Whonix is an operating system focused on anonymity and security. It hides the user's IP address / location and uses the Tor network to anonymize data traffic. This means the contacted server, network eavesdroppers, and operators of the Tor network cannot easily determine which sites are visited, or the user's physical location. 
For a comprehensive comparison of Whonix with other popular anonymity platforms, see Comparison with Others.
Primary Software Features
A number of applications are pre-installed and pre-configured with safe defaults to make them ready for use. Most commonly used applications are compatible with the Whonix design:
- Tor Browser is included for Internet browsing.
- Instant messengers like Tor Messenger, Tox and Ricochet.
- PGP-encrypted email with the Mozilla Thunderbird client and TorBirdy.
- Secure data transfer to and from a server with scp.
- Unobserved administration of servers via SSH.
- Web server administration with Apache, ngnix, IRC servers, and more via Hidden Services.
- A host of other software programs.
With the Whonix design, it is possible to "torify" applications which are not capable of proxy support by themselves. Further, the user is not jeopardized by installing custom applications or personalizing the desktop.
Detailed documentation has been created by the developers and the Whonix community. It explains the Whonix design, software, possible configurations, security / privacy aspects, and various advanced topics.
Anonymous Communications, Hosting and Publishing
- Anonymous IRC.
- Anonymous publishing.
- Anonymous E-Mail with Mozilla Thunderbird and TorBirdy.
- Anonymous chat.
- Anonymous VoIP.
- Host location / IP hidden servers.
- Mixmaster over Tor.
- Ricochet IM and other encrypted communications. 
- Send anonymous emails without registration.
- Based on Debian GNU/Linux.
- Based on the Tor anonymity network.
- Based on KVM.
- Based on VirtualBox.
- Based on Qubes.
- Free, open source, Libre software.
- Virtual machine images with Type I or 2 hypervisors.
Tor Network / Toriffication
- Can torify almost any application.
- Can torify any operating system.
- Can torify Windows.
- Circumvents censorship.
- DNSSEC over Tor. 
- Encrypted DNS. 
- Tor enforcement.
Security and Anonymity Protection
- Full IP/DNS protocol leak protection.
- Hide Tor use from network observers. 
- Hide Whonix use from network observers.
- Hide installed software from network observers.
- Optional Isolating proxy.
- Prevents anyone from learning the user's IP address.
- Prevents anyone from learning the user's physical location.
- Private obfuscated bridges support.
- Protects user privacy.
- Protocol-Leak-Protection and Fingerprinting-Protection.
- Secure and distributed time synchronization mechanism.
- Security by isolation.
- Stream Isolation to prevent identity correlation through circuit sharing.
- Transparent Proxy.
- Whitelist Tor traffic.
Tunnel and Chaining Support
- Connect to a Proxy, VPN or SSH before Tor.
- Connect to Tor before a Proxy, VPN or SSH.
- Tunnel UDP over Tor. 
- VPN / tunnel support.
Tunnel Other Anonymizing Networks
- Tunnel Freenet through Tor.
- Tunnel GNUnet through Tor.
- Tunnel I2P through Tor.
- Tunnel JonDonym through Tor.
- Tunnel Retroshare through Tor.
- All applications are automatically routed via Tor, including those which do not support proxy settings.    
- Installation of any software package is possible.    
- Safe hosting of Hidden Services is possible.  
- Protection against side channel attacks; no IP address or DNS leaks are possible. 
- Advantage over Live CDs: Tor's data directory is still available after reboot, due to persistent storage. Tor requires persistent storage to save its Entry Guards. .
- Protection against IP address / location discovery through root exploits (malware  with root rights inside Whonix-Workstation). However, users should avoid testing this protective feature. 
- Only free software is used. 
- Building Whonix from source is easy, see Build Documentation.
- Tor  and Tor Browser  are not running inside the same virtual machine. For example, that means an exploit in the browser can't affect the integrity of the Tor process. 
- It is possible to use Whonix in conjunction with VPNs, SSH and other proxies. However, read the Tor plus VPN/proxies Warning before proceeding. Every permutation is possible; VPNs / SSH / other proxies can be combined and used pre- and/or post-Tor tunnels.
- Other anonymizing networks like Freenet, GNUnet, I2P, JonDonym and Retroshare can be used.
