When I update/upgrade Whonix Gateway it download updates through Tor ?
Yes it does.
You can also configure Whonix (gateway and workstation) to use .onion repositories.
There are several security and privacy benefits of using Tor onion services:
- The user cannot be uniquely targeted for malicious updates (attackers are forced to attack everyone requesting the update).
- The package repository, or observers watching it, can’t track what programs are installed.
- The ISP cannot easily learn what packages are fetched.
- End-to-end authentication and encryption provides protection against man-in-the-middle attacks e.g. version downgrade attacks.
Interesting. Any reason why .onion repositories aren’t the default in Whonix?
They will be default for the next release of Whonix (Whonix 14).
Whonix 14 should be released very soon.