Last update: March 17, 2019. This website uses cookies. By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. More information




apt-transport-tor is a package that allows host operating systems or non-Whonix-Workstation VMs that are not behind a torifying gateway (like Whonix-Gateway) to torify their apt-get traffic for individual repositories.

With non-Whonix systems in mind, for security reasons apt-get blocks clearnet connections to .onion domains by default. apt-get developers want to protect users from accidentally trying to use .onion repositories without using Tor. Otherwise, a rouge DNS server could redirect users to a false domain and trick them into thinking they are using Tor when they are not.

Strictly speaking, there is no need to use apt-transport-tor inside Whonix VMs since all traffic is already routed over Tor. apt-get is stream-isolated using a pre-configured uwt wrapper. In other words, apt-get in Whonix is already talking to a Tor SocksPort. Nevertheless, apt-transport-tor is the default from Whonix 14 onward because it provides better error handling and stream isolation. [1] [2]

  1. For instance it reports if the .onion address is too long or short, and will use different circuits for different sources.
  2. apt-transport-tor will not result in Tor over Tor scenarios due to built-in Whonix settings preventing this.