Actions

Anonymity Operating System Comparison - Whonix ™ vs Tails vs Tor Browser Bundle

From Whonix



Balance-154516-640.png

This page contains a detailed comparison of Whonix ™, Tails, Tor Browser, Qubes OS TorVM and corridor.

Introduction[edit]

Although Qubes' TorVM -- a dedicated ProxyVM providing torified networking to all clients -- is now deprecated [archive], it has been kept for comparison purposes since it acted like Whonix-Gateway ™ (sys-whonix). [1]

If any incorrect or outdated information is noted, the reader can either directly edit this page, or contact us and we will correct it as soon as possible. Also see the statement about the neutrality of this page.

Last Update[edit]

Table: Comparison Information Currency

Whonix ™ Tails [archive] Tor Browser [archive] Qubes OS TorVM [archive] corridor [archive] (tor-talk [archive])
Compared Version [2] 15 2.4 6.0 0.1.3 ?
Latest Version [3] 16.0.3.7 4.24 11.0.1 0.1.3 ?
Status This wiki page is up to date This wiki page is up to date This wiki page is up to date This wiki page is up to date This wiki page is up to date

General[edit]

Table: General Factors

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
Focus on anonymity, privacy and security Yes Yes Yes Yes Yes
Type General purpose OS available as VM images and physical isolation Live DVD / Live USB / Live SDCard Portable browser General purpose OS, VM plugin for Qubes OS Tor traffic whitelisting gateway
Supported hardware x86 compatible and/or Virtual Machines + [4] x86 compatible and/or Virtual Machines Windows, Linux, Mac and Virtual Machines Any capable of running Qubes OS, see: System Requirements [archive] and HCL [archive] Any Linux (?)
Based on Tor, Debian [5] and a Virtualizer [6] when not using Physical Isolation Tor, Debian Tor, Firefox Tor, Qubes OS, Fedora iptables, sh
Gateway and torify any operating system [7] Yes [8] Not a torifying Gateway Not a torifying Gateway Yes [9] Not a torifying Gateway
Live Mode Yes [10] Yes No No No
Live DVD No Yes No No No
Live USB No Yes No No No
USB bootable Yes [11] Yes Yes [11] Yes [11] Yes [11]
USB installer feature No [12] Yes [13] ? Yes No
Requires VirtualBox [14] No No No No No
Requires VMware [14] No No No No No
Requires Qubes OS [14] No No No Yes No
System requirements Higher Lower Lowest Highest Lowest
Can run in VirtualBox Yes Yes, but not recommended. [15] Well documented [16] Yes, but (?) No [17] No
Can run in VMware Yes, but not recommended and unsupported [18] Yes, but not recommended [15] Yes, but (?) No [19] No
Can run in Qubes OS Yes [20] Yes [21] Probably yes, but without security features provided by an Isolating Proxy [archive] Yes Yes
Persistence [22] Full Optional for Live USB Yes [23] Full Full
Number of developers Multiple [24] Multiple Multiple Multiple One
Maturity Project since 2012 Project since 2009 [25] Project since 2002 [26] Project since 2012 (now deprecated) Project since 2014
Open source Yes Yes Yes Yes Yes
Non-anonymous developers [27] Yes No Yes Yes No (?)

Security[edit]

Network[edit]

Table: Network Security

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
Responsibility for building Tor circuits Tor client running on Whonix-Gateway ™ Tor client running on workstation Tor client running on workstation Tor client running on TorVM (Gateway) Tor client running behind corridor-Gateway
Protection against IP address / location discovery [28] on the Workstation [29] Yes [30] No [31] No [31] Yes No [32]
IP / DNS protocol leak protection Full [33] Depends [34] Depends [34] Full Depends
Workstation does not need to trust the Gateway No Not a gateway Not a gateway No Yes
Takes advantage of entry guards [35] Yes No [36] Yes Yes Not applicable [37]
Takes advantage of vanguards [archive], which protects against guard discovery and related traffic analysis attacks and fixes CVE-2020-8516 Hidden Service deanonymization [archive]. Yes No [38] No No Not applicable [37]

Stream Isolation[edit]

Table: Stream Isolation

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
Stream isolation [39] Yes [40] Yes [41] Yes [42] [43] Manually [44] Yes
Enforces stream isolation when one of X Workstations behind the same Gateway is compromised in the default configuration [45] Not a gateway Not a gateway Yes [48] Yes [37]
Stream isolation in Tor Browser Yes Yes Yes ? ?

Updates[edit]

Table: Updates

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
Operating system updates Persist once updated Incremental upgrades [49] Persist once updated Persist once updated Persist once updated
Update notifications Yes [50] Yes Yes Yes ?
Important news notifications Yes [51] Yes [52] ? [53] ? ?
APT unreliable exit code security workaround [54] Yes [55] ? ? ? ?

Hardware Serials[edit]

Table: Hardware Serials

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
Hides hardware serials from malicious software with default settings Yes [56] No [57] No [57] Yes No [57]
Hides hardware serials from malicious software when additional hardware is assigned No No No No No
No collection of hardware serials Yes Yes Yes Yes Yes
Hides the MAC address from websites Invalid [58] Invalid [58] Invalid [58] Invalid [58] Invalid [58]
Hides the MAC address from the local LAN [59] No, see footnote [60] Yes [61] No Yes, but not enabled by default [62] Not applicable
Hides the MAC address from applications Yes [63] No No Yes, by default, unless...[64] Not applicable
Defeats advanced Wi-Fi device tracking [65] [66] No [67] [68] No No No [69] Not applicable

Forensics[edit]

Table: Forensic Issues

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
Amnesic Yes [72] No [73] ? [74] Not applicable [75]
Local disk encryption Should be applied on the host Yes, for a persistent USB Should be applied on the host Should be applied on the host Should be applied on the host
Cold boot attack protection [76] No - should be applied on the host Yes No - should be applied on the host No, planned [77] No - should be applied on the host

Download Security[edit]

Whonix ™ Tails Tor Browser Qubes OS corridor
Onion Yes No Yes Yes [78] No
TLS (SSL) [79] Yes Yes Yes Yes Unneeded
OpenPGP signatures available Yes Yes Yes Yes Yes
Signify signatures available Yes No No No No
Codecrypt (Post-Quantum Cryptography Resistant) signatures available Soon No No No No
Server not under control of hosting provider [80] No No No No No

Verifiable Builds[edit]

Table: Verifiable Builds Comparison

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
Deterministic builds [81] No No (planned) [82] Yes [83] No Not applicable [84]
Based on a deterministically built [81] operating system No [85] No [85] Not applicable No [85] No [85]
Verifiably no backdoor in the project's own source code Invalid [86] Invalid [86] Invalid [86] Invalid [86] Invalid [86]
Verifiably vulnerability-free [archive] No [87] No [87] No [87] No [87] No [87]
Verifiably no hidden source code [88] in upstream distribution / binaries [89] No [90] No [90] No [90] No [90] No [90]
Project's binary builds are verifiably created from project's own source code (no hidden source code [88] in the project's own source code) No (deprecated) [91] No Yes No Not applicable [84]

