Can tor project take over the whonix project or something, please?

mrxmr · May 17, 2026, 10:53am

Just like they did to the TailsOS project?

I’ve been a WhonixOS user for 3 years now, and I can’t help but notice that this project seems to be hanging by a thin rope. You can see constant issues coming up with the project that repeat itself like whonixos onion services being unreachable, or the whole swath of issues that came from user-sysmaint split, or to the lxqt migration (you click open download directory in tor browser and it opened using catfish for a long time) – and the worst is that it is obvious that Patrick doesn’t have the bandwidth required to listen, engage and interact with the userbase’s wishes, feedback, etc. We all noticed by now, that, the most frequent way patrick replies to your nice, courteous bug report is that a list of links to whonix os wiki that doesn’t provide any specificity to your message’s case. Not only these links like

self-help principle
solutions beyond whonix!
[article no 217 with 50k lines that you have to fish for your specific problem]

unhelpful, they are deeply discouraging for users to keep interacting with the whonix project.

It is also obvious that Whonix project isn’t doing well financially. There seems to be staffing problems, constant asks of donations with no clear way of monetization (for the sake of project’s posterity), which reflect to the user as the deterioriation, breakages, and a sense of apathy with the project.

So, can tor project take over the project develeopment of whonix? That would also give patrick a nice way to exit from this project, which he has done well to maintain up to now, but obvioulsy needs newer and more resourceful organization to take in the reigns.

mrxmr · May 17, 2026, 10:59am

Examples of dysfunctional, and unhelpful community interactions:

Forum.onion unable to connect - #18 by mrxmr :: read your way to the bottom. The onion services of whonix has been dysfunctional for 14 hours now, and the best reply I get after wrangling with patrick is that “it works on my PC”.
Onion deb repo unreachable - #14 by mrxmr :: read your way to the bottom. Again, after a very unfruitful back and forth, the best answer I get is, “it works on my PC". Not even a verification of my report that whonix’s onion services has been down for HALF A DAY. At least verify, acknowledge the user report, dude.

Patrick · May 17, 2026, 11:53am

Theoretically, yes. Whonix is Software Fork Friendly. Which means, it’s a permission free process. Nobody needs to ask my permission to fork the project under the respective licenses.

Tails for the longest time has been a project by the Tor Project even ages before the more recent announcement.

As seen on https://2019.www.torproject.org/projects/projects.html.en (the 2019 version of Tor Project website) always listed Tails as a project by Tor Project.

You can probably go back with the web archive and the same will be true for many years before 2019.

Tor Project also donated to Tails. You might need to dig on the web archives to find references for that.

Uniting for Internet Freedom: Tor Project & Tails Join Forces | The Tor Project as I understand it is only deeper organisational integration.

FranklyFlawless · May 17, 2026, 1:37pm

Possible, yes, but unlikely. The Tor Project Forum is even more neglected, and has been for years (I stopped contributing there around July 2024):

The self-help principle is the most effective approach, because that ultimately frees up developers’ resources to focus on the most important priorities in their workload.

arraybolt3 · May 17, 2026, 2:57pm

Which was dealt with, along with an explanation that the “fix” was a potential privacy liability and was thus undesirable. (Edit: It looks like the issue resurfaced, despite it still not being a problem with Whonix’s servers.)

It was a new feature that was expected to be highly disruptive, thus why an “enable unrestricted admin mode” button was added since the feature was first introduced.

To my awareness this was never a problem on non-Qubes-Whonix. On Qubes, it required writing a relatively complicated D-Bus shim in C to work around possible security issues, and required an upstream Qubes-side fix, neither of which were quick or easy to do.

These are both mine and Patrick’s most common replies to support requests that could have been self-solved or where solutions are already documented. We both engage very closely with bug reports, often fixing bugs within days when it’s easy to do. For support requests where solutions are already documented, we want to conserve our time to spend it on project development and maintenance, and repeating/rewording content already in the Wiki is not a good use of our time. We generally link to the specific section a user is supposed to read and follow when sharing wiki links.

If the Wiki content is not on par with your expectations, you’re welcome to submit edits for review. We review and give feedback on those.

Quote from the bottom of the Whonix website:

Whonix is proudly supported until 2026 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

Citation needed.

We’re an open-source project that gives away all our work for free. It is customary for such projects to request donations.

I think your expectations for the project are higher than is reasonable for even a large, commercially driven proprietary software product. I would argue Whonix’s way of dealing with bugs, even if not as fast as you would like, is much better than the way large businesses often do it, which is:

No clear way to report bugs
Feedback forms that feel like screaming into the void
No way to directly contact developers
Support teams who will just tell you to delete your temp files and try again, rather than giving specific guidance for dealing with an issue
Invasive telemetry gathered to determine what is and isn’t high-priority to fix
Little to no acknowledgement of what problems were fixed
Just keep using the software and pray that one day the issue is magically solved, without knowing if your report was ever seen

mrxmr · May 18, 2026, 3:12pm

You can see constant issues coming up with the project that repeat
itself like whonixos onion services being unreachable

Which was dealt with, along with an explanation that the “fix” was a
potential privacy liability and was thus undesirable.

