Reliable IP Hiding - with Whonix - The All Tor Operating System
Donate
Whonix is The Everything Tor OS
Reliable IP Hiding[edit]
All internet traffic is routed through the Tor anonymity network. No exceptions. Whonix is the "All Tor Operating System".
Whonix handles all your activity in a virtual machine and forces all Internet traffic through the Tor network to provide the strongest protection of your IP address.
All traffic originating from Whonix-Workstation™ and Whonix-Gateway™ is routed over Tor. [1] [2] [3] [4] [5] [6] [7]
This is due to Whonix'a Architecture.
For details on how this is technically accomplished, technical readers can refer to the Whonix technical introduction.
- See Whonix against Real Attacks for a list of many past anonymity attacks where Whonix kept its users safe.
- See Whonix uses multiple security layers for reasons why leaks are highly unlikely.
- See this page Leak Tests for testing for IP/DNS leaks generally.
- See Security Reviews and Feedback for a list of notable reviews and feedback about the security of Whonix.
- See
System Audit
for how users (cannot) verify the system is configured as intended. - This might also be related to asking "How secure is Whonix?". →Technical Introduction
None of the Leak Testing Websites / Browser Tests running inside Whonix is able to find out the real external clearnet IP address, no matter if plugins, flash and/or java are activated.
Given that there have been no instances of IP leaks attributed to Whonix bugs throughout its 12-year history, it could be reasonably inferred that Whonix offers a reliable feature for IP address concealment.
Fail-Closed Mechanism[edit]
Whonix's architecture enables the "torification" of applications lacking inherent proxy support. Users can install custom applications or customize their desktop without risking IP leaks.
All application traffic is either directed through Tor or completely blocked. This encompasses a wide range of software, including browsers, Browser Plugins, E-Mail clients, chat applications, VoIP, SSH, Remote Administration, VPN clients or proxy software, cryptocurrency wallets or relays, servers, and any other applications.
This design is universally applicable, extending even to Other Operating Systems linked to Whonix-Gateway.
See also Features, Advantages, Use Cases - Whonix chapter Tor Network / Torification / The Everything Tor OS.
Beyond IP Hiding[edit]
Hiding your identity is harder than just hiding your IP.
Concealing one's identity involves more complexities than merely obscuring IP addresses. The concept of just hiding IP addresses belongs to the threat model of the 1990s and is no longer adequate. Simple IP address anonymization falls short because modern adversaries utilize a range of Data Collection Techniques that bypass the need for IP addresses. This is demonstrated through various Browser Tests, like the Fingerprint.com Demo. Notably, as highlighted in "12% of the top 500 websites employ Fingerprint.com's services".
To keep users anonymous, Whonix offers Full Spectrum Anti-Tracking Protection and is much safer than VPNs (refer to the comprehensive Whonix versus VPNs comparison).
Footnotes[edit]
- ↑
Starting from Whonix version
0.2.1, traffic from Whonix-Gateway is also routed over Tor. This approach conceals the use of Whonix from entities monitoring the network. - ↑ For preserving the anonymity of a user's Whonix-Workstation activities, it isn't essential to route Whonix-Gateway's own traffic through Tor.
- ↑
For those interested: Altering DNS settings on Whonix-Gateway in
/etc/resolv.confonly impacts DNS requests made by Whonix-Gateway's applications that utilize the system's default DNS resolver. By default, no applications on Whonix-Gateway that generate network traffic utilize this default resolver. All default applications on Whonix-Gateway that produce network traffic (like apt, systemcheck, sdwdate) are explicitly configured, or force by uwt wrappers, to use their dedicated Tor SocksPort(refer to Stream Isolation). - ↑
Whonix-Workstation's default applications are configured to use dedicated Tor
SocksPorts(see Stream Isolation), avoiding the system's default DNS resolver. Any applications in Whonix-Workstation not set up for stream isolation - such asnslookup- will employ the default DNS server configured in Whonix-Workstation (through/etc/network/interfaces), which points to Whonix-Gateway. These DNS requests are then redirected to Tor's DnsPort by the Whonix-Gateway firewall. Changes in Whonix-Gateway's/etc/resolv.confdon't influence Whonix-Workstation's DNS queries. - ↑
Traffic produced by the Tor process, which by Debian's default operates under the user
debian-tororiginating from Whonix-Gateway, can access the internet directly. This is permitted because Linux user accountdebian-toris exempted in the Whonix-Gateway Firewall and allowed to use the "regular" internet. - ↑
Tor version
0.4.5.6(with no changes announced at the time of writing), the Tor software predominantly relies on TCP traffic. For further details, see Tor wiki page, chapter UDP. For DNS, please refer to the next footnote. - ↑
Tor doesn't depend on, nor uses a functional (system) DNS for most of its operations. IP addresses of Tor directory authorities are hardcoded in the Tor software by Tor developers. Exceptions are:
- Proxy settings that use proxies with domain names instead of IP addresses.
- Some Tor pluggable transports such as meek lite, which resolves domains set in
url=andfront=to IP addresses or snowflake's-front.
The most watertight privacy operating system in the world.
At Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-2024 ENCRYPTED SUPPORT LP
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!