Impossible to leak IP address

Connections are forced through Tor®. DNS leaks are impossible, and even malware with root privileges cannot discover the user's real IP address. Leak tested through corridor (Tor® traffic whitelisting gateway) and other leak tests.

Live Mode

Booting into VM Live Mode is as simple as choosing Live Mode in the boot menu. Alternatively Debian, Kicksecure and perhaps other Debian-based hosts can boot their existing host operating system into Host Live Mode.

Based on Kicksecure ™

Whonix ™ is based on Kicksecure ™ which is a security-hardened Linux distribution.

Based on Tor®

Whonix utilizes Tor®, which provides an open and distributed relay network to defend against network surveillance.

Keystroke Anonymization

Keystrokes can be used to track users. To prevent this, Whonix comes with kloak installed by default.

Time Attack Defenses

Time attacks are defeated by Boot Clock Randomization and secure network time synchronization through sdwdate (Secure Distributed Web Date).

Protect against guard discovery and related traffic analysis attacks

vanguards

TCP ISN CPU Information Leak Protection

Prevent de-anonymization of Tor onion services via utilization of the Tirdad kernel module for random ISN generation.

Entropy Enhancements

Better encryption thanks to preinstalled random number generators.

Stream Isolation

Distinct applications are routed through different paths in the Tor® network.

AppArmor

AppArmor profiles restrict the capabilities of commonly used, high-risk applications.

Kernel Self Protection Settings

Whonix uses Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).

Protect Linux user accounts against brute force attacks

By using pam tally2.

Strong Linux User Account Separation

security-misc

Anonymity, privacy and security settings pre-configuration

anon-apps-config

Extensive Documentation

The more you know, the safer you can be.

Android Support

Run Android applications using Anbox (outdated) or Whonix-Custom-Workstation using Android x86.

Virus Protection

Whonix provides additional security hardening measures and user education to provide better protection from viruses.

Console Lockdown

Console Lockdown disables legacy login methods for improved security hardening.

Advanced Firewall

Configured for anonymous Tor® use.

Tor® Browser

Visit any destination including modern websites such as YouTube.

swap-file-creator

Running low on RAM isn't a security problem. swap-file-creator will create an encrypted swap file.

Hosting Location Hidden Servers

Whonix is the safest way to Host Location Hidden Services / Onion Services.

Vibrant Community

Forums
Newsletter
Contributors
RSS

History

Protecting our users against Real World Attacks for around a decade. (history)

Fully auditable

Whonix is independently verifiable by security experts and software developers around the world; you don’t have to trust developer claims. This improves security and privacy for everyone.

Complete respect for privacy

Whonix respects data privacy principles. We don’t make advertising deals or collect sensitive personal data. We’re funded directly by user contributions and that’s how it should be.

Warrant Canary

A canary confirms that no warrants have ever been served on the Whonix project.

Based on Debian

In oversimplified terms, Whonix is just a collection of configuration files and scripts. Whonix is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Whonix. About Whonix

Complete user freedom

There are no artificial restrictions imposed on possible system configurations.

Digitally signed releases

Downloads are signed so genuine Whonix releases can be verified.

Freedom Software

Whonix is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.

Open Source

All the Whonix source code is licensed under OSI Approved Licenses. We respect user rights to review, scrutinize, modify, and redistribute Whonix. This improves security and privacy for everyone.

Research and Implementation Project

Whonix makes modest claims and is wary of overconfidence. Whonix is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.

Linux Kernel Runtime Guard (LKRG)

Hardened Malloc is a hardened memory allocator which can be used with many applications to increase security. A fork by Kicksecure will be enabled by default.

sandbox-app-launcher is an application launcher that can start each application inside its own restrictive sandbox. Each application runs as its own user, in a bubblewrap sandbox and confined by AppArmor.

Full system Mandatory Access Control (MAC) policy - "AppArmor for everything"

Untrusted Root User

Enforce kernel module software signature verification

Deactivate malware after reboot from non-root compromise

Hardened Linux Kernel

Post-quantum cryptography resistant signing of releases

Mount Options Hardening

SUID Disabler and Permission Hardener

Multiple boot modes for better security (user, live, secureadmin and superadmin)

Help welcome!