Jump to: navigation, search


This page contains changes which are not marked for translation.

Whonix Features[edit]

Whonix is an Anonymous Operating System. It hides your IP/location and uses Tor to anonymize your data traffic. This means that neither the contacted server, nor any eavesdropper on your connections, nor the operators of the Tor network themselves can realize which webservice you use.

To learn about its differences, check the Comparison with Others.

Basically any program can be used together with Whonix:

  • For web browsing, Tor Browser is included.
  • Messengers, like Tor Messenger and Ricochet IM.
  • Privacy friendly e-mail client: Mozilla Thunderbird with TorBirdy
  • scp for secure data transfer from and to a server.
  • Unobserved administration of servers via SSH
  • Web servers: Apache, ngnix, IRC servers, etc. via Hidden Services
  • Other programs...

It is possible, with the help of Whonix, to use applications via Tor, which are not capable of proxy support by themselves.

Everything is explained in Documentation.

Feature List[edit]

Advantages of Whonix[edit]

  • All applications, including those, which do not support proxy settings, will automatically be routed through Tor.[2] [3] [4]


  • Installation of any software package possible. [6] [7] [8] [9]
  • Safe hosting of Hidden Services possible. [10] [11]
  • Protection against side channel attacks, no IP or DNS leaks possible. [12]
  • Advantage over Live CD's: Tor's data directory is still available after reboot, due to persistent storage. Tor requires persistent storage to save its Entry Guards [13].
  • Java / JavaScript [14] [15] / flash / Browser Plugins [16] / misconfigured applications cannot leak your real external IP. See Security in Real World.
  • Protection against IP/location discovery through root exploits (Malware [17] with root rights) inside Whonix-Workstation. But you should really not test it [18]

Disadvantages of Whonix[edit]

  • More difficult to set up compared to the regular Tor Browser.
  • Needs virtual machines or spare hardware.
  • Updating OS and applications behind the Tor proxy is slow.
  • Higher maintenance required. [24]

Tunnel Support[edit]

Various tunneling permutations are possible and functional in Whonix. Connections can be routed through a VPN, SSH, or proxy before Tor, after Tor, or both.

Using Tunnels in Whonix

Tor can also be replaced with another protocol, although only some combinations and networks will work (such as I2P and JonDonym). This work is partially complete, but features will remain unfinished for the foreseeable future (see Other Anonymizing Networks).

Comparison of Whonix, Tails, Tor Browser, TorVM and corridor[edit]

Comparison of Whonix, Tails, Tor Browser, TorVM and corridor


Gratitude is expressed to JonDos for permission to use material from their website. (w) (w) [25] The "Whonix Features" chapter of the Whonix Features wiki page contains content from the JonDonym documentation Features page.


  1. 1.0 1.1 1.2 1.3 1.4 Via optional configuration
  2. Note Note: For application warnings, see Documentation.
  3. Note Note: UDP is not supported by Tor, thus will not work in Whonix as well.
  4. UDP is not supported by Tor
  5. Note Note: Services that need to listen on publicly reachable ports (open/forwarded ports) are also not supported. However you may run Hidden Services which are reachable via Tor or tor2web (be careful).
  6. Note Note: Must be able to run on Debian GNU/Linux or you can use Other Operating Systems. See also Software installation on Whonix-Workstation for details.
  7. Note Note: ICMP, ping, VOIP calls over UDP, etc...
  8. Note Note: Skype over TCP does work, but it is not recommended, because it is proprietary, closed source and there is no control over the encryption keys. Skype authority can compromise you out any moment. A secure encryption/authentication design looks different. For example GPG and OTR are secure, because the user has control over the keys, not the server. See Voip Skype section for details.
  9. Note Note: Tunnel UDP over Tor
  10. Note Note: Even if someone hacks your hidden server software (lighttpd, thttpd, apache, etc.), he can not steal your hidden service key. The key is stored on the Whonix-Gateway. Once you cleaned your Whonix-Workstation, no one can impersonate your hidden service anymore.
  11. Note Note: The Workstation is the place where the browser, IRC client and so on is running. The Gateway is the place where Tor and the firewall is running.
  12. Note Note: Whonix protects against IP and DNS leaks. Other possible leaks (such as username; time zone; etc.) and how to mitigate them see Documentation. Additionally Whonix's Protocol-Leak-Protection and Fingerprinting-Protection mitigates many possible fingerprinting attacks by using common, non-identifying defaults. (username set to user; timezone set to UTC; etc.)
  13. https://www.torproject.org/docs/faq.html.en#EntryGuards
  14. Note Note: There is no difference compared to using JavaScript directly within Tor Browser.
  15. Of course JavaScript within Tor Browser inside Whonix will also not leak your IP. Browser fingerprinting still applies. For more information see Web-browser!
  16. Note Note: This is still not recommended as they may decrease anonymity (e.g. flash cookies) and often have security vulnerabilities. Most popular plugins are closed source. See Browser Plugins for more information.
  17. https://en.wikipedia.org/wiki/Malware
  18. Note Note: In case Whonix-Workstation gets rooted, the adversary can not find out the users real IP/location. This is because Whonix-Workstation can only connect through the Whonix-Gateway. How difficult is it to compromise Whonix? See Attack Comparison Matrix and Design. More skill is required.
  19. https://en.wikipedia.org/wiki/Free_software
  20. https://www.torproject.org
  21. https://www.torproject.org/projects/vidalia.html.en
  22. https://www.torproject.org/projects/torbrowser.html.en
  23. Note Note: Vidalia is optional; arm is installed as alternative.
  24. Note Note: You need to maintain three instead of one OS. You need to remember several passwords and update at least three systems.
  25. Broken link: https://anonymous-proxy-servers.net/forum/viewtopic.php?p=31220#p31220

Random News:

Want to make Whonix safer and more usable? We're looking for helping hands. Check out the Open Issues and development forum.

Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself.