Your Linux apps could be leaking data -- oniux is built to stop it

A new tool called oniux has landed for Linux users who take their privacy very seriously. If you want to make sure your apps never leak data outside of the Tor network, oniux could be your new favorite command-line utility.

Oniux takes any Linux app and drops it into its own isolated network environment. From there, the app can only connect to the internet using Tor. This isn’t a trick with proxy settings or patched libraries. It uses actual features built into the Linux kernel, giving it a level of protection that’s hard to beat.

The utility is powered by Arti, the new Tor implementation written in Rust, and onionmasq, a helper for networking over Tor. The moment you launch an app with oniux, it creates a private network setup where the only available network interface is one routed through Tor. It is like giving your app blinders and locking every other door.

You might be thinking this sounds similar to torsocks, but there is a big difference. Torsocks works by rewriting how apps talk to the network using libc. If a program is statically compiled or doesn’t use libc in the expected way, it can accidentally or intentionally bypass the protection. Oniux avoids that issue by using Linux namespaces. Nothing gets out unless it goes through the designated Tor path.

Internally, oniux spins up a child process that lives in its own network, user, and PID namespace. It builds a temporary DNS configuration and uses onionmasq to create a TUN interface. That interface is handed off to the parent process, and then all privileges are dropped. Finally, the app you chose runs in a tightly controlled space.

While still experimental, oniux offers a powerful new approach to anonymous computing. Tools like torsocks are still useful, but they cannot match the strict isolation that oniux provides. For researchers, journalists, and anyone who needs strong guarantees, this may be the next step forward in privacy on Linux.