Excuse me but how was it “dealt with”? Afaiu, patrick himself said he
was “waiting for the problem to go away”. How was it dealt with, again?
As I was getting onion site unreachable errors, and the debian package
repo unrechable errors, consistently, on different machines, over a span
of 12 to 15 hours, yesterday?

We all noticed by now, that, the most frequent way patrick replies to
your nice, courteous bug report is that a list of links to whonix os
wiki that doesn’t provide any specificity to your message’s case.

These are both mine and Patrick’s most common replies to support
requests that could have been self-solved or where solutions are
already documented. We both engage very closely with bug reports,
often fixing bugs within days when it’s easy to do.

(…except when the problem reports are about the onion services being
inaccessible…)

For support requests where solutions are already documented, we want
to conserve our time on project development and maintenance, and
repeating/rewording content already in the Wiki is not a good use of
our time. We generally link to the specific section a user is supposed
to read and follow when sharing wiki links.

mrxmr:

It is also obvious that Whonix project isn’t doing well financially.

Quote from the bottom of the Whonix website:

Whonix is proudly supported until 2026 by Power Up
Privacy, a privacy advocacy group that
seeks to supercharge privacy projects with resources so they can
complete their mission of making our world a better place. (Strictly
subject to our sponsorship
policy.)

mrxmr:

There seems to be staffing problems

Citation needed.

Le reddit answer. I am doomed. How come I ever forget that I should
let go of my direct experience with the project and instead should’ve
brought up and relied on sources cited on technical papers with
respected publishers (like /Reddit/, I guess).

How about an effort to setting up a uptime watcher for your onion
services so that I don’t constantly get under the gaslighting attempts
from you guys saying, “it just worked right now,” or, “it le werks on my
computer bro :^)” ? Would that be your “citation needed” for settling
the dispute about whether your onion services “work right now (bro)” or
not?

arraybolt3 · May 18, 2026, 9:54pm

Here:

My point was that a convenience endpoint offered over an unstable network being down frequently and for extended periods of time does not indicate a staffing problem. There are things it does indicate, such as the Tor network being unreliable (not a huge surprise given that anyone can run a Tor node, meaning anyone can take their Tor node offline or set it up with painfully low bandwidth), but a Whonix staffing problem isn’t one of the things it indicates.

An uptime watcher is certainly an idea, though given this…

…I’m not sure how valuable it would be.

Patrick · May 19, 2026, 9:39am

An “onion observatory”. It’s a nice feature request but also complex project to get right…

Watching multiple public onions (Debian, Qubes, Tor Project, Kicksecure, Whonix, …) and unpublished onions for comparison.
Run multiple instances on different servers as connectivity depends on network paths.
Uptime statistics publishing.
Optional: Spun up their own test onions for wider test coverage.
Optional: Compare different Tor onion service server versions and Tor client versions.

Huge project. Not on the roadmap.

More suitable for the Onion Services Resource Coalition.

The onion observatory could provide evidence “Whonix server fault” (despite the general Tor onion issues) but that’s a huge effort just to make that point. And even if the case, it doesn’t help fix the issue.

It might help to showcase connectivity issues so Tor Project can see the severity of the issue.

onionprobe seems useful to integrate into an onion observatory.

But is there something more productive than calling for my resignation?

Let’s see. Tor is complex software, Tor onions have lots of Tor upstream issues, difficult Tor onions and server configuration. So even if it’s “my fault” - if that can be argued with a straight face giving the overwhelming complexity of computing - that’s not very productive.

Free(dom) Software is supposed to empower users. Being reliant a 1 individual, me, to “fix Whonix onion” seems wrong.

Potential solutions?

ZeroNet had the right idea: Decentralized, serverless websites. Useful so not everyone needs to sysadmin their own server. Unfortunately, ZeroNet has been abandoned.
Create images / updates from source code so the onion repository isn’t required. [1] More secure too. [2]

[1] Builds from Source Code versus Builds including Binary Packages
[2] Security Conclusion

qwhnx · May 19, 2026, 11:45am

FWIW, I also have problems with Whonix’s onion service (never Kicksecure’s however), but I think you should be careful with what you ask for. Patrick has over a decade long track record of being trustworthy at this point. It would be a very concerning development if the project was handed over to someone else IMO, especially seeing as this is a small project contributor wise with few eyes on the code.

Now I know you said The Tor Project, which sure, I would trust, but I believe that is unlikely to happen. In practice Patrick would likely be replaced with an anonymous individual with no prior track record.

What might be productive is asking individuals to host package repository mirrors of Whonix and Kicksecure’s packages. Is this doable? Maybe a Wiki page could be added to onboard people and describe the system requirements (i.e. bandwidth and disk space, etc). I could send a few emails to relevant people (but whether they want to, I don’t know).

mrxmr · May 19, 2026, 12:32pm

As far as I understand it was an investigation, and it resulted in not taking any action. So, I am again asking, how was it dealt with? I might be an ESL but “dealing with something” means you take some action to make the problem not repeat.