Fingerprint[edit]

Table: Fingerprinting Issues

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
Network / web fingerprint Whonix ™ fingerprint page Tails fingerprint page [archive] TBB traffic is tunneled through Tor. Host traffic passes over clearnet ? ?
Network fingerprint: ISP cannot trivially guess the project type [92] Yes Yes Yes No [93] Yes
Network fingerprint: ISP cannot guess that a non-persistent Tor directory is in use Yes No [94] Yes Yes Yes
Clearnet traffic All Whonix-Gateway ™ and Whonix-Workstation ™ traffic is tunneled through Tor. Host traffic [95] uses clearnet None, unless other users sharing the same internet connection are not using Tails TBB traffic is tunneled through Tor. Host traffic [96] uses clearnet The gateway is not torified, therefore emitting clearnet traffic [97] The gateway is not torified, therefore emitting clearnet traffic
Network fingerprint: ISP cannot guess which anonymity software is in use due to the ratio of Tor and clearnet traffic Unknown [98] The ISP can guess a Tor live system is in use, unless... [99] ? Not applicable [100] ?
Network fingerprint: ISP cannot guess which anonymity software is in use because of tordate [archive] [101] Yes, does not include tordate No, if the clock is grossly inaccurate when booting [101] No, not an operating system Yes, does not include tordate Yes, does not include tordate
Web fingerprint [102] Same as TBB [103] Not the same as TBB [104] TBB [105] Does not include Tor Browser [106] [107] Not applicable
Unsafe browser fingerprint [108] [109] [110] ? ? ?
Network time synchronization runs at randomized times during the session Yes [111] [112] Does not continuously run network time synchronization Not an operating system, does not include network time synchronization Does not include network time synchronization Does not include network time synchronization
Connection wizard prevents unwanted / accidental connections to the public Tor network [113] Yes Yes ? ? ?
Includes Tor Browser from The Tor Project Yes Yes + patches Yes No No
Privacy-enhanced browser [114] Yes, Tor Browser Yes, Tor Browser + patches [115] [104] Yes, Tor Browser No Not applicable
Secure distributed network time synchronization Yes [116] Yes [117] No No No
Hides the time zone (set to UTC) Yes Yes Yes No Not applicable
Hides the operating system account name [28] [29] [118] Yes, set to user Yes, set to amnesia No Yes, set to User Not applicable
Secure gpg.conf [119] [120] Yes Yes Not an operating system Not an operating system Not an operating system
Privacy-enhanced IRC client configuration Yes Yes Not an IRC client Not an operating system Not an IRC client
Keystroke Anonymization No No Not an operating system Not an operating system
Implement TCP ISN CPU Information Leak Protection [archive] to prevent de-anonymization of Tor onion services [archive] by installing Tirdad kernel module for random ISN generation [archive]. No No Not an operating system Not an operating system

Miscellaneous[edit]

Table: Miscellaneous Issues

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
A warning appears when run in an unsupported / unrecommended virtualizer Yes Yes Unnecessary (?) Invalid (?) [123] Not applicable
Security and anonymity check Yes [124] ? ? ? ?

Hardening[edit]

Table: Security Hardening

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
AppArmor [125] is enabled by default Yes [126] ? ? ? ?
AppArmor profiles are enabled by default Partial [127] ? ? ? ?
Kernel Hardening through Kernel Boot Parameters
  • Qubes-Whonix: No [128]
  • Non-Qubes-Whonix: Yes [129]
 ? ? ? ?
Strong Linux User Account Separation
  • Qubes-Whonix: No [130]
  • Non-Qubes-Whonix: Yes [131]
 ? ? ? ?
Protection against Bruteforcing Linux User Account Passwords
  • Qubes-Whonix: No [132]
  • Non-Qubes-Whonix: Yes
 ? ? ? ?
security-misc [archive] (Kernel Hardening; Improve Entropy Collection; Enhances Misc Security Settings; ...) Yes ? ? ? ?
Linux Kernel Runtime Guard (LKRG) [archive] Planned. ? ? ? ?
SUID Disabling and Permission Hardening Planned. ? ? ? ?
secure mount options [archive] Planned. ? ? ? ?
Console Lockdown Yes ? ? ? ?
hardened-kernel Planned. ? ? ? ?
apparmor-profile-everything [archive] (AppArmor for everything. APT, systemd, init, all systemd units, all applications. Mandatory Access Control. ) Planned. ? ? ? ?

Flash / Browser Plugin Security[edit]

Info Installing browser plugins such as Flash is not recommended [133] when anonymity is the goal.

Table: Flash and Browser Plugins Security

Flash Tracking Technique Whonix-Workstation ™ Tor on the Host
Proxy bypass IP leak Protected Insecure, leads to deanonymization
Protocol IP leak Protected Insecure, leads to deanonymization
Flash cookies Reduces anonymity to pseudonymity. It is recommended to delete Flash cookies Flash activity over clearnet and Tor can be linked, which leads to deanonymization (or a significant reduction in the anonymity set) if the skew is large and rare. Flash is also useful for additional fingerprinting, which has an adverse impact [134]
Number of installed fonts The number of fonts inside Whonix-Workstation ™ (anon-whonix) and the host (clearnet) operating system will differ, which is good for anonymity The same fonts are reported for both clearnet and Tor Flash activity, which is harmful to anonymity [134]
Exact flash player version The Flash version is shared among many users, [135] which is good for anonymity, since it reduces the impact of fingerprinting. The version is also probably different from the host (clearnet) operating system, which is beneficial The same version is reported for Flash activity over both clearnet and Tor, which is harmful to anonymity [134]
GNU/Linux kernel version This version is shared among many people, [135] which is good for anonymity, since it reduces the impact of fingerprinting The same version is reported for Flash activity over both clearnet and Tor [134]
Language Set to en_US for all Whonix ™ users Set to the user's local language setting. This is useful for fingerprinting, since it leads to anonymity set reduction [134]
Exact date and time This differs from the host (clearnet) operating system, which is beneficial (see TimeSync for details) The same time / clockskew is reported for both clearnet and Tor Flash activity, which is harmful to anonymity [134]
Exact screen resolution and DPI ? The same screen resolution and DPI is reported for both clearnet and Tor use, which is harmful to anonymity [134]
Full path to the Flash plugin This is shared among many people, [135] which is good for anonymity Depends on the host (clearnet) operating system. In the worst case it could contain the operating system user name, which is fatal if it is the user's actual name. The same path to the Flash plugin is reported for both clearnet and Tor use, which is harmful to anonymity [134]
Other factors [136] Assume reduction from anonymity to pseudonymity Greater possibilities for fingerprinting and linkage of activities, which is harmful to anonymity [134]
Conclusion A user's IP address / location / identity will remain hidden inside Whonix-Workstation ™ (anon-whonix), but it is assumed to be pseudonymous rather than anonymous Flash over Tor -- on the host, without software like Whonix ™ -- is completely unsafe. If Flash is ever used over clearnet, linkage of activities is possible. In the worst case scenario, assume the strong Flash fingerprint can lead to full deanonymization

For further information about using Flash and other browser plugins in Whonix ™, see here.

Attacks[edit]

Circumventing Proxy Obedience Design[edit]

Introduction[edit]

This section presupposes the user is familiar with:

  • The security comparison of different Whonix ™ variants.
  • Unsafe Browser: Tails and Liberte Linux package a so-called "Unsafe Browser". The Unsafe Browser does not use Tor, but instead connects in the clear. It is useful for hotspot registration or for viewing clearnet content without Tor.
  • Feasible exploits against a physically isolated Whonix-Gateway ™: this is difficult when the Whonix-Gateway ™ is running in a bare metal configuration. The reason is that only Whonix-Workstation ™ has access to Tor running on Whonix-Gateway ™. [137]

Whonix ™ protects against discovery of a user's IP address / location via a successful root exploit (Malware [archive] with root rights) on the Whonix-Workstation ™ (anon-whonix). [29] Users should not deliberately test this feature and risk becoming infected with malware, since all the data inside Whonix-Workstation ™ (anon-whonix) would become available to the attacker.

Whonix ™ is not a perfect or unbreakable system, nor can it ever be. However, Whonix ™ does raise the bar for attackers, meaning greater effort and skill is needed to discover the user's real IP address and successfully deanonymize them. The following table summarizes the defense-in-depth provided by the Whonix ™ design.

Terms that are used in the following table are defined below:

  • TBB: Tor Browser Bundle.
  • Fail: the IP address / location of the user is compromised.
  • Safe: the IP address / location of the user is hidden behind Tor.

Overview[edit]

Table: Proxy Circumvention Threats

Attack Whonix ™ Default Whonix ™ Physical Isolation Tails Tails in a VM TBB TBB in a VM Qubes OS TorVM corridor
1. Proxy bypass IP leak [138] Safe [139] Safe [139] Safe [139] Safe [139] Fail Fail Safe Safe
2. Protocol IP leak [140] Safe [141] Safe [141] Fail Safe [142] Fail Safe [142] Safe Safe [142]
3. Exploit [143] [144] Safe Safe Fail [145] Fail [145] Fail Fail Safe Fail
4. Exploit + root exploit [143] [146] Safe Safe Fail [145] Fail [145] Fail Fail Safe Fail
5. Root exploit [143] [147] Safe Safe Fail [145] Fail [145] Fail Fail Safe Fail
6. Exploit + VM exploit [148] [149] Fail Safe Fail Fail Fail Fail Fail Fail
7. Exploit + VM exploit + exploit against physically isolated Whonix-Gateway ™ [150] Fail Fail Fail Fail Fail Fail Fail Fail
8. VM exploit [151] Fail Safe Safe Fail Safe Fail Fail, see [152] Fail
9. VM exploit + exploit against physically isolated Whonix-Gateway ™ [153] Fail Fail Safe Fail [154] [155] Safe Fail [154] [155] Fail, see [152] [154] [155] Fail
10. Exploit against Tor process [156] Fail [157] Fail [157] Fail Fail Fail Fail Fail Fail
11. Attack against the Tor network [158] Fail Fail Fail Fail Fail Fail Fail Fail
12. Backdoor [159] [81] Fail Fail Fail Fail Fail Fail Fail Fail
13. Onion service domain name security after server software exploit Safe [160] Safe [160] Fail [161] Fail [161] Not an operating system Not an operating system ? [162] Fail

Network Time-related[edit]

Introduction[edit]

This section presupposes the user is familiar with:

Terms that are used in the following table are defined below:

  • (VM host) update/crypto block: prevention of (VM host) operating system updates and cryptographic verification such as TLS (SSL) in the (VM host) browser.
  • u/c-block: update/crypto block.
  • Tor blocked: prevention of connections to the Tor network until the clock is manually fixed.
  • Big clock skew: more than 1 hour in the past or more than 3 hours in the future. [163]
  • Small clock skew: less than 1 hour in the past or less than 3 hours in the future. [163]

Overview[edit]

Table: Network Time-related Issues

Whonix ™ Default Whonix ™ Physical Isolation Tails Tails in a VM TBB TBB in a VM Qubes OS TorVM
VM host time synchronization mechanism NTP Gateway: there is no VM host. Workstation host: NTP There is no VM host. Same as the operating system synchronization mechanism NTP There is no VM host NTP NTP
Operating system synchronization mechanism sdwdate sdwdate tordate and tails_htp tordate and tails_htp NTP NTP ?
Effect of a grossly inaccurate clock Tor blocked Tor blocked tordate fixes the clock tordate fixes the clock Tor blocked Tor blocked Tor blocked
VM host time differs from operating system time Yes [164] Yes [164] There is no VM host Yes [165] No [166] Possibly [167] No
Unsafe browser time differs from torified browser time [168] Yes [164] Yes [169] No [170] No [170] No [166] Possibly [167] No
Large clock skew attack against NTP [171]: VM host effects u/c-block VM host u/c-block There is no VM host VM host u/c-block There is no VM host VM host u/c-block u/c-block
Large clock skew attack against NTP [171]: operating system effects Tor blocked Tor blocked [172]; tordate fixes the clock skew [172]; tordate fixes the clock skew Tor blocked; u/c block Tor blocked; u/c block Tor blocked
Fingerprintable reaction [173] when a large clock skew attack is used No, fails identically to TBB No, fails identically to TBB Probably yes, see the fingerprint section above Probably yes, see the fingerprint section above TBB TBB No
Small clock skew attack against NTP [171], VM host effects: VM host u/c block (?) VM host u/c block (?) There is no VM host VM host u/c block (?) VM host u/c block (?) VM host u/c block (?) VM host u/c block (?)
Small clock skew attack against NTP [171], operating system effects: Whonix ™ VMs: sdwdate fixes the clock skew sdwdate fixes the clock skew VM: tails_htp fixes the clock skew tails_htp fixes the clock skew If the user visits a page monitored by an adversary, they will know who is connecting [174] If the user visits a page monitored by an adversary, the will know who is connecting [174] If the user visits a page monitored by an adversary, they will know who is connecting [174]

Usability[edit]

Table: Overall Usability

Whonix ™ Tails Tor on the Host Qubes OS TorVM corridor
Difficulty: installing additional software while the IP address remains hidden [175] Easy [176] Moderate [177] Difficult [178] Easy Moderate
Difficulty: installation of the base anonymity software Easy Easy Easy Difficult [180]
Required knowledge to prevent serious user error [181] Difficult Difficult Difficult Difficult Difficult
Pre-installed applications Wide selection Wide selection None Not applicable Not applicable
Grossly inaccurate host clock No connection to the Tor network until the clock is manually fixed Uses tordate [archive] to fix the clock No connection to the Tor network until the clock is manually fixed No connection to the Tor network until the clock is manually fixed ?
Comprehensive documentation Yes [182] Yes [183] ? ? ?
Disable power savings in VMs Yes [184] No, but there is no sleep mode ? ? ?

Features[edit]

Table: Features

Whonix ™ Tails Tor Browser Qubes OS TorVM
Default desktop XFCE GNOME Whatever the user has installed. Not an operating system XFCE
Multi-language support No Yes Yes ?
Fits on a DVD No Yes Not an operating system ?
VPN support: userVPNTordestination Manual configuration is required [185] No [186] Possibly can be manually installed (?) Yes
VPN support: userTorVPNdestination Manual configuration is required [185] No [186] ? Yes [187]
VPN support: userVPNTorVPNdestination Manual configuration is required [185] No [186] ? Yes
IRC client pre-configured for privacy Yes (HexChat) Yes (Pidgin) [188] Not an operating system No
Flash support Manual installation is required [189] No, but HTML5 videos are functional [190] Manual installation is required ?
Mixmaster over Tor No [191] No Not an operating system No
Ricochet IM[192] [106] No [193] Unsupported, but can be manually installed [194] Not applicable ?
FTP support Partial [195] No (?) [196] Not an operating system ?
Download manager Manual installation is required [197] Manually installation is required [198] ? ?
Webmail can be used in the browser Yes Yes Yes Yes
Email client Thunderbird Thunderbird ? ?
Hidden service support Manual configuration is required [199] Manual configuration is required [200] ? ?
Hidden server configuration GUI No No [201] ? ?
Support for free Wi-Fi hotspots Yes [202] Yes [203] Yes [204] ?
Video / streaming software Manual installation is required Some applications are included, more can be manually installed Not an operating system Manual installation is required
Control port filter proxy Yes [205] No No No
TBB about:tor success message Yes ? ? ?
Functional new identity option in Tor Button Yes [206] Yes [207] [206] Yes [206] ?
Default browser set to Tor Browser Yes Yes (?) Not applicable ?
File / link open confirmation Yes ? ? ?
I2P over Tor Manual installation and configuration is required [208] ? Not an operating system Manual installation is required (?)
JonDonym over Tor Manual installation is required [209] ? Not an operating system Manual installation is required (?)
RetroShare over Tor Manual installation is required [210] ? Not an operating system Manual installation is required (?)
Shared folder help Yes [211] [212] [213] ? ? ?
Higher boot resolution Yes [214] ? ? ?
Verbose boot output Yes [215] ? ? ?
RAM-adjusted desktop starter Yes [216][217] ? ? ?

Circumvention[edit]

Table: Censorship Circumvention Options

Whonix ™ Tails Tor Browser Qubes OS TorVM corridor
obfs4 Yes [218] Yes Yes ? ?
meek Yes [219] Yes [220] Yes ? ?
Snowflake Yes [221] [222] No [223] Yes ? ?
Other Censorship Circumvention Tools ? ? ? ? ?

Statement about Neutrality of this Page[edit]

General[edit]

An impartial comparison of anonymity platforms and tools is difficult, since contributors to this page are most likely Whonix ™ users. Regardless, an imperfect comparison page is better than none at all. The reader should bear in mind that this wiki content might have been anonymously posted elsewhere, such as Wikipedia. The contributors to this page have decided to attach their pseudonyms.

Anonymous edits are allowed and are generally published within a short time frame. Readers who notice any mistakes can immediately edit the page. This entire article is published under a Free (as in speech) license (GPLv3+). [224]

Different Views[edit]

Opinions should always be expressed carefully, particularly when analyzing the merits and weaknesses of other software projects. A range of different opinions already exist on this exact issue. Interested readers can refer to the following resources or add their own:

Systems Omitted from the Comparison[edit]

The following software platforms were not considered in this comparison, but may be included in the future:

See Also[edit]

Footnotes[edit]

  1. The Qubes website states:

    If you are interested in TorVM, you will find the Whonix ™ implementation in Qubes a more usable and robust solution for creating a torifying traffic proxy.

  2. At the time of last comparison.
  3. Most recent stable version.
  4. Custom-Workstation: self-made builds can run on any real or virtual hardware so long as they are behind a Whonix-Gateway ™ (sys-whonix). Tor Browser binaries are limited to a handful of platforms - Windows, Linux, BSD and Mac.
  5. Whonix-Workstation ™ (whonix-ws-16): Other Operating Systems are also supported. With respect to Whonix-Gateway ™ (whonix-gw-16), developers are agnostic about supporting any other secure distributions. Of course another operating system could be used as the base, but it requires significant effort.
  6. The default downloads are for VirtualBox, but this is subject to change in the future. Physical Isolation is an optional security feature for advanced users. Experimental, optional support is available for VMware. Images can be built for other virtualizers, but it requires some work, see: Other Virtualization Platforms.
  7. For advanced users.
  8. See Other Operating Systems.
  9. See also HVM [archive].
  10. Qubes-Whonix ™: DisposableVMs
  11. 11.0 11.1 11.2 11.3 Users can install the host operating system on a USB.
  12. Whonix ™ does not have a fully-featured USB installer. Installing the operating system on a USB is recommended, but the decision is left to the user.
  13. Tails has a professional USB installer.
  14. 14.0 14.1 14.2 This has a neutral blue color, because the project dictates whether or not a specific virtualizer is required.
  15. 15.0 15.1 https://tails.boum.org/contribute/design/virtualization_support/ [archive]
  16. https://tails.boum.org/doc/advanced_topics/virtualization/ [archive]
  17. This has a red color because it raises the bar for new users, who must expend significant effort to try it.
  18. This is only available as an experimental proof of concept, see: VMware. It is not recommended because VMware is closed source software. Whonix ™ developers do not support or test this configuration.
  19. This has a neutral color because Qubes OS is open source, while VMware is closed source and should therefore be discouraged.
  20. Qubes-Whonix ™.
  21. https://www.qubes-os.org/doc/tails/ [archive]
  22. Custom installed applications and user data can be stored and survive reboot.
  23. Depending on a user's settings, bookmarks and passwords can be saved, and downloaded files retained.
  24. See Contributors.
  25. https://en.wikipedia.org/wiki/Tails_%28operating_system%29 [archive]
  26. https://en.wikipedia.org/wiki/Tor_browser [archive]
  27. This matters because until Deterministic Builds become standard, (non-)anonymous developers might imply trust. A project's reputation, formal education and expertise are other relevant factors.
  28. 28.0 28.1 Protection from root exploits, specifically malware [archive] with root rights.
  29. 29.0 29.1 29.2 The Workstation is where the browser, IRC client and other user applications are run. The Gateway is where Tor and the firewall are running.
  30. Whonix ™ protects against IP address / location discovery through root exploits (malware [archive] with root rights) inside Whonix-Workstation ™ (anon-whonix), although this feature should not be unnecessarily tested. Successful attacks by adversaries cannot yield the user's real IP address / location, because Whonix-Workstation ™ (anon-whonix) can only connect through the Whonix-Gateway ™ (sys-whonix). More skill is required to compromise Whonix ™ due to its design; also see attacks on Whonix ™.
  31. 31.0 31.1 If Tails is compromised by a root exploit, the adversary can simply bypass the firewall to discover the user's real IP address.
  32. corridor is not designed for that purpose. A compromised application could contact a colluding Tor relay.
  33. IP / DNS leaks are impossible in Whonix ™, since Whonix-Workstation ™ (anon-whonix) is unaware of its external IP address.
  34. 34.0 34.1 Please read how Whonix ™ protects against realistic threats first. IP leaks are possible in Tails if applications are configured incorrectly or have a critical bug - this similarly applies to the Tails platform itself. The Tails Security Page [archive] notes:

