all ur base r torify


what makes more sense.

change rpc-policy to sys-whonix-14 - install qubes with whonix update options - onionize update addresses…


install apt-transfer-tor on all template - onionize

or do i miss something?

and whonix suggest not modifying whonix templates/appvm

i think erasing apps not used is better than ‘looking like everyone else’

in case of fingerprinting.

any good article on what kind of information fingerprint gathering has?

The Security Guide already covers all this.


For Whonix 14:

  • Whonix & Debian updates already prefer onions.

  • Manual steps are required as per the guide if you want to ‘onionize’ Qubes dom0 updates, updates for standard Debian templates i.e. Debian8 and Debian9, and Tor Project updates.

  • No onion available for Fedora, because they’re not forward thinking like Debian. Apparently it hasn’t occurred to them that onions are far better than http connections with a gpg check, even though it would take minimal effort by their engineering team.

For Whonix 13:

  • You have to ‘onionize’ everything manually as per the Security Guide.

For fingerprinting issues, see detailed information at these wiki sources:




1 Like

thank you for the links. I will look at those.

yes, I have read all of that on whonix documents. apt-transport-tor was confusing. i have installed apt-transport-tor on all debian templates.

my thought is to use apt-transport-tor with ‘tor+http/s://’ and not route through sys-whonix to gain better stream isolation. from what i read, apt-transport-tor does not need whonix and whonix already uses apt-transport-tor.

so using apt-transport-tor not with sys-whonix would route debian very differently, maybe. or maybe not.