- A host of Features are available.
- Numerous optional configurations, additional features, and add-ons are available.
- Best possible Protocol-Leak-Protection and Fingerprinting-Protection.
- Private obfuscated Bridges can be added to /etc/tor/torrc (the Tor configuration file).
- Whonix-Gateway can also torify Windows, see Other Operating Systems.
- More difficult to set up compared to the regular Tor Browser.
- Needs virtual machines or spare hardware for operation.
- Updating the OS and applications behind the Tor proxy is slow.
- Higher maintenance is required. 
Various tunneling permutations are possible and functional in Whonix. Connections can be routed through a VPN, SSH, or proxy before Tor, after Tor, or both.
- Tunnel Support
- Tunnel Tor Through a Proxy, VPN or SSH
- Tunnel Proxy / Proxychains / SSH / VPN Through Tor
- Pre and Post Tor Tunnels can be Combined
Proxy / SSH / VPN->
Proxy / SSH / VPN->
- Comparison Of Tor with CGI Proxies, Proxy Chains, and VPN Services
- Functional Whonix VPN Examples for Testing Purposes (Free)
- Chaining Anonymizing Gateways (Experts Only!)
Tor can also be replaced with another protocol, although only some combinations and networks will work (such as I2P and JonDonym). This work is partially complete, but features will remain unfinished for the foreseeable future (see Other Anonymizing Networks).
Comparison of Whonix with other Anonymity Platforms
Gratitude is expressed to JonDos for permission to use material from their website. (w) (w)  The "Whonix Features" section of this wiki page contains content sourced from the JonDonym documentation Features page.
- Without advanced, end-to-end, netflow correlation attacks which rely on statistical analysis of data volume and timing.
- Via optional configuration.
- Note: For application warnings, see Documentation.
- Note: UDP is not natively supported by Tor and will therefore also not work in Whonix (unless a VPN is used).
- Note: Services that need to listen on publicly reachable ports (open / forwarded ports) are also not supported. However, users may run Hidden Services which are reachable via Tor or tor2web (care is required).
- UDP is not supported by Tor
- Note: The program must be able to run on Debian GNU/Linux or Other Operating Systems which are used. See also Software installation on Whonix-Workstation for further details.
- Note: ICMP, ping, VoIP calls over UDP and so on.
- Note: Skype works over TCP, but it is not recommended because it is proprietary, closed source software and there is no control over the encryption keys. Skype authorities can compromise a user at any moment. A secure encryption / authentication design looks different. For example GPG and OTR are secure, because the user has control over the keys, not the server. See VoIP Skype section for details.
- Note: Tunnel UDP over Tor
- Note: Even if someone hacks the user's hidden server software (lighttpd, thttpd, apache, etc.), they cannot steal the hidden service key. The key is stored on the Whonix-Gateway. Once a clean Whonix-Workstation is used, no one can impersonate the hidden service anymore.
- Note: The Whonix-Workstation is where the browser, IRC client and other user applications are run. The Whonix-Gateway is where Tor and the firewall are run.
- Note: Whonix does not automatically protect against other possible leaks like username, time zone, and so on. Users should read the Documentation to learn how to mitigate these threats. Additionally, Whonix's Protocol-Leak-Protection and Fingerprinting-Protection mitigates many possible fingerprinting attacks by using common, non-identifying defaults. For example, the username is set to user, the timezone is set to UTC, and so on.
- Note: Plugins are still not recommended, as they may decrease anonymity (for example, flash cookies) and they often have security vulnerabilities. Most popular plugins are closed source. See Browser Plugins for more information.
- Note: If Whonix-Workstation gets rooted, the adversary cannot find out the user's real IP address / location. The reason is Whonix-Workstation can only connect through the Whonix-Gateway. More skill is required to compromise Whonix, see Attack Comparison Matrix and Design.
- Note: Vidalia is now deprecated; arm is installed as the alternative.
- Note: Users need to maintain and update three OSs instead of one. Also, several passwords must be remembered, unless Qubes-Whonix is used.
- Broken link: https://anonymous-proxy-servers.net/forum/viewtopic.php?p=31220#p31220
Impressum | Datenschutz | Haftungsausschluss
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.