    Until an audit [archive] of the bundled network applications is done, information leakages at the protocol level should be considered as - at the very least - possible.
  35. https://www.torproject.org/docs/faq.html.en#EntryGuards [archive]
  36. https://tails.boum.org/blueprint/persistent_Tor_state/ [archive]
  37. 37.0 37.1 37.2 Since the responsibility for building Tor circuits falls on clients running behind corridor-Gateway.
  38. Similar to above because it requires persistent Tor entry guards.
  39. Stream isolation provides protection against identity correlation through circuit sharing.
  40. For further details, see stream isolation.
  41. Separate Tor streams in Tails [archive].
  42. Ever since the following ticket was implemented: Tor Browser should set SOCKS username for a request based on referer [archive].
  43. Tor Browser comes with its own Tor instance. It is just a browser, not a live system or an operating system.
  44. The user must configure applications manually to use stream isolation. In Whonix ™, all applications that are installed by default (like curl, wget, ssh, tbb, and others) are configured to use their own SocksPort. Tails also has this feature, but it is not as extensive as Whonix ™. When QubesOS TorVM was last checked, it did not provide stream isolation.
  45. This is relevant when workstations x1, x2, ..., xn are all running behind the same gateway y.
  46. See: IP spoofing protection.
  47. A user can either run Multiple Whonix-Gateway ™ or configure an encrypted and/or authenticated connection between the Whonix-Gateway ™ and Whonix-Workstation ™.
  48. See: https://groups.google.com/d/msg/qubes-devel/le7-Rrq6yxY/k_fQdSTzvLAJ [archive]
  49. See https://tails.boum.org/contribute/design/incremental_upgrades/ [archive]
  50. See systemcheck, Whonix ™ news.
  51. See Whonix ™ news.
  52. A GNOME libnotify notification pops up with a link and offers the user an opportunity to subscribe to news by email.
  53. This might be possible via the browser's https://check.torproject.org [archive] function. This was never implemented, even after old Tor Browser bundles became a popular exploit [archive].
  54. See security issues when using apt update in scripts.
  55. The systemcheck function check_operating_system [archive] uses /usr/lib/apt-get-wrapper [archive].
  56. See Protocol-Leak-Protection and Fingerprinting-Protection for details.
  57. 57.0 57.1 57.2 By default this information is not sent to anyone. It is only at risk when the machine is compromised by malware.
  58. 58.0 58.1 58.2 58.3 58.4 The design of assigned MAC addresses means that destination servers cannot see them. Therefore yes, they are always hidden from destination servers.
  59. This is a realistic threat considering some ISPs are based on LANs, which means they can see the MAC addresses of their clients. Hotspots can also see the MAC addresses of connected devices.
  60. Please read Whonix ™ in public networks / MAC Address.
  61. Tails spoofs the MAC address. This feature can be easily disabled.
  62. https://www.qubes-os.org/doc/anonymizing-your-mac-address/ [archive]
  63. The virtual MAC address for Whonix-Gateway ™ internal network interface (eth1) is shared among all Whonix ™ users, because Whonix-Workstation ™ can see it. However, Whonix-Workstation ™ cannot see the MAC address of Whonix-Gateway ™ external network cards (eth0).
  64. Unless a physical network card is assigned to the virtual machine.
  65. Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms [archive]
  66. A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observation [archive]
  67. https://forums.whonix.org/t/your-mac-address-randomization-attempts-are-futile [archive]
  68. MAC Address Introduction
  69. https://github.com/QubesOS/qubes-issues/issues/2361 [archive]
  70. DisposableVMs are not amnesic in their current form, as traces of activity may be left on storage media or in RAM.
  71. There are no special measures to limit what is written to disk because Whonix ™ acts like an ordinary operating system. A non-exhaustive list of user activity includes: user created files, backup files, temporary files, swap, chat history, browser history and so on. Whonix ™ is also unable to prevent host memory swaps [archive] to the host disk (see also: virtual memory [archive]). Mitigating this threat requires following the recommendation to use multiple VM snapshots and applying full disk encryption on the host. There is a security-usability trade off here: greater persistence allows Whonix ™ to remain fully-featured and enables users to easily install additional software.
  72. Tails is amnesic by design.
  73. Although Tor Browser is designed [archive] to prevent browser activity leaking to disk, the implementation could be faulty, or swap might still leak. Also see The Tor Project blog post Forensic Analysis of Tor on Linux [archive] and the full pdf results [archive].
  74. A DisposableVM [archive] could be used with a TorVM. For a discussion of TorVM anti-forensics features, see DisposableVM versus local forensics? [archive].
  75. corridor-Gateway itself is not amnesic. The amnesic feature must be implemented by the workstations (and possibly gateways) behind corridor-Gateway.
  76. See Cold boot attack [archive].
  77. https://github.com/QubesOS/qubes-issues/issues/716 [archive]
  78. Mirror by unman: https://www.qubes-os.org/news/2019/04/17/tor-onion-services-available-again/ [archive]
  79. Having TLS (SSL) supported mirrors may seem like an oxymoron. The common practice is to assume that mirrors are not to be trusted. Even if the mirror owners were trusted persons, it is still an open question how good their server security is. Even if their server security is exceptional, mirrors are generally also hosted in hosting companies and we cannot trust those. However, not all adversaries have extensive capabilities like being capable of mounting man-in-the-middle attacks, breaking server security or forcing the hosting company to turn over the keys and so on. Users who do not use verification are still better off downloading from a TLS supported mirror. Therefore, TLS protected mirrors work well against less sophisticated adversaries. In terms of numbers, this results in fewer users potentially ending up with maliciously altered downloads.
  80. It would also be safer if the download server was under the full control of the developers and not under control of a company, the hosting provider. Unfortunately that is not how things work today. Self-hosting is very expensive, requires a fast internet connection (home user contracts are not fast enough), and adequate physical security. Even the servers of The Tor Project are not hosted in a developer's home. This is being elaborated in chapter Trusting the Whonix ™ Website.
  81. 81.0 81.1 81.2 Open Source software does not automatically prevent backdoors [archive], unless the user creates their own binaries directly from the source code. People who compile, upload and distribute binaries (including the webhost) could add hidden code, without publishing the backdoor. Anybody can claim that a certain binary was built cleanly from source code, when it was in fact built using the source code with a hidden component. Those deciding to infect the build machine with a backdoor are in a privileged position; the distributor is unlikely to become aware of the subterfuge. Deterministic builds can help to detect backdoors, since it can reproduce identical binary packages (byte-for-byte) from a given source. For more information on deterministic builds and why this is important, see:
  82. See Tails Roadmap [archive].
  83. See Deterministic Builds Part One: Cyberwar and Global Compromise [archive] and Deterministic Builds Part Two: Technical Details [archive].
  84. 84.0 84.1 corridor only uses shell scripts.
  85. 85.0 85.1 85.2 85.3 To be fair, there are no deterministically built operating systems yet. It is a difficult process and takes a lot of effort to complete. While Debian has around 25,000 reproducible packages [archive] in mid-2021, this work has been ongoing since 2013 and is far from done.
  86. 86.0 86.1 86.2 86.3 86.4 The first form of backdoor [archive] is a vulnerability [archive] (bug) in the source code. Vulnerabilities are introduced either purposefully or accidentally due to human error. Following software deployment, an attacker may discover the vulnerability and use an exploit [archive] to gain unauthorized access. Such vulnerabilities can be cleverly planted in plain sight [archive] in open source code, while being very difficult to spot by code auditors. Examples of this type of backdoor include: The second form of backdoor is adding the full code (or binary) of a trojan horse [archive] (computer virus) to the binary build, while not publishing the extra source code and keeping it secret. This process can only be detected with deterministic builds.
    It is therefore impossible to claim that non-trivial source code is backdoor-free, because backdoors can be hidden as vulnerabilities. Auditors scrutinizing the source code can only state an opinion about the quality of the source code, and eventually report vulnerabilities if/when they are identified. Assertions that source code is free of computer viruses (like trojan horses) is the only reasonable assertion that can be made.
  87. 87.0 87.1 87.2 87.3 87.4 Although theoretically possible, there are no mathematically proven bug-free [archive] operating systems yet.
  88. 88.0 88.1 Hidden source code is defined as code which is added by an adversary. They may have: compromised a build machine, conducted compiling prior to the binary build process, or be responsible for building the actual binary. The secret source code will remain unpublished and it will appear (or be claimed) that the software was built from the published source code. Reliably detecting such hidden code - added on purpose or due to build machine compromise - requires comparison with deterministic builds, which are discussed above. Other methods like watching network traffic are less reliable, since a backdoor can only be spotted when it is used. Backdoors are even less likely to be found through reverse engineering [archive], because very few people are using a disassembler [archive].
  89. The upstream distribution is the distribution on which the project is based. Whonix ™ and Tails are based on Debian, thus Debian is their upstream distribution. QubesOS TorVM is based on Qubes OS, which is itself based on Fedora and Xen.
  90. 90.0 90.1 90.2 90.3 90.4 No, since the upstream software is not deterministically built. See above to learn about deterministic builds
  91. See verifiable builds.
  92. To discover if Whonix ™, Tails or TBB is running.
  93. Because TorVM's own traffic is not torified.
  94. Tails does not [archive] support persistent entry guards [archive] yet.
  95. Operating system updates, use of a host browser and so on.
  96. Operating system updates, use of an untorified second browser and so on.
  97. Due to package selection, it will probably also reveal that it is an Qubes OS TorVM.
  98. Whonix ™ users might tend to have more traffic than TBB users, as operating system updates of Whonix-Workstation ™ (whonix-ws-16) and Whonix-Gateway ™ (whonix-gw-16) take place over Tor. It is unknown if the data volume is specific enough to guess a transparent or isolating proxy is in use, or if a significant proportion of other Tor users route a large amount of traffic through Tor (to help disguise Whonix ™ users). Research prior to the foundation of Whonix ™ suggested that a large amount of file sharing occurred via Tor. Classical file-sharing is likely to have far greater upload than Whonix ™, but it is unclear how many people have disabled upload settings or moved to methods which have minimal upload, such as file hosters.
  99. The unsafe browser is in use, or other people are sharing the same Internet connection who are not using Tails.
  100. See above: Network fingerprint: ISP cannot trivially guess the project type.
  101. 101.0 101.1 The Tails Design about Time syncing [archive] states:

