Security Reviews and Feedback

From Whonix


This is a list of notable reviews and feedback about Whonix ™ security.

See also Whonix ™ Protection against Real World Attacks.


Happy to report no leaks observed, ever.



There are a few older threads [archive] on the Tor Talk Mailing List [archive] concerning the security of Whonix ™ / transparent proxy:

Older References[edit]

This section is for older, general Whonix ™ discussion references. It is useful to capture people's thoughts and feedback concerning the project, even if feedback is secondhand and not provided directly. Most links are found by searching for "TorBOX [archive]".


Early TorBOX and Whonix ™ Releases

General Discussions
October 2012 - Discussions:


Whonix ™ has not been subject to a formal audit, but that has little significance. At the time of writing, other privacy/anonymity-focused distributions like TAILS and Liberté Linux have not been audited either. Even major operating systems such as Debian, Ubuntu and Qubes OS have not had public, published audits to date.

We are unaware of any serious research concerning the above distributions in Free Haven's Selected Papers in Anonymity [archive]. Further, no experts such as Bruce Schneier [archive] for cryptography exist for a security-focused operating system review.

Even the usefulness of any published audit must be considered. Audits of software and operating system platforms are necessarily carefully defined and limited in scope due to the size of the undertaking. There are no all-encompassing audits that thoroughly examine or evaluate every possible aspect of security.

To explore this issue in further detail, consider the GNU wget computer program that retrieves content from webservers. Has wget ever been audited? Even if it has, what did the audit entail -- a professional company, providing software security audits as a service or some kind of certification? At present no such entities exist to provide this service in the Freedom Software Open Source ecosystem, meaning there are no quality seals for Linux distributions.

If the reader is aware of any such examples, please get in contact or edit this section. Also consider whether it is reasonable to expect a reputable organization or individual to make statements like: "GNU wget has been audited and no security vulnerabilities were found". In reality it usually happens the other way around; when someone reviews the source code and finds nothing wrong, nothing is reported. On the other hand, if a vulnerability is found that is worth some fame. In essence, anyone who claims beforehand to have found no security issues does not receive a boost to their reputation, but in fact risks looking bad if problems are discovered later on due to their previous statements about nil security issues.

Anybody undertaking an audit of Whonix ™ is kindly asked to edit this section or get in contact so the outcome can be linked here.

See Also[edit]


  1. SecureDrop is an open source whistleblower submission system that media organizations and NGOs can install to securely accept documents from anonymous sources. It was originally created by the late Aaron Swartz and is now managed by Freedom of the Press Foundation [archive]. SecureDrop is available in 20 languages [archive].

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Check out the Whonix News Blog [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.