System Configuration and Access

From Whonix


Avoid Shared Hosts[edit]

Info Tip: Whonix ™ should preferably be used only on computers without shared access.

It is unwise to allow others to use your computer, even if they are trustworthy individuals. If they are not equally knowledgeable in computer security, then one mistake could potentially lead to compromise of the entire system. [1]

Needless to say, Whonix ™ should not be hosted in the cloud [archive], on a foreign server that is not controlled by the user, on a virtual private server (VPS) [archive], or other remote hosting options. The risks include: [2] [3]

  • Data on these systems is readily accessible to their owners.
  • Data can be accidentally or deliberately altered / deleted.
  • Legal ownership of data is disputed.
  • Shared technological vulnerabilities include insecure interfaces and application program interfaces (APIs), data loss / leakage and hardware failure.
  • Proven vulnerability to large scale attacks like "hyperjacking" [archive], along with exposure to traditional threats like network eavesdropping, invasion, denial of service attacks, side-channel attacks and so on.

Use a Dedicated Host Operating System and Computer[edit]

Ambox warning pn.svg.png Both Non-Qubes-Whonix and Qubes-Whonix ™ users should avoid dual / multi-boot configurations [archive]. The other OS (like Windows) could modify the unprotected /boot partition or firmware to maliciously compromise Qubes or the host OS, and also potentially spy on user activities.

Non-Qubes-Whonix ™ users are recommended to use one dedicated host OS just for hosting Whonix ™ VMs. Otherwise, if the host OS which is used daily is compromised, Whonix ™ cannot provide any additional protection. This is because the host is part of the system's trusted computing base (TCB) [archive]:

For a computer system, the trusted computing base or TCB comprises the set of all hardware, software, and firmware components that are critical to establishing and maintaining its security. Typically, the TCB consists of an operating system with all its in-built security controls, individual system hardware, network hardware and software, defined security procedures and protocols, and the actual physical location of the system itself.


Maintaining the confidentiality and integrity of data on a system is a prime responsibility of the TCB. The trusted computing base is also charged with enforcing the system’s security policy, and is the only component of a system that operates at such a high level of trust. This means that if any part of the TCB is subverted or contains flaws, the overall security policy of a system may be compromised.

See Malware and Firmware Trojans to learn more about the impacts of a compromised TCB.

For even greater security, the dedicated host OS can be used on a computer solely bought for Whonix ™ activities. Ideally this computer will have never been used for anything else before, negating the risk of a prior hardware compromise.

Whonix ™ on External Media[edit]

See: Whonix ™ on USB or other External Media.


  1. If necessary, this risk is partially mitigated by creating untrusted domains in Qubes-Whonix ™ for other users.
  2. [archive]
  3. [archive]

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Do you wonder why Whonix will always be free? Check out Why Whonix is Freedom Software [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.