    Our initial time guess based on the Tor consensus is probably easier to fingerprint, though: a fresh Tor is started, and restarted again right after the consensus has been downloaded.
  102. Fingerprint for the websites that are visited.
  103. Whonix ™ uses the original Tor Browser from The Tor Project, with the only difference being Tor runs on Whonix-Gateway ™ instead of using the locally shipped Tor.
  104. 104.0 104.1 Refer to the following Tails resources for the latest status update: (fingerprint) for the websites that you are visiting [archive] and evaluate web fingerprint [archive].
  105. This is the original Tor Browser Bundle from torproject.org.
  106. 106.0 106.1 While preventing Tor over Tor, which is recommended.
  107. This could probably be installed manually, but users are generally not aware of fingerprinting issues. Further, they usually have trouble in using Tor Browser without the bundled Tor instance - which is of course recommended to prevent Tor over Tor scenarios.
  108. Tails and Liberte Linux contain a so called "Unsafe Browser". The Unsafe Browser does not use Tor and it connects in the clear. It is available on these platforms because it is useful for registering on hotspots or for general (non-anonymous) browsing purposes.
  109. When using VMs:
    • The unsafe browser on the host is untouched, so it is not affected by installing Whonix ™.
    When using Physical Isolation:
    • From Whonix ™ 0.5.6 onwards, there is no unsafe browser. A separate third machine with clearnet access could be configured.
  110. Tails Todo: Improve fingerprint of the Unsafe Browser [archive]
  111. This is useful for keeping the clock synchronized for long running sessions.
  112. See also Dev/TimeSync.
  113. Users who want to hide Tor and Whonix ™ from the ISP should not connect to the public Tor network when starting the platform for the first time.
  114. Settings, patches and add-ons.
  115. See Tor Browser [archive].
  116. See TimeSync.
  117. See Tails - Time syncing [archive].
  118. It is best when account names are shared among anonymity-focused distributions [archive].
  119. https://github.com/ioerror/torbirdy/blob/master/gpg.conf [archive]
  120. gpg.conf optimized for privacy [archive]
  123. As TorVM may not run inside other virtualizers in the first place, although this is untested.
  124. systemcheck
  125. https://en.wikipedia.org/wiki/AppArmor [archive]
  126. https://github.com/Whonix/grub-enable-apparmor [archive]
  127. Additional profiles can be manually installed. Profiles are already enabled by default for Tor and obfsproxy.
  128. https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581 [archive]
  129. https://github.com/Whonix/security-misc/tree/master/etc/default/grub.d [archive]
  130. https://github.com/QubesOS/qubes-issues/issues/2695 [archive]
  131. ./Dev/Strong_Linux_User_Account_Isolation#Bruteforcing_Linux_User_Account_Passwords [archive]
  132. See above.
  133. Due to anonymity, privacy and security problems associated with Adobe Flash.
  134. 134.0 134.1 134.2 134.3 134.4 134.5 134.6 134.7 134.8 If the fingerprint is detailed enough, then linkage of activities and subsequent deanonymization becomes easier.
  135. 135.0 135.1 135.2 That is, it is shared among all up-to-date Whonix ™ users, and some Debian users. In Debian's case that would be persons using the same platform that Whonix ™ is based on (Debian stretch in Whonix ™ 14.0.0.7.4). In addition, some users of Debian derivatives (like Ubuntu) would share the same Flash version.
  136. Users can conduct their own checks on http://ip-check.info [archive]
  137. Whonix ™ developers have also minimized the attack surface, added hardening features and so on. Refer to developer documentation on security and hardening for further details.
  138. An application not honoring proxy settings. Example: Tor Browser Bundle: Firefox security bug (proxy-bypass) [archive].
  139. 139.0 139.1 139.2 139.3 Prevented by the firewall.
  140. This occurs when applications leak the user's real IP address. See Whonix ™ Security in the Real World for examples where Whonix ™ prevented them. Leaks are often circumvented in Whonix ™ because Whonix-Workstation ™ (anon-whonix) is unaware of the real IP address.
  141. 141.0 141.1 The workstation does not know its own external IP address.
  142. 142.0 142.1 142.2 The VM replaces the IP address with an internal LAN IP, which is safe.
  143. 143.0 143.1 143.2 Consider the following example. A user visits a website over Tor with a torified browser. The website uses a known or zero day vulnerability to gain remote code execution on the user's machine, and then installs malware.
  144. The vulnerability "only" allows the adversary to gain user rights, not root. The adversary could then remotely start the Unsafe Browser in order to discover the user's real IP address. This attack is circumvented by Whonix ™, because any applications running inside Whonix ™, including malware, can only connect through Tor.
  145. 145.0 145.1 145.2 145.3 145.4 145.5 Tails bug report The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interaction [archive] contains an example how this attack could be accomplished.
  146. The vulnerability "only" allows the adversary to gain user rights, not root. The adversary gains root rights by escalating privileges with a second vulnerability. The adversary is then capable of tampering with iptables rules to make non-Tor connections and so on. This attack is circumvented by Whonix ™, because the firewall runs on another (virtual) machine. Further, any root applications inside Whonix ™, including malware with root rights, can only connect through Tor.
  147. The vulnerability used allows the adversary to gain root rights. The adversary is then capable of tampering with iptables rules to make non-Tor connections and so on. This attack is circumvented by Whonix ™, because the firewall runs on another (virtual) machine. Further, any root applications inside Whonix ™, including malware with root rights, can only connect through Tor.
  148. Consider the following example. A user visits a website over Tor with a torified Browser. The website uses a known or zero day vulnerability to gain remote code execution on the user's machine, and then installs malware.
  149. A second exploit is then used to break out of the virtual machine. The default Non-Qubes-Whonix ™ and Qubes-Whonix ™ platforms are vulnerable to this attack. Whonix ™ with physical isolation defeats this attack, because the Whonix-Workstation ™ host does not know its real IP address, only Whonix-Gateway ™ does, which is running on another physical machine.
  150. This is the same as attack number six, except in this case the adversary uses an extra vulnerability to break into Whonix-Gateway ™. Whonix ™ is vulnerable to this form of attack.
  151. Consider the following example. A user visits a website over Tor with a torified Browser. The website uses a known or zero day vulnerability to gain remote code execution on the user's machine. The default Non-Qubes-Whonix ™ and Qubes-Whonix ™ platforms will fall to this attack, the same as attack number six. Physical isolation defeats this attack in the same manner as per attack number six.
  152. 152.0 152.1 White is used as a more neutral color because according to this post [archive] by Joanna Rutkowska [archive], exploiting a QubesOS virtual machine is more difficult than exploiting VirtualBox.
  153. Consider the following example. A user visits a website over Tor with a torified Browser. The website uses a known or zero day vulnerability to gain remote code execution on the host. The adversary then uses an extra vulnerability to break into Whonix-Gateway ™. Whonix ™ is vulnerable to this kind of attack.
  154. 154.0 154.1 154.2 Fail, because it has already fallen victim to a VM exploit.
  155. 155.0 155.1 155.2 This is not usually run behind a physically isolated Whonix-Gateway ™.
  156. Consider the following example. A user visits a website over Tor with a torified Browser, with Tor controlling (processing) the traffic. The adversary uses a vulnerability to gain remote code execution on the user's machine. The machine where Tor is running knows the user's real IP address (Tor control protocol command: getinfo address), unless this machine is itself behind another Gateway which is difficult to configure; see Chaining Multiple Gateways.
  157. 157.0 157.1 Unless a user is Chaining Multiple Gateways, which is unfortunately only available to expert users. Whonix ™ is vulnerable to this form of attack.
  158. For example, an end-to-end correlation attack. Research has established that Tor is vulnerable to numerous other attack vectors. Any successful attack against Tor, where an anonymity operating system is dependent on it, will naturally deanonymize the user. The exception is users who are Chaining Multiple Gateways, which unfortunately is only available to expert users. Whonix ™ is capable of defeating some attacks against Tor and associated components such as Tor Browser; for example, see the secure and distributed time synchronization mechanism and protocol and fingerprinting leak protection, along with the rest of the Design page.
  159. Any backdoor [archive] in Tor would be fatal for operating systems which rely upon it, since it would open up an avenue for targeted attacks. Widespread attacks are more likely to be identified.
  160. 160.0 160.1 When server software on Whonix-Workstation ™ (anon-whonix) is (root) exploited, the attacker cannot steal the key of the onion service because it is stored on Whonix-Gateway ™ (sys-whonix).
  161. 161.0 161.1 Tails is not yet meant to be used as a server.
  162. This is safe in theory, but it is unclear if TorVM supports onion services.
  163. 163.0 163.1 Source: https://lists.torproject.org/pipermail/tor-talk/2012-February/023264.html [archive]
  164. 164.0 164.1 164.2 Because the unsafe browser runs on the VM host which uses NTP, and the torified browser runs inside Whonix-Workstation ™ (anon-whonix) which uses sdwdate.
  165. The VM host time is synchronized with NTP, and operating system time is synchronized with tails_htp.
  166. 166.0 166.1 An untorified host browser uses the same clock as TBB.
  167. 167.0 167.1 The host and VM clock are both synchronized with NTP, but there still might be a difference since they are synchronized independently.
  168. This is important because if the clock skew is too large and/or unique, non-anonymous and anonymous activity might be linked.
  169. The time differs because Whonix-Workstation ™ (anon-whonix) and Whonix-Gateway ™ (sys-whonix) use separate sdwdate instances.
  170. 170.0 170.1 The unsafe browser and torified browser share the same clock via tails_htp
  171. 171.0 171.1 171.2 171.3 An attack initiated by an ISP-level adversary.
  172. 172.0 172.1 This assumes installation of a regular operating system using NTP which was used earlier, and the introduction of a clock skew by an adversary.
  173. Such as running tordate.
  174. 174.0 174.1 174.2 Due to a unique clock skew introduced by an adversary.
  175. That is, installing new software safely.
  176. In Whonix ™, it is possible to install a (Tor-unsafe [archive]) BitTorrent client. In the worst case it would be pseudonymous rather than anonymous, as the IP address would still be hidden.
  177. Tails has a firewall to block non-Tor traffic, but an audit [archive] at the protocol level is still required. The Tails Security Page [archive] notes:

