Design
Jump to navigation
Jump to search
Technical Design and Conception of the Whonix ™ Anonymous Operating System.
Technical Design[edit]
- Dev/Technical Introduction, Whonix ™ Framework, Security Overview
- Comparison of Whonix ™, Tails, Tor Browser, TorVM and corridor
- Comparison of different Whonix ™ variants
- Comparison Of Tor Proxies CGI proxies Proxy Chains And VPN Services
- Protocol-Leak-Protection and Fingerprinting-Protection
- Time Synchronization Mechanism
- Stream Isolation
- systemcheck
- SSL
- LeakTests to check everything is properly set up
- Anonymity Network
- Dev/About Computer (In)Security
- Dev/Threat Model
- Dev/Operating System, Debian, Ubuntu, ...
- Dev/Virtualization Platform
- Whonix-Gateway ™ / Graphical Whonix-Gateway ™ benefits over Headless Whonix-Gateway ™
- Dev/Host
- Whonix-Host
- Fingerprint
- Dev/Entropy
- Whonix ™ Security in Real World
- Security Reviews and Feedback, Press, Media
- (encrypted) (authenticated) Connection Between Whonix-Gateway ™ and Whonix-Workstation ™
- Dev/Build Anonymity
- Dev/Expected Build Warnings
Relationship With Upstream
About Infrastructure
- Trusting Whonix ™
Verified Boot
(Secure Boot)
- Verifiable Builds (as in reproducible, but not exactly reproducible)
- Factory Reset, Stateless Systems, Reproducible Systems, Verifiable Systems, Clear Linux, NixOS, Fedora Silverblue
- NEXT: In development for next Whonix ™ version
- onion-grater (Control Port Filter Proxy)
- Automatic Updates (APT) - to Use or Not Use Them
Package Manager Graphical
One Click Update Script - Simplified, Assisted Updates
- Dummy Tor package on Whonix-Workstation ™ (anon-ws-disable-stacked-tor)
- About Debian Packaging
- Criteria for installing applications by default in Whonix ™, Default Application Policy, package sources, software sources, Debian software package repository packages.debian.org, deb.debian.org, deb.torproject.org, software from non-APT repository software sources (Tor Browser)
- Tor Config Files torrc / Why Waste Network Bandwidth by Downloading Operating System Updates over Tor?
- Dev/setup-dist
- Disclaimer in setup-dist - Background of it
- anon-ws-disable-stacked-tor, prevents Tor over Tor
- Versioning Format Conventions for packages developed under the Whonix ™ hat
- Comparison Of Package Managers
- Advanced Deanonymization Attacks, Covert Channels
- Dev/Advanced Deanonymization Attacks, Covert Channels
- Stable Version User Experience
- Coding Style
- Latency Obfuscator
- RAM Wipe, cryptsetup suspend
- non-freedom, proprietary, closed source firmware, CPU microcode and drivers
Detailed Design[edit]
Future Technical Design[edit]
- Permanent Takedown Attack Defender, proposal to defend a permanent takedown threat
- Project / Emergency News
- controversy of anonymous MAC addresses
- apt revoker
- vanguards notification graphical user interface (GUI)
- Dev/remount-secure - Secure Mount Options
- Whonix Cloud considerations
General Developer Pages[edit]
- Documentation Guidelines
- Documentation Markup Format Converters
- Developer Portal
- Dev/Archived Discussions, development discussions, old and recent, bugs, features, etc.
- Git branches
- APT Repository (Whonix ™ Debian Package Maintenance) (.deb), reprepro
- Some random thoughts about a future GNOME desktop, GNOME proxy
- Introduction into the Whonix ™ build method and source code
- Whonix ™ News File Format
- SSL certificate pinning
- development discussion if JonDo(Fox) could be pre-installed in Whonix-Workstation ™
- Whonix ™ Host operating system or even VM operating system - development discussion
- Network Manager (NM) in Whonix ™ instead of ifupdown - development discussion
- Dev/Other Virtualization Platforms
- Continuous Integration (CI)
- Consideration running a DHCP server on Whonix-Gateway ™ and running a DHCP client in Whonix-Workstation ™
- Dev/Permissions
- Hosting a Whonix ™ Mirror
- Why we should avoid APT Pinning / preferences / backports by default
- Comparing Password Managers, finding out best choice as default installed one
- Dev/Porting
- Dev/Logo
- The Tor Project (TPO) Trademark
- 32bit vs 64bit - How effort would multiply when 64bit images (same for other desktop environments such as Gnome)
- Firefox Add-On, debugging, "live" edits
- tor-launcher add-on screenshots
- whonix.org backup script, to make a backup of most whonix.org content
- Firewall Unloading / flush iptables
- Dev/Qubes
- Qubes Split GPG
- Firewall Refactoring
- Dev/Test - How to "UnWhonix" - Instructions on how to remove Whonix ™ Tor default networking for Whonix-Gateway ™. After applying these instructions, Whonix-Gateway ™ will connect to clearnet.
