Question about the whonix appvm & general security

1. if the whonix appvm is intruded, can the attacker disable the network and leak ip?

2. is the default anon-whonix qube just an appVM based on whonix-ws template or is there anything custom about this particular appvm? i wanted to delete it, but i was wondering if it might be special

in general, if there is a good piece of writing that explains what sets whonix apart from tails specifically, i’d like to read it. when i google this topic, i just see buzzwords.

  1. No. Whonix have the Gateway and Workstation separated just for that purpose. Since the tor connection was not made inside of the Workstation, there’s no way to disable it.

  2. No. Anon-whonix is just a Qube based in Whonix Workstation. You can delete it fine.


Basically, Whonix is more secure and “anonymous”. Whonix have many Kernel Hardening, firewall configured to have the best usage of tor and many other things. Tails do some hardenings, but its not secure or anonymous as Whonix. The main purpose of Tails its to have a portable OS, to use on untrusted PCS, Notebooks, etc. And Tails was made to be a anti-forensic OS, which means when you shutdown your system all the things you made and files that you created/downloaded are deleted. Also, Tails don’t isolate the tor gateway from workstation as Whonix does. Which means an attacker can disable your tor connection and leak your IP.

1 Like

hmm but in tails you have to enable the untrusted browser before logging in
i wonder if it can be leaked eitherway if there is access
if so, tails is more insecure than i thought

Yes, this can be leaked. Tails is very insecure.

1 Like

Exactly the same applies to Whonix.
If you need to log in to the network, you cant do this from a qube that
is proxied through Tor.
If you don’t need to log in then you don’t need the untrusted browser in