Design and Goals

From Whonix
(Redirected from Whonix:About)
Jump to navigation Jump to search



Whonix ™ routes all traffic through Tor, which is is currently the best available anonymity network.

Whonix ™ aims to preserve privacy and anonymity by helping users run applications anonymously. A web browser, IRC client, office suite, and more come pre-configured with security in mind. Internet traffic by Whonix ™ is all routed through the Tor anonymity network.

Whonix ™ is a complete operating system (OS) with additional, advanced security and anonymity features. It consists of two virtual machines -- Whonix-Gateway ™ and Whonix-Workstation ™ -- which are designed to be used on a supported host OS. (Host Operating System Selection)

The host OS supporting Whonix ™ is usually the one installed on the user's computer, but OSes installed on external drives will also work (USB Installation). Users choose the preferred Whonix ™ configuration and may use either a Type I hypervisor (Qubes-Whonix ™), or a Type II hypervisor like KVM and Virtualbox.

Whonix ™ is Freedom Software and is based on Kicksecure ™ (security-focused Linux Distribution), Tor [1], Debian GNU/Linux [2], and the principle of security by isolation.

Security by Isolation[edit]

Whonix ™ is the best way to use Tor and provides the strongest protection for your privacy online by hiding your real IP address.

Whonix ™ protects from leaks. What is a leak? In laymen's terms, a leak happens if a user expected to be using Tor but got betrayed by parts of the application traffic actually not using Tor but the normal internet (clearnet) instead. One leak just once is all that is required to de-anonymize the user. For example IP leaks, DNS leaks, UDP and other leaks.

Even if Tor can provide sufficient anonymity, it is very complicated to impossible for users to configure applications to consistently and always make use of Tor for all traffic originating the application. That is because networking is very complex and most applications are not designed with anonymity or privacy in mind.

With Whonix ™, DNS and other related leaks (IP, DNS, UDP, ICMP) are impossible, and even malware with root privileges cannot discover the user's real IP address. That is because Whonix ™ makes sure that all internet traffic is routed through Tor thanks to its split-VM design.

Some applications such as most notably for example the Tor Browser Bundle are specifically designed for anonymity, privacy and to avoid leaks but despite all efforts due to Tor Browser Bundle software defects (bugs), leaks have occurred in the past. In such cases, users of Whonix ™ were protected and unaffected by these leaks.

Whonix ™ is divided into two VMs:

  • Whonix-Gateway ™ to enforce routing all Internet traffic through the Tor network, and
  • Whonix-Workstation ™ for work activities. Whonix-Workstation ™ is unaware of its real external IP address. That is why the user's real external IP address is always protected and leaks are impossible.

This security by isolation configuration averts many threats posed by malware, misbehaving applications, and user error.

Figure: Whonix ™ Operating System Design


(more technical illustrative images)

This has been audited through the corridor (Tor traffic whitelisting gateway) and other leak tests. No leaks have ever been found in Whonix ™ during its 10 years history.

For technical readers this is being further substantiated in Whonix ™ technical introduction and security overview.

Online Anonymity via Tor[edit]

Whonix ™ relies on the Tor network to protect a user's anonymity online; all connections are forced through Tor or otherwise blocked. Tor helps to protect users by bouncing communications around a distributed network of relays run by volunteers all around the world. Without advanced, end-to-end, netflow correlation attacks, anybody watching a user's Internet connection cannot easily determine the sites visited, and those sites cannot learn the user's physical location. [3]

To learn more about Tor, read the official documentation on the Tor website (.onion):

Based on Debian[edit]

Info Tip: Since Ubuntu is a Debian derivative, online help for Ubuntu most often works for Whonix ™.

In oversimplified terms, Whonix ™ is just a collection of configuration files and scripts. Whonix ™ is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Whonix ™. Likewise, most problems and questions can be solved in the same way. For example: "How do I install VLC Media Player on Whonix ™?" -- "The same way as in Debian apt install vlc. Whonix ™ does not break anything, limit functionality, or prevent installation of compatible software.

