Ideal Signal-Desktop / Element installation approach?

I want to understand whether the deb or flatpak is preferable in regards to Stream Isolation and any other factors, and if any additional configuration is required.

For both Element / Signal-desktop, the deb approach is official: , . My approach until today has been to clone the whonix-ws-16 template, and to follow these instructions in the cloned template. I don’t understand onion-grater enough to say - is this stream isolated?

A guide for installing both applications on Tails, which I know also has an onion-grater implementation, uses the flatpak and exports variables for the Tor connection:

Another approach I’ve seen (again for Tails) is to use torsocks --isolate.

So my question is, what is the most secure way of installing Signal-desktop and Element desktop in a Whonix Workstation app qube? My understanding is that Whonix Gateway will take care of stream isolation, so the official deb approach is fine, but I just want to verify…

Relatedly, is there are reason that Element desktop isn’t installed by default in Whonix workstation? It has been audited:


That’s a general computer security question and unspecific to Whonix / Kicksecure.

From perspective of Debian, Flatpak is a third-party package manager.


(Whonix is based on Kicksecure.)

Specifically on flatpak and flathub:
Install Additional Software Safely chapter Flatpak in Kicksecure wiki

new wiki chapter written just now:
Install Additional Software Safely chapter Flathub Package Sources Security in Kicksecure wiki

So I would say it depends on the specific application being chosen.

  • Who created the flatpak (publisher field on flathub)? The original developers or a third-party?
  • Has the flatpak been created from source code or is it a repackaged binary?
  • Has the flatpak been built by flathub or by a third-party?
  • Freedom or non-freedom license? (Open Source or closed source.)

stream isolation:

As for stream isolation, that isn’t simple even when not using flatpak. → Stream Isolation chapter How to mitigate identity correlation in Whonix wiki

When using flatpak, that could be even harder as torsocks might not support flatpak because is using its own sandbox which might quite conceivably break torsocks.

Stream isolation isn’t a simple yes/no thing. Multiple different Whonix-Workstation are stream isolated from each other but not every custom installed application inside Whonix-Workstation can be automatically stream isolated.

This is unrelated to apt, deb, manual installation or flatpak.

It’s a complex topic.


1 blocker without considering further for now:
element is not available from related:


Thank you for the extensive answer.

In regards to torsocks interaction with Flatpak, you’ll notice that About.Privacy tutorial linked above launches Element Desktop with flatpak run im.riot.Riot --proxy-server=socks5://

I think that a Matrix client which supports e2ee being a default application in Whonix Workstation would be very relevant to many users. It is of course subjective, but I see this as having a high demand. I would argue it’s use case is not currently being met by existing default software - Element is much more user-friendly than XMPP, with secure defaults.

In regards to the Whonix Default Application Policy, Element Desktop is only available as a third party deb package repository, from what I understand (official AppImage support discussion here However, the fork SchildiChat Desktop also has an AppImage, which I understand to be preferred by the Default Application Policy.

The changelog clearly notes which updates contain security fixes