In any case, it is recommended to visit this website using either Tor Browser in Whonix ™ or the Tor Browser Bundle.
|Valid SSL Certificate||Yes|
|HTTPS Everywhere  Inclusion||Yes |
|Passed Qualys SSL LABS  SSL Server Test :||Yes, A+ rating. |
|HSTS ||Yes |
|HSTS Preloading List     ||Yes   |
|Certificate Authority (CA) Pinning||Obsolete |
|HTTP Public Key Pinning||Obsolete |
|DNS Certification Authority Authorization (CAA) Policy||Yes|
|Expect-CT header ||Yes|
|Flagged Revisions ||Yes, admins must verify changes before they become the default version.|
|Secondary .onion Domain ||Yes  |
|Content Security Policy (CSP)||Yes, A Rating.    |
If users have any further suggestions, please edit this entry or discuss possible changes in the Whonix ™ forums.
Privacy on the Whonix ™ Website
The Whonix ™ website  is using popular web applications (web apps) like MediaWiki, Phabricator and Discourse (forum software).  These are Freedom Software projects which are developed by third parties and not the Whonix ™ team. As an end user of web apps, whonix.org has no control over changes made by the respective developers, whom do not necessarily (seldom in fact) prioritize privacy and security.
The Whonix ™ platform is similarly based on many third party projects. For a simple (approximate) overview of the Whonix ™ organizational structure, see: Linux User Experience versus Commercial Operating Systems. In essence, many independent projects provide their software and source code for free, and they can be modified or used in their default state. Due to the structure of Freedom Software development and the limited funding available to Whonix ™, it is infeasible to try and tackle usability, privacy and security issues posed by these web apps.
Consider the Discourse software for example:
- Google is used as the default search engine, even though it would be far preferable to configure another search engine which respects privacy. Whonix ™ developers posted a Feature request: configurable search engine for forum search, but discourse developers in essence replied "patches welcome".
- Discourse does not work well with secondary onions.
In contrast, the main project activities undertaken by Whonix ™ include research, development and maintenance of privacy by design software. This is achieved via technological enforcement, remaining free,  and utilizing Freedom Software which encourages external contributions, enhancements and audits.
curl -i https://Whonix.org
- Requested. Will propagate to Chrome, Firefox and Tor Browser.
- Optional Tor onion service (.onion domain); alternative end-to-end encrypted/authenticated connection; in this use case, not for location privacy; backup in case DNS is not functional
- See also Forcing .onion on Whonix ™.org.
- Clearnet address: https://www.whonix.org and v3 onion address: dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion
- This is common practice. For example Free Software Foundation (FSF) also uses discourse.
- This includes any type of information that is collected and recorded, and how it may be used. The processing of any personal information is subject to the General Data Protection Regulation (GDPR).
- Free in terms of price, while also respecting user and developer freedoms.
No comments for now due to spam. Use Whonix forums instead.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)