Tor integration in Whonix

The specific feature:
We’re using “vanguards full” (not lite):

Should be better?

I wonder if it would make sense to install anon-shared-build-apt-sources-tpo by default, and to have Whonix Gateway depend on the exact tor version that’s currently bundled in the latest stable Tor Browser release?

Whenever the Whonix Gateway tor version is out of sync with the mainline Tor Browser tor version, it’s a potential fingerprinting hazard.

That would come with some disadvantages documented under Tor integration in Whonix ™ Development Notes starting from:

2. Use latest stable in TPO repository […]

I am not saying it shouldn’t be done. Only linking to previous thoughts to consider before making such a big change.

What versions are provided by is not being kept fully synchronous. It’s contributed, maintained by Peter Palfrader (also a Debian developer) last time I checked. Great year long service btw! However, The Tor Project does not orchestrate TBB and releases being always having the same/compatible versions.

By hard coding a version dependency it would break the build process as soon as changes. When is changed is unpredictable form my point of view.

Indeed. A price to pay for Tor / Tor Browser isolation. But I don’t think it can be resolved without having Tor Browser + Debian tor package being properly maintained in (which is unfortunately highly unlikely for Tor Browser, not happening for a decade or so) while can have different versions (mostly Tor Browser using a newer version than available in but it could also happen vice versa) because it’s all different development teams and release cycles,, Tor core, TBB.


by @torjunkie

handy for reference:

Above link still lists:


In other words, not yet available from


Version 0.4.7 will be be stable soon enough.



Is now in the testers repository.


Now in stable repository.

Today, we release fixing several issues including a High severity security issue only affecting the 0.4.7.x series. You can track this issue with TROVE-2022-001 and CVE-2021-38385.

Please note that at the moment, the full details of the security issue are not yet public as we are waiting on the OS distribution packages to be updated and the network to be on its upgrade path.

This security issue is not affecting the safety of the tor host system itself and is categorized as a Denial of Service thus affecting performance and possibly anonymity.

We STRONGLY recommend anyone on an earlier version to upgrade as soon as possible to tor (this release). OS packages are on the way!

1 Like

tor not yet available from - refer to Tor integration in Whonix - #19 by Patrick on how to check that has changed. Once available, I upload to

tor is now in all repositories.

1 Like

Prerequisite knowledge: Reading above linked announcements. Therefore skipping (introduced new urgency bug) and waiting for

(Tor integration in Whonix - #19 by Patrick)

tor is now in the testers repository.

This is in all repositories for a while now. (Since Whonix - for VirtualBox - Point Release!)