Use clearnet and Tor on Whonix at the same time


I’m reading through the Whonix-Wiki to learn and understand more regarding anonymity. Now I have a question regarding this topic: Use Clearnet and Tor at the Same Time

It is also risky to use clearnet and Tor at the same time because simultaneous, anonymous and non-anonymous server connections might be established.
How is that a problem?

Let’s assume I’m using Tor on Whonix (VM) and additionally I’m connecting to clearnet from my host-system (different browser, different OS).
From my understanding even if I’m connecting to the same site “” this site should not be able to link the two (anonymous and non-anonymous) connections. The same thing should apply for services like Google Analytics.

But probably I’m wrong and don’t see the issue.
Mixing up browsers or logging in to the same account on the destination site would lead to problems, that’s clear. Also if I’d lose the anonymous and non-anonymous connection at the exact same time, maybe that could lead to a link of those connections.

But besides that, I don’t see the problem.

On ISP-side I’m not yet sure, I’ll have to read more. But for my current understanding, I guess the ISP could be able to see I am connection to “” with Tor and without.

Kind regards,
John Doe

You are also using the same hardware for both Whonix and the host. Besides the screen size, there is also depth and shading for example. Many machines use a form of drm which has its own identifiable characteristics.
Your peripherals could be problematic as well. Mouse-scrolling can be fingerprinted. It would be a shame to protect yourself on Whonix, only to have another non-Tor browser leak some device identifier. Those are just two examples. Fingerprinting seems to evolve very quickly these days. Whonix takes many steps both in its implementation and in its use of Tor Browser that can hamper these efforts. A non-tor browser on your host has none of those protections. Why take the chance, right?
On ISP side, I go by the simple rule that they can see all traffic (which they have to in order to give you service.) Now, do they inspect timing, size and packet protocols (syn, psh, urg, etc)? We cannot know for sure. Also, at least in some countries, the ISP is allowed by law to sell your internet history to “advertisers.” Tor would be encrypted of course, but why give them regular traffic at the same time if you do not have to? Remember, packets leaving your network should originate from one source at a time to be the safest and avoid correlation. So while the websites you visit on Tor and on non-tor may be ignorant of each being visited by the same machine, there are routers and gatekeepers along the way who may be able to potentially compromise you.
Suggestion: if you have to do more than one task, try having 2 individual Workstations, each one for one task.

1 Like