    Until an audit [archive] of the bundled network applications is done, information leakages at the protocol level should be considered as - at the very least - possible.
  178. The user must manually prevent non-Tor traffic, DNS leaks and protocol level leaks.
  179. Text, screenshot and video instructions are available.
  180. The user must install and set up the Gateway from source code.
  181. For examples of what not to do, see DoNot.
  182. Documentation
  183. https://tails.boum.org/doc/index.en.html [archive]
  184. https://github.com/Whonix/power-savings-disable-in-vms [archive]
  185. 185.0 185.1 185.2 Necessary software is included, but there is no GUI to complete the process. For documentation on this optional configuration, see tunnel introduction.
  186. 186.0 186.1 186.2 Tails status for VPN support: https://labs.riseup.net/code/issues/5858 [archive]
  187. By configuring the NetVM of the TorVM as a VpnVM.
  188. https://tails.boum.org/contribute/design/#index42h3 [archive]
  189. See Browser Plugin Security and Browser Plugins.
  190. Tails status for Flash support: https://labs.riseup.net/code/issues/5363 [archive]
  191. Mixmaster has been removed from Debian upstream, see Mixmaster.
  192. https://en.wikipedia.org/wiki/Ricochet_%28software%29 [archive]
  193. Ricochet has been broken since Whonix ™ 15 despite all efforts to fix it, see: Ricochet IM.
  194. Tails wishlist [archive].
  195. Filezilla works out of the box, but is not pre-installed. For Tor Browser and/or wget, users could experiment with TrackHostExits [archive]. Further information on TrackHostExits can be found here [archive] and here [archive].
  196. Tails status for FTP support: https://labs.riseup.net/code/issues/6096 [archive]
  197. Users can install any download manager, preferably using SocksPort, although TransPort works as well. wget -c (pre-configured to use SocksPort) has also been tested to work.
  198. Users can manually install any download manager in Tails. It only needs configuration to use the proper SOCKS proxy.
  199. Hidden services can be used without IP address / DNS leaks, see onion service support. No GUI is available to setup an onion service, but it works well nonetheless.
  200. This is possible via ordinary torrc mechanisms; see Persistence preset: Tor state [archive]
  201. Tails server: Self-hosted services behind Tails-powered Tor onion services [archive]
  202. When using VMs, this can be easily achieved on the host. For users relying on physical isolation, from Whonix ™ 0.5.6 onward there is no unsafe browser. A separate third machine with clearnet access could also be configured.
  203. Tails has a unsafe browser for such tasks.
  204. The host operating system mechanism can be used.
  205. See Dev/Control_Port_Filter_Proxy.
  206. 206.0 206.1 206.2 The option is just as effective as comparable platforms, like Debian.
  207. This option is fully functional in Tails, despite the quote below - see the additional footnote. As noted on the Tails' website, https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html#new_identity [archive]:

    This feature is not enough to strongly separate contextual identities [archive] in the context of Tails as the connections outside of Tor Browser are not restarted.

    Shutdown and restart Tails instead.

  208. See I2P.
  209. See JonDonym.
  210. See RetroShare.
  211. https://github.com/Whonix/shared-folder-help [archive]
  212. VirtualBox shared folders.
  213. KVM shared folders.
  214. https://github.com/Whonix/grub-screen-resolution [archive]
  215. https://github.com/Whonix/grub-output-verbose [archive]
  216. ./Desktop#RAM_Adjusted_Desktop_Starter [archive]
  217. https://github.com/Whonix/rads [archive]
  218. See Bridges.
  219. meek_lite is available from Whonix ™ 14.
  220. https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh [archive]
  221. Manual configuration is required, see: Snowflake.
  222. https://forums.whonix.org/t/replacing-meek-snowflake/5190 [archive]
  223. https://redmine.tails.boum.org/code/issues/5494 [archive]
  224. Permission is granted by adrelanos (Patrick Schleizer) for anyone editing this page to shift the content to a more neutral place, like Wikipedia. Should it be required, Schleizer would also agree to dual / multi / re-licensing of this page under a different Free (as in speech) license, such as GFDL. Note that moving the article to Wikipedia is difficult to achieve anonymously, since they do not allow Tor user edits (and most people interested in this article are Tor users).
Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Comparison with Others&body=./Comparison_with_Others link=https://reddit.com/submit?url=./Comparison_with_Others&title=Comparison with Others link=https://news.ycombinator.com/submitlink?u=./Comparison_with_Others&t=Comparison with Others link=https://mastodon.technology/share?message=Comparison with Others%20./Comparison_with_Others&t=Comparison with Others

We are looking for contributors and developers.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Retrieved from "https://www.whonix.org/w/index.php?title=Comparison_with_Others&oldid=71307"
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.
More information