Record against Real Cyber Attacks.
Whonix also adresses many other threats that can break a users' anonymity. These include time attacks, keystroke deanonymization and data collection techniques. Whonix deploys numerous security mechanisms to mitigate such attacks and therefore has a huge advantage over using your operating system unprotected.
How is Whonix different from Tor Browser?
Whonix is a complete operating system (OS) that can be installed on top of your existing OS, not just a browser. Whonix comes with a web browser, IRC client, office suite, and more pre-configured with security in mind. See also Comparison of Whonix and Tor Browser.
Browsers are huge, complex applications. Due to their complexity they are vulnerable to IP leaks as well as exploitable through malicious software (short "malware") and viruses. Without using Whonix once a browser is compromised by malware the identity of the user can be permanently unmasked.
If a web browser (or any application) is running inside Whonix however the user's IP address is still protected even if the browser has an IP leak bug or if the browser has been compromised by malware. This is not a theoretic consideration. This has happened in the past. Only Whonix users remained safe.
How is Whonix different from Tails?
Tails is a live OS with optional persistence that can be installed on external drives such as a DVD or USB.
Whonix can be installed inside your existing OS. The user can choose to run Whonix from an internal or external hard drive. Whonix has an optional Live mode, but there is no Whonix live ISO at the time of writing -- this situation is likely to change in the future.
See also: Comparison of Whonix and Tails.
How is Whonix different from a VPN?
Virtual Private Networks (VPNs) know your identity and online activity and can be compelled legally to share this information with authorities under various circumstances.
VPNs are usually faster than Tor, but they are not anonymity networks. VPN administrators can log both where a user is connecting from and the destination website, breaking anonymity in the process. Promises made by VPN operators are meaningless, since they cannot be verified to be truthful and can be broken at any time. There already have been numerous VPN logging incidents.
Tor provides anonymity by design rather than policy, making it impossible for a single point in the network to know both the origin and the destination of a connection. Anonymity by design provides much more security, since trust is removed from the equation. Since this is a frequent question, a lot information has been made available this topic. See also the short, simple Whonix versus VPNs comparison table, the detailed Whonix versus VPNs wiki page, advantages of Whonix and Why does Whonix use Tor?.
Is Whonix a VM?
In essence, yes. Whonix VM (Virtual Machine) images exist for VirtualBox
.ova, KVM (
.qcow2) and Qubes. Whonix consists of two VMs. Whonix-Gateway and Whonix-Workstation. See also How does Whonix work?
What is a Virtual Machine?
In essence, VMs allow you to run an OS inside your current (real) OS -- Whonix is specifically designed for this purpose. In computing terms, a virtual machine (VM) is software which emulates a computer system and provides the functionality of a physical computer.
Who Develops Whonix?
Whonix is developed by a dedicated core team of independent developers who passionately believe in security and privacy as fundamental human rights. In addition to the core team, Whonix is bolstered by independent contributors, who take on various roles ranging from editors to developers.
How Secure is Whonix?
Whonix is the most watertight privacy operating system in the world. It is very secure and has proven this track record for many years.
Should I Set Up a VPN with Whonix?
In a word, no. There are several reasons for this position:
- It is impossible to verify if a VPN provider is actually trustworthy and is not logging data. This means 'honeypot' providers might be ubiquitous and a user has no way to find out
- Recent research reveals that around one-third of all popular VPN providers are owned by Chinese companies, while others are based in countries like Pakistan, with non-existent or weak privacy laws.  
- A 2020 leak of user logs revealed that seven "zero logging" VPN providers in Hong Kong were found to contain detailed information, including lists of websites visited, clear-text passwords, general personal information (like names, subscribers' emails, home addresses and account information), VPN session secrets and tokens, IP addresses of user devices and the VPN servers connected to, connection timestamps, location information, device characteristics and OS versions, and Bitcoin and Paypal payment information. 
- VPN traffic is vulnerable to website traffic fingerprinting, so it is ineffective in hiding use of Whonix and Tor from the ISP or skilled adversaries.
- Depending on the configuration, VPN tunnels combined with Tor can worsen anonymity. For example it can lead to a permanent Tor exit relay in the network or remove Stream Isolation of different online activities.
- It is difficult to anonymously register and pay for VPN services.
- For a comprehensive list of additional reasons, see: VPN Tunnel Risks.
For documentation on how to set up a VPN with Whonix, see: Combining Tunnels with Tor.
Isn't it Dangerous to use a Platform based on Tor?
A number of myths and misconceptions concerning Tor are perpetuated by a lack of understanding, government propaganda, and a heavy media focus on the potential negative applications of Tor. Millions of people use Tor daily for wholly legitimate reasons, particularly to assert their privacy rights when faced with countless corporate / government network observers and censors. To learn more, see: Tor Myths and Misconceptions.
Where are the Separate Gateway and Workstation Download Files?
Whonix has introduced unified ova / libvirt downloads.  Rather than separate Whonix-Gateway and Whonix-Workstation file downloads, there is now only a single Whonix file which includes both Whonix VMs.   The Whonix split-VM design incorporating a separate Whonix-Gateway and Whonix-Workstation remains unchanged.
Why isn't the Latest Software Version Available?
Most packages installed by default inside Whonix are sourced from the Debian stable repository. The Debian team has noted:
The reason that Debian Stable is so reliable is because software is extensively tested and bug-fixed before being included. This means that the most recent version of software is often not available in the Stable repositories. But it doesn't mean that the software is too old to be useful! ... Debian backports security fixes and reliability fixes. Judging software by comparing the version number of the Debian package to the upstream version number does not take this into account. ... Please note: bugs are found in existing software but only new releases of a software can introduce new bugs and vulnerabilities. As a release enters Debian and receives bugfixes, the number of unknown vulnerabilities and bugs will constantly decrease during the package lifetime.
See also Frozen Packages.
- An IP address is a label which is used to identify a computer on the Internet. A simple analogy is an IP address is similar to a car license plate. Hiding IP addresses is technically difficult for software. There is always a risk of so-called IP leaks, whereby a user mistakenly thinks the IP address is hidden when it is actually not.
- The implication is that traffic might be routinely examined in a high percentage of cases, despite corporate promises to the contrary.
Website traffic fingerprinting is an attack where the adversary attempts to recognize the encrypted traffic patterns of specific web pages without using any other information. In the case of Tor, this attack would take place between the user and the Guard node, or at the Guard node itself.
Using a VPN or SSH does not provide strong guarantees of hiding your the fact you are using Tor from your ISP. VPN's and SSH's are vulnerable to an attack called Website traffic fingerprinting 1. Very briefly, it's a passive eavesdropping attack, although the adversary only watches encrypted traffic from the VPN or SSH, the adversary can still guess what website is being visited, because all websites have specific traffic patterns. The content of the transmission is still hidden, but to which website one connects to isn't secret anymore. There are multiple research papers on that topic. 2 Once the premise is accepted, that VPN's and SSH's can leak which website one is visiting with a high accuracy, it's not difficult to imagine, that also encrypted Tor traffic hidden by a VPN's or SSH's could be classified. There are no research papers on that topic.
- 1 See Tor Browser Design for a general definition and introduction into Website traffic fingerprinting.
- 2 See slides for Touching from a Distance: Website Fingerprinting Attacks and Defenses. There is also a research paper from those authors. Unfortunately, it's not free. However, you can find free ones using search engines. Good search terms include "Website Fingerprinting VPN". You'll find multiple research papers on that topic.
- From Whonix 14 onward.