Whonix Version[edit]

Each Whonix ™ release is based on a particular version of Debian:

Whonix ™ version Debian Version Debian Codename
Whonix ™ 11 bullseye

Users can manually check the Whonix ™ version at any time by following this step.

Release Schedule[edit]

Note that Whonix ™ does not have a fixed release schedule. A new stable release only becomes available when it is deemed ready. Interested users can query the issue tracker [4] and release notes to track developer progress. Stay Tuned.


Table: Whonix ™ Goals, Design and Limitations

Category Description
Whonix ™ is
  • a free and open operating system
  • an anti-censorship tool
  • the first step among many in hiding a user's identity
Whonix ™ helps to
  • disguise a user's IP address
  • prevent internet service provider (ISP) spying
  • prevent websites from identifying the user
  • prevent malware from identifying the user
  • circumvent censorship
Whonix ™ is not
  • a one-click anonymization solution. Such one-click anonymization solutions not only do not exist but very most likely also cannot exist since online anonymity is a complex challenge in a highly surveilled world as readers of Whonix ™ documentation will learn.

Support Schedule[edit]

Debian Hosts[edit]

New Debian Release

One month after a new stable version of Debian is released, Whonix ™ VMs may no longer be supported on any older version of Debian. All users need to upgrade the Debian platform promptly after the deprecation notice in order to use Whonix ™ safely.

New Whonix ™ Release

One month after a new stable version of Whonix is released, older versions will no longer be supported. All users need to upgrade the Whonix ™ platform promptly in order to remain safe.

Deprecation Notices

The deprecation notice is provided at least one month in advance and posted in the Whonix ™ News forum. Stay Tuned! All users need to upgrade the respective platform promptly in order to remain safe. [5]

Debian-based and Other Hosts[edit]

As per Debian Hosts.

Windows Hosts[edit]

The support schedule is mostly undefined at present, but likely to mirror Debian Hosts.

Qubes Hosts[edit]

Quote Qubes-Whonix ™ version support policy:

Whonix ™ templates are supported by our partner, the Whonix ™ Project. The Whonix ™ Project has set its own support policy for Whonix ™ templates in Qubes.

This policy requires Whonix ™ template users to stay reasonably close to the cutting edge by upgrading to new stable releases of Qubes OS and Whonix ™ templates within a month of their respective releases. To be precise:

  • One month after a new stable version of Qubes OS is released, Whonix ™ templates will no longer be supported on any older release of Qubes OS. This means that users who wish to continue using Whonix ™ templates on Qubes must always upgrade to the latest stable Qubes OS release within one month of its release.
  • One month after new stable versions of Whonix ™ templates are released, older releases of Whonix ™ templates will no longer be supported. This means that users who wish to continue using Whonix ™ templates on Qubes must always upgrade to the latest stable Whonix ™ template releases within one month of their release.

We aim to announce both types of events one month in advance in order to remind users to upgrade.

Next Steps[edit]

Learning more about Whonix ™ is the best way to determine whether it is a suitable solution in your personal circumstances. The following chapters are recommended:

  • The Warning page to understand the security limitations of Whonix ™ and Tor.
  • Further information about Whonix ™ Features.
  • The implied Trust placed in Whonix ™ when it is used.
  • Other relevant Documentation explaining how to use Whonix ™ safely.

See Also[edit]


  3. Current practical, low-latency, anonymity designs like Tor fail when the attacker can see both ends of the communication channel (traffic going into and out of the Tor network). If both flows are visible, simple statistics can determine whether they match up.
  4. For example, for the next release use the tag "Whonix ™ 16" and status "Open".
  5. This also relieves Whonix ™ developers from needing to diagnose and support old-stable versions of Qubes/Debian/Whonix ™, which duplicates the maintenance burden.


Whonix ™ About wiki page Copyright (C) Amnesia <amnesia at boum dot org>

Whonix ™ About wiki page Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP <>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.

This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.

Gratitude is expressed to JonDos for permission to use material from their website. [1] The "Summary" chapter of the Whonix ™ Design and Goals wiki page contains content from the JonDonym documentation Features page.