Actions

Features

Whonix Features[edit]

Whonix is an operating system focused on anonymity and security. It hides the user's IP address / location and uses the Tor network to anonymize data traffic. This means the contacted server, network eavesdroppers, and operators of the Tor network cannot easily determine which sites are visited, or the user's physical location. [1]

For a comprehensive comparison of Whonix with other popular anonymity platforms, see here.

Primary Software Features

A number of applications are pre-installed and pre-configured with safe defaults to make them ready for use. Most popular applications are compatible with the Whonix design:


The Whonix design flexibly permits the "torification" of applications which are not capable of proxy support by themselves. Further, the user is not jeopardized by installing custom applications or personalizing the desktop.

Detailed documentation has been produced by developers and the Whonix community. Various issues are explained in depth, including the Whonix design, available software, the host of possible configurations, security and privacy considerations, and numerous advanced topics.

Feature List[edit]

Anonymous Browsing


Anonymous Communications, Hosting and Publishing


Platform Base


Tor Network / Toriffication


Security and Anonymity Protection


Tunnel and Chaining Support


Tunnel Other Anonymizing Networks

Whonix Advantages[edit]

  • Fully Featured: A host of Features are available.
  • Highly Configurable: Numerous optional configurations, additional features, and add-ons are available.
  • Open Source: Only free software is used. [7]
  • Private Obfuscated Bridges: Bridges can be added to the Tor configuration file.
  • Process Separation: Tor [8] and Tor Browser [9] are not running inside the same virtual machine. For example, that means an exploit in the browser cannot affect the integrity of the Tor process. [10]
  • Protection Against IP Address / Location Discovery: Exploits using malware [11] with root rights inside Whonix-Workstation (anon-whonix) are foiled. However, users should avoid testing this protective feature. [12]
  • Protection Against Side Channel Attacks: No IP address or DNS leaks are possible. [13]
  • Software Flexibility: Installation of any software package is possible. [16] [17] [18] [19]
  • Tor Data Persistence: A major Whonix advantage over Live CDs is that Tor's data directory is still available after reboot, due to persistent storage. Tor requires persistent storage to save its Entry Guards. [20].
  • Tor Enforcement: All applications are automatically routed via Tor, including those which do not support proxy settings. [21] [22] [23] [24]
  • Torify Windows: Whonix-Gateway (sys-whonix) can also torify Windows. [25]
  • Tunnel Chaining: It is possible to combine Whonix with VPNs, SSH and other proxies. [26] Every permutation is possible; VPNs / SSH / other proxies can be combined and used pre- and/or post-Tor tunnels.

Whonix Disadvantages[edit]

  • More difficult to set up compared to the regular Tor Browser.
  • Needs virtual machines or spare hardware for operation.
  • Updating the operating system and applications behind the Tor proxy is slow.
  • Qubes-Whonix has strict hardware requirements. [27]
  • Higher maintenance is required. [28]

Tunnel Support[edit]

Various tunneling permutations are possible and functional in Whonix. Connections can be routed through a VPN, SSH, or proxy before Tor, after Tor, or both.

Using Tunnels in Whonix


Tor can also be replaced with another protocol, although only some combinations and networks will work (such as I2P and JonDonym). This work is partially complete, but features will remain unfinished for the foreseeable future (see Other Anonymizing Networks).


Comparison of Whonix with other Anonymity Platforms[edit]

See: Comparison of Whonix, Tails, Tor Browser, TorVM and corridor.

License[edit]

Gratitude is expressed to JonDos for permission to use material from their website. (w) (w) [29] The "Whonix Features" section of this wiki page contains content sourced from the JonDonym documentation Features page.

Footnotes[edit]

  1. Without advanced, end-to-end, netflow correlation attacks which rely on statistical analysis of data volume and timing.
  2. 2.0 2.1 2.2 2.3 2.4 Via optional configuration.
  3. There is no functional JavaScript difference when it is enabled in Whonix's Tor Browser versus the standard Tor Browser Bundle (TBB).
  4. Of course, using JavaScript in the Whonix Tor Browser protects against IP address leaks, but browser fingerprinting risks still apply. For more information, see Web-browser!
  5. Plugins are still not recommended, as they may decrease anonymity (for example, flash cookies) and they often have security vulnerabilities. Most popular plugins are closed source. Although deprecated, the browser plugins warnings section is still valid.
  6. See Security in the Real World.
  7. https://en.wikipedia.org/wiki/Free_software
  8. https://www.torproject.org
  9. https://www.torproject.org/projects/torbrowser.html.en
  10. Vidalia is now deprecated; arm is installed as the alternative.
  11. https://en.wikipedia.org/wiki/Malware
  12. If Whonix-Workstation (anon-whonix) is rooted, the adversary cannot find out the user's real IP address / location. The reason is Whonix-Workstation (anon-whonix) can only connect through the Whonix-Gateway (sys-whonix). More skill is required to compromise Whonix, see Attack Comparison Matrix and Design.
  13. Whonix does not automatically protect against other possible leaks like username, time zone, and so on. Users should read the Documentation to learn how to mitigate these threats. Additionally, Whonix's Protocol-Leak-Protection and Fingerprinting-Protection mitigates many possible fingerprinting attacks by using common, non-identifying defaults. For example, the username is set to user, the timezone is set to UTC, and so on.
  14. Even if someone hacks the user's hidden server software (lighttpd, thttpd, apache, etc.), they cannot steal the onion service key. The key is stored on the Whonix-Gateway (sys-whonix). Once a clean Whonix-Workstation (anon-whonix) is used, no one can impersonate the onion service anymore.
  15. The Whonix-Workstation (anon-whonix) is where the browser, IRC client and other user applications are run. The Whonix-Gateway (sys-whonix) is where Tor and the firewall are run.
  16. The program must be able to run on Debian GNU/Linux or Other Operating Systems which are used. See also Software installation on Whonix-Workstation (anon-whonix) for further details.
  17. ICMP, ping, VoIP calls over UDP and so on.
  18. Skype works over TCP, but it is not recommended because it is proprietary, closed source software and there is no control over the encryption keys. Skype authorities can compromise a user at any moment. A secure encryption / authentication design looks different. For example GPG and OTR are secure, because the user has control over the keys, not the server. See VoIP Skype section for further details.
  19. Tunnel UDP over Tor
  20. https://www.torproject.org/docs/faq.html.en#EntryGuards
  21. For application warnings, see Documentation.
  22. UDP is not natively supported by Tor and will therefore also not work in Whonix (unless a VPN is used).
  23. Services that need to listen on publicly reachable ports (open / forwarded ports) are also not supported. However, users may run Onion Services which are reachable via Tor or tor2web (care is required).
  24. UDP is not supported by Tor
  25. See Other Operating Systems.
  26. Users should read the Tor plus VPN/proxies Warning before proceeding.
  27. Particularly for Qubes R4 and later releases.
  28. Users need to maintain and update three OSs instead of one. Also, several passwords must be remembered, except for Qubes-Whonix which has a password-less root feature.
  29. Broken link: https://anonymous-proxy-servers.net/forum/viewtopic.php?p=31220#p31220

Random News:

Want to help create awesome, up-to-date screenshots for the Whonix wiki? Help is most welcome!


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)