Welcome to my Alice tea party! 🫖🎀
I decided to write a series of short posts about secure operating systems 🖥🐧

Today, we'll take a look at Whonix and find out if it's as good and anonymous as people say. Spoiler alert: no, it's not.

Let me clarify right away: Whonix is not a full-fledged operating system, but a tool for anonymity that can work independently or as a router in Qubes OS. In this article, I will focus on analyzing how it works as a standalone system

How does Whonix work?🧩
Whonix is built on two virtual machines: Whonix-Gateway and Whonix-Workstation. Gateway configures and routes all your traffic through the Tor network. Workstation is your workplace. If you want to dig deeper, check out their documentation.

Problems with Whonix 🔓
Now to the point: why Whonix isn't really necessary. Let's start with Gateway. It's just Debian with Tor pre-installed and a bunch of scripts that redirect traffic through Tor. Everything is tied to the configuration in the settings file and iptables rules. Cool? Not really. Plus, Whonix drags along old Debian, where packages are updated once in a blue moon.

Whonix positions itself as super protection against leaks, but if you don't understand what you're doing, no virtual machine will save you. For example, if you run a browser with JavaScript or download files and then open them outside of Workstation, your anonymity is gone.

By the way, Whonix can only be run without problems on VirtualBox. You may argue that there are versions for KVM/QEMU on their website. But that's where the problems begin. If you take Whonix for KVM, you won't be able to install it just like that — you need to edit the configuration, and there are no detailed instructions on how to do this anywhere. With VirtualBox, however, there are no such problems — everything works out of the box.

But what's wrong with VirtualBox?🪤
Besides the fact that it is significantly slower than KVM. In March 2025, a vulnerability CVE-2025-30712 with a rating of 8.1 appeared in Virtualbox. It allows an attacker with access to the host system to perform a VM escape, i.e., to get out of the virtual machine onto your main computer🫠. Proof-of-concept is already circulating on the network, and exploitation is easier than it seems. If the host is compromised, all your anonymity goes down the drain, and your real IP or other data may leak.

How to make an analogue of Whunix Gateway? ⚙️
But there is another way. The Gateway model itself is not bad. But you can create a machine with it yourself without Whunix, using a minimalist Linux (such as Gentoo or even FreeBSD instead of Linux). Then configure Tor directly. After all, Gateway is just a wrapper around the standard Tor and iptables settings, which can be found on Google in five minutes. Now add the iptables you found and DNSPort to the Tor config so that DNS requests also go through Tor, and that's it. This takes up less space and reduces the attack surface.

Conclusion
To be fair, Whonix isn't always bad. But it can be useful in conjunction with Qubes OS (where it runs in KVM, by the way), which has additional security mechanisms, such as domain isolation, that enhance security. But apart from Qubes, Whonix is pretty pointless. You might think it's suitable for those who don't want to bother with configuring Tor, but that's not the case. To run Whonix on a decent VM, such as KVM, you'll have to go through just as much trouble.

The bottom line is simple: Whonix is not a super-anonymous OS, but a tool that complicates life more than it protects it 💊

I hope you found this useful.❤️✨ If you wish, you can explore the topic yourself by reading research and testing the system.

Here are some good articles about Whonix:
THESIS.pdf — here is an overview of anonymous operating systems, including Whonix.
Whonix and Tor Limitations — about the shortcomings of Whonix and Tor.
JOSH Article — analysis of Whonix limitations.

#anonymity #linux #whunix #cve #anonymity_os #tor #security

Enjoy your tea, my Alices in Wonderland! 🎀

Many people have heard of onion routing in Tor and have a rough idea of how it works. However, fewer people know about garlic routing.

That's why I decided to write a short note about what it is and how it works in I2P🚥


How is a message sent? ✉️
In I2P, your message travels through a tunnel—a chain of randomly picked computers (nodes) on the network. Each node only knows where to send the data next, not the message content, thanks to garlic encryption🧄.

Your message is first encrypted for the recipient using end-to-end encryption. Asymmetric encryption🔐 uses a public key to encrypt and a private key to decrypt.

How are encryption layers created?🔒
Now the process of wrapping the message in layers begins.

Imagine that you have a tunnel with three nodes: A, B, C.
The encrypted message (already protected for the recipient) must be passed through these nodes so that each one knows only the next step. To do this, I2P creates encryption layers one for each node.
Each layer is additional encryption with instructions for a specific node, such as “forward to node B” or “send to recipient.”

It works like this: you encrypt the message with the public key of node C, adding the instruction “forward to node B.” You encrypt this packet again with the public key of node B with the instruction “forward to node A.” Then the entire packet is encrypted with the public key of node A with the instruction “send to recipient.”

When you send the packet, it goes to node A. Node A opens its layer with its secret key, sees the instruction “forward to node B” and forwards the data. The data remains encrypted for other nodes. Node B opens its layer, sees the instruction “forward to node C” and forwards it. Node C opens the last layer, sees that it needs to be sent to the recipient, and does so.

Each node only knows its own step and does not see the content of the message, its sender, or its recipient.

Why is encryption called garlic?🧄
Now, let's talk about “garlic” encryption in detail. In I2P, your message is packed with others into one encrypted packet🗂, called garlic. This packet may include your message, others’ messages, and network data like tunnel commands⚙️

All these messages are encrypted together, and each layer of encryption (for nodes A, B, C) covers the entire large packet, not each message individually.
When node A opens its layer, it sees the instruction for the entire packet, such as “forward to node B,” and sends it on. It does not know how many messages are inside, whose they are, or where they are going. Node B does the same, opening its layer and forwarding the packet to node C. Node C, opening the last layer, can send the entire packet or parts of it (depending on the instruction) to the recipients, but it does not know how many messages are inside and to whom they are addressed. This makes it impossible to determine whose message is where, even when observing the network.

Each message in the packet is protected by individual encryption for its recipient🔑 so that no one but the intended person can open it.

The messages inside the packet are not explicitly separated they are sort of stuck together into one continuous encrypted piece of data. I2P can also add “garbage” data🗑 fake messages that masquerade as real ones but mean nothing.

In addition, I2P mixes♻️ your packet with other data on the network and can add random delays during transmission. This makes it difficult to analyze traffic. Tunnels change every 10 minutes, and the nodes in them are selected again, so it is impossible to track the path.

How does garlic encryption differ onion encryption?🧅
In onion encryption, each message is encrypted separately and transmitted through its own chain of nodes. Garlic encryption not only wraps your message in layers of encryption, but also combines it with other messages and fake data into a single encrypted packet.

#i2p #cryptography #garlic_encryption #anonymity #tor