- Firejail
- grsecurity
- Whonix ™-Linux-Installer
- Whonix ™-Windows-Installer
- Dev/Whonix ™-Windows-User-Interface
- Whonix ™ Windows Installer - Testers Only Version
- Whonix ™ Cooperation with Researchers
- Host Keys in various Virtualizers / special keys
- Gajim - TODO for installing Gajim by default in Whonix ™
- Ledger Hardware Wallet Development Notes
- AEM - anti evil maid
- Boot Clock Randomization
- Boot Modes
- Dev/mobile
- Dev/yubikey
- Non Anonymous NAT Traversal
- Whonix ™ friendly applications best practices
- Dev/Licensing
- Tor Browser without Tor
- VirusForget - deactivate malware after reboot from non-root compromise
- bash proper whitespace handling
- wallpaper
- certification / audit
- Windows 10 Issues collection
- Polls Collections (Surveys)
- Automated Tests
- Warrant Canary Draft
- Dev/Astra Linux
- Dev/Torified Wi-Fi Hotspot (WiFi)
- Xfce Desktop Environment Notes, xfconfd, desktop background image, configuration files
Website Developer Pages[edit]
- website and wiki HTML / CSS improvements
- Issue, Bug, Feature Request Tracker, phabricator
- mediawiki CSS
- Whonix ™.org Site Security
- OpenPGP Signed Website
- Hompage of Whonix ™, Experiments with Browser Load Speed and Content
- Web Backend, CMS vs non-CMS, vs github-pages, etc.
- mediawiki, codeselect, select code, short / long / recommended / detailed buttons
- Advertisements, Guidelines for Advertising on whonix.org, Affiliate Policy
- web.archive.org snapshot using command line interface (CLI)
- Privacy Policy Technical Details of the Whonix ™ Website
Download / Installation - Developer Pages[edit]
- Download Security
- Statistics on Downloads and OpenPGP verification and how we can improve that
- Dev/Download Wizard
- Software Verification (OpenPGP / gpg) Usability Issues / Secure Downloader to Download Whonix ™ Images
- Installation from Whonix ™ repository - "sudo apt install whonix"
- VM image download from repository - "sudo apt install whonix-gateway-ova"
Other Related[edit]
- Documentation
- whonix-devel mailing list archive
- Build Documentation, How to build Whonix ™ from Source Code, How to update Whonix ™ from Source Code
- Whonix ™ Source Code
- Whonix ™ Developer Meta Files, Scripts for managing the Whonix ™ GNU/Linux Distribution
- Maintenance, The Tor Project (TPO) apt repository package mirroring to whonix.org repository, Tor Browser hardcoded version file
- Redistribution Pre Building (Only required if you want to redistribute (official) Whonix ™ release builds.)
- Redistribution Post Building (Only required if you want to redistribute (official) Whonix ™ release builds.)
- Essential Whonix ™ Functionality Tests
- Whonix² Project Vision
- Project Philosophy
[edit]
Just Listing[edit]
Deprecated[edit]
- OneVM - Whonix ™ implementation with just a single VM (Tor runs on host)
- Installing I2P on Whonix-Gateway ™ (I2PBOX)
- JonDonym as Tor replacement (JonDoBOX)
- VPN, VPN's as a Tor replacement (VPNBOX)
- Proxy, Proxies as a Tor replacement (ProxyBOX), Transparent Proxying Method, Proxy Settings Method / ProxyBOX
- Freenet on the Whonix-Gateway ™ (FreenetBOX)
- RetroShare as Anonymizer
- Dev/Zerobox (ZeroNet)
TODO[edit]
- https://forums.whonix.org/search?expanded=true&q=%23status_open_issue_todo%20%23component_security
- https://packages.debian.org/bullseye/tiger
- https://packages.debian.org/bullseye/tiger-otheros

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!