OK, I bite that this is hopeless and there is no solution to this from your side, and you guys can sit on your asses while your users fail to utilize the onion services of whonix (its website, forum, and deb repos) – but at least have you told this problem to the upstream tor maintainers, developers, etc.? Do the tor developers agree that “humph.. there’s nothing we can do about this.. tor is not simply built for reliable tor network services…”

mrxmr · May 19, 2026, 12:38pm

Dude I just told you to do a systemctl restart tor.service on your VPS where you host the whonix project’s onion deb repo, and you said that it would be against the privacy of your VPS location or something.

Restarting the tor daemon has been the choice for fixing the same issue with debian’s onion apt servers, from my impression. They go down from time to time as well, and when it happens, I drop into their IRC and report it, and generally in, one or two hours, somebody seems to restart the tor daemon there (my impression from the IRC, haven’t verified this), and I can reach the apt repos onion server. With whonix, I have to wait a FRIKKEN day praying that the probloem goes away.

mrxmr · May 19, 2026, 12:40pm

I appreciate patrick’s efforts, but after a 10 year, I think he deserves an exit. Every software project comoes to an end or changes hands. I am of the opinion that WhonixOS, under Tor Project’s management umbrella, would be more stable. I really don’t think I would be waiting for a whole day to reach its onion services.

Patrick · May 19, 2026, 2:13pm

Done. Many times. Manually. Doesn’t fix the issue.

And also automatic restart of Tor onion maximum once per hour is implemented im case the onion is detected down.

Automatic restart of Tor onion if detected down is implemented for years already.

Only applicable to Tor consensus deletion method. (Forum.onion unable to connect - #14 by Patrick)

Not applicable to simple restart command.

Elaborated here:

Patrick · May 19, 2026, 6:46pm

Hosting a mirror is easy for any sysadmin. Typical rsync. It’s a permissionless process. Nobody needs to ask my permission.

A few clearnet mirrors exist. No onion mirrors to my knwoledge.

extraextra · May 23, 2026, 3:57pm

Careful what you wish for.

Tails maintenance is way worse than Whonix. Whonix has kloak but Tails is ignoring kloak for 5 years already without acknowledgement that anti-keystrokes biometrics is even an issue or on the roadmap.

Checked out the Tails forum? See any Tails developers replying to anyone lately? No? Me neither.

Tor Project? Seriously? Tor Project maintenance is way worse than Whonix. https://gitlab.torproject.org/legacy/trac/-/work_items/5236 not done for 14 years.

Tor Project is busy with drama, false allegations and internal conflicts. Many contributors left in protest.

FranklyFlawless · May 27, 2026, 4:16am

Right, I stopped contributing upstream to the Tor Project due to various social interactions, so any future contributions will need to be carefully justified.

Sure, but if you are not looking for mirrors, then it does not make sense for anyone to contribute one. You have an unlisted topic stating this information along with the Whonix Wiki page itself:

If this status ever changes, let me know.

Patrick · May 27, 2026, 10:19pm

The instructions Hosting a Whonix ™ Mirror at the time of writing are for image downloads. These are for mirroring downloads.whonix.org.

In nginx terms that is:

location / {
   root /var/rsync;
}

Here something slightly different would be needed, that is mirroring deb.whonix.org.

Folder developer-meta-files/internal has to become the root of the subdomain.

In nginx terms that is:

location / {
   root /var/rsync/developer-meta-files/internal;
}

Same rsync but different sub folder.

A single rsync command can sync both, downloadable images and the APT repository. (Or selectively only one or the other depending on the rsync command line.)

Instructions on Hosting a Kicksecure Mirror need to be improved. Probably become MultiWiki. Then copied over to Whonix wiki.

FranklyFlawless · May 28, 2026, 2:04am

Okay, no problem, I can do both, I just need to know if you want a mirror for both or not. Dealing with Oniongroove and rsync every hour or better is the easy part, but I am not going to start creating a mirror if you are still not looking for them to begin with.

Patrick · May 28, 2026, 11:47am

Oniongroove might be overkill but having a public repository with server configuration files may also be interesting. (All optional.)

Feel free to host a mirror for either or both.

Technical requirements haven’t been worked out yet.

(Might require to mirror both images and repository for simplicity so listing officially acknowledged mirrors becomes easier, less exceptions to worry about, test, document. Might also require to host both Kicksecure and Whonix but since that would probably require different domains, unsure.)

Clearnet mirrors were no longer “onboarded” due currently not needed anymore, but good to keep for backup in case of traffic spikes or DoS. Also because of needing to invent a policy who’s eligible to sign up. (No know malicious entities etc.)

Eligibility requirements are also yet to be invented.

Eligibility requirements related:

Will move to dedicated onion mirror forum thread later. Therefore best to keep posts separated by topic. (onion mirror versus other topics)