Jump to: navigation, search

Features

Whonix Features[edit]

Whonix is an Anonymous Operating System. It hides your IP/location and uses Tor to anonymize your data traffic. This means that neither the contacted server, nor any eavesdropper on your connections, nor the operators of the Tor network themselves can realize which webservice you use.

To learn about its differences, check the Comparison with Others.

Basically any program can be used together with Whonix:

  • For web browsing, Tor Browser is included.
  • Messengers, like Tor Messenger and Ricochet IM.
  • Privacy friendly e-mail client: Mozilla Thunderbird with TorBirdy
  • scp for secure data transfer from and to a server.
  • Unobserved administration of servers via SSH
  • Web servers: Apache, ngnix, IRC servers, etc. via Hidden Services
  • Other programs...

It is possible, with the help of Whonix, to use applications via Tor, which are not capable of proxy support by themselves.

Everything is explained in Documentation.

Feature List[edit]

Advantages of Whonix[edit]

  • All applications, including those, which do not support proxy settings, will automatically be routed through Tor.[2] [3] [4]

[5]

  • Installation of any software package possible. [6] [7] [8] [9]
  • Safe hosting of Hidden Services possible. [10] [11]
  • Protection against side channel attacks, no IP or DNS leaks possible. [12]
  • Advantage over Live CD's: Tor's data directory is still available after reboot, due to persistent storage. Tor requires persistent storage to save its Entry Guards [13].
  • Java / JavaScript [14] [15] / flash / Browser Plugins [16] / misconfigured applications cannot leak your real external IP. See Security in Real World.
  • Protection against IP/location discovery through root exploits (Malware [17] with root rights) inside Whonix-Workstation. But you should really not test it [18]

Disadvantages of Whonix[edit]

  • More difficult to set up compared to the regular Tor Browser Bundle.
  • Needs virtual machines or spare hardware.
  • Updating OS and applications behind the Tor proxy is slow.
  • Higher maintenance required. [24]

Tunnel Support[edit]

All kinds of tunnels are possible and tested to work with Whonix. With Whonix you can route a connection through a VPN, SSH, or proxy before Tor, after Tor, or both.

Using Tunnels with Whonix

Replacing Tor with something is possible as well, although only for some combinations and networks. It's partially done but don't hold your breath for seeing those features finished, see Other Anonymizing Networks.


Comparison of Whonix, Tails, Tor Browser Bundle and TorVM[edit]

Comparison of Whonix, Tails, Tor Browser Bundle and TorVM

License[edit]

Thanks to JonDos (Permission). (w) (w) [25] The "Whonix Features" chapter of the Whonix Features wiki page contains content from the JonDonym documentation Features page.

Footnotes[edit]

  1. 1.0 1.1 1.2 1.3 1.4 Via optional configuration
  2. Note Note: For application warnings, see Documentation.
  3. Note Note: UDP is not supported by Tor, thus will not work in Whonix as well.
  4. UDP is not supported by Tor
  5. Note Note: Services that need to listen on publicly reachable ports (open/forwarded ports) are also not supported. However you may run Hidden Services which are reachable via Tor or tor2web (be careful).
  6. Note Note: Must be able to run on Debian GNU/Linux or you can use Other Operating Systems. See also Software installation on Whonix-Workstation for details.
  7. Note Note: ICMP, ping, VOIP calls over UDP, etc...
  8. Note Note: Skype over TCP does work, but it's not recommended, because it's proprietary, closed source and there is no control over the encryption keys. Skype authority can compromise you out any moment. A secure encryption/authentication design looks different. For example GPG and OTR are secure, because the user has control over the keys, not the server. See Voip Skype section for details.
  9. Note Note: Tunnel UDP over Tor
  10. Note Note: Even if someone hacks your hidden server software (lighttpd, thttpd, apache, etc.), he can not steal your hidden service key. The key is stored on the Whonix-Gateway. Once you cleaned your Whonix-Workstation, no one can impersonate your hidden service anymore.
  11. Note Note: The Workstation is the place where the browser, IRC client and so on is running. The Gateway is the place where Tor and the firewall is running.
  12. Note Note: Whonix protects against IP and DNS leaks. Other possible leaks (such as username; time zone; etc.) and how to mitigate them see Documentation. Additionally Whonix's Protocol-Leak-Protection and Fingerprinting-Protection mitigates many possible fingerprinting attacks by using common, non-identifying defaults. (username set to user; timezone set to UTC; etc.)
  13. https://www.torproject.org/docs/faq.html.en#EntryGuards
  14. Note Note: There is no difference compared to using JavaScript directly within the Tor Browser Bundle.
  15. Of course JavaScript within TBB inside Whonix will also not leak your IP. Browser fingerprinting still applies. For more information see Web-browser!
  16. Note Note: This is still not recommended as they may decrease anonymity (e.g. flash cookies) and often have security vulnerabilities. Most popular plugins are closed source. See Browser Plugins for more information.
  17. https://en.wikipedia.org/wiki/Malware
  18. Note Note: In case Whonix-Workstation gets rooted, the adversary can not find out the users real IP/location. This is because Whonix-Workstation can only connect through the Whonix-Gateway. How difficult is it to compromise Whonix? See Attack Comparison Matrix and Design. More skill is required.
  19. https://en.wikipedia.org/wiki/Free_software
  20. https://www.torproject.org
  21. https://www.torproject.org/projects/vidalia.html.en
  22. https://www.torproject.org/projects/torbrowser.html.en
  23. Note Note: Vidalia is optional; arm is installed as alternative.
  24. Note Note: You need to maintain three instead of one OS. You need to remember several passwords and update at least three systems.
  25. Broken link: https://anonymous-proxy-servers.net/forum/viewtopic.php?p=31220#p31220

Random News:

Want to get involved with Whonix? Check out our Contribute page.


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.