Actions

Privacy Policy Technical Details

From Whonix

See Privacy Policy.

These technical details are not part of Privacy Policy.

In any case, it is recommended to visit this website using either Tor Browser in Whonix ™ or the Tor Browser Bundle.

Overview[edit]

Valid SSL Certificate Yes
HTTPS Everywhere [1] Inclusion Yes [2]
Passed Qualys SSL LABS [3] SSL Server Test [4]: Yes, A+ rating. [5]
HSTS [6] Yes [7]
HSTS Preloading List [8] [9] [10] [11] [12] Yes [13] [14] [15]
Certificate Authority (CA) Pinning Obsolete [16]
DNS Certification Authority Authorization (CAA) Policy[17] Yes[18]
HTTP Public Key Pinning[19] Obsolete [20]
Expect-CT header [21] Yes[22]
certspotter [23] Yes[24]
DNSSEC[25] Yes[26]
Flagged Revisions [27] Yes, admins must verify changes before they become the default version.
Secondary .onion Domain [28] Yes [29] [30]
Content Security Policy (CSP) Yes, A Rating. [31] [32] [33] [34]
Feature-Policy Yes

If users have any further suggestions, please edit this entry or discuss possible changes in the Whonix ™ forums.

Privacy on the Whonix ™ Website[edit]

The Whonix ™ website [35] is using popular web applications (web apps) like MediaWiki [archive], Phabricator [archive] and Discourse [archive] (forum software). [36] These are Freedom Software projects which are developed by third parties and not the Whonix ™ team. As an end user of web apps, whonix.org has no control over changes made by the respective developers, whom do not necessarily (seldom in fact) prioritize privacy and security.

The Whonix ™ platform is similarly based on many third party projects. For a simple (approximate) overview of the Whonix ™ organizational structure, see: Linux User Experience versus Commercial Operating Systems. In essence, many independent projects provide their software and source code for free, and they can be modified or used in their default state. Due to the structure of Freedom Software development and the limited funding available to Whonix ™, it is infeasible to try and tackle usability, privacy and security issues posed by these web apps.

Consider the Discourse software for example:

Based on the preceding information, it is clear websites can at best only provide privacy by policy, which is equivalent to a promise. For detailed information on the Whonix ™ privacy policy, see here. [37]

In contrast, the main project activities undertaken by Whonix ™ include research, development and maintenance of privacy by design software [archive]. This is achieved via technological enforcement, remaining free, [38] and utilizing Freedom Software which encourages external contributions, enhancements and audits.

Info Whonix ™ welcomes patches or financial contributions to support the development of desired features.

See also Trusting the Whonix ™ Website.

Footnotes[edit]

  1. https://www.eff.org/https-everywhere [archive]
  2. https://trac.torproject.org/projects/tor/ticket/9143 [archive]
  3. https://www.ssllabs.com/ [archive]
  4. https://www.ssllabs.com/ssltest/index.html [archive]
  5. https://www.ssllabs.com/ssltest/analyze.html?d=Whonix.org [archive]
  6. https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security [archive]
  7. curl -i https://Whonix.org

  8. http://blog.chromium.org/2011/06/new-chromium-security-features-june.html [archive]
  9. http://blog.stalkr.net/2011/08/hsts-preloading-public-key-pinning-and.html [archive]
  10. http://www.chromium.org/sts [archive]
  11. https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ [archive]
  12. https://bugzilla.mozilla.org/show_bug.cgi?id=861960 [archive]
  13. https://github.com/Whonix/Whonix/issues/34 [archive]
  14. http://src.chromium.org/viewvc/chrome?revision=209444&view=revision [archive]
  15. https://hstspreload.org/?domain=whonix.org [archive]
  16. https://phabricator.Whonix.org/T66 [archive]
  17. https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum [archive]
  18. https://forums.Whonix.org/t/dns-certification-authority-authorization-caa-policy-dnssec-for-Whonix-org-ssllabs-com-test-results/5487 [archive]
  19. https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning [archive]
  20. https://phabricator.Whonix.org/T84 [archive]
  21. https://scotthelme.co.uk/a-new-security-header-expect-ct/ [archive]
  22. https://github.com/SSLMate/certspotter [archive]
  23. https://forums.Whonix.org/t/dns-certification-authority-authorization-caa-policy-dnssec-for-Whonix-org-ssllabs-com-test-results/5487/2?u=patrick [archive]
  24. https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions [archive]
  25. https://forums.Whonix.org/t/dns-certification-authority-authorization-caa-policy-dnssec-for-Whonix-org-ssllabs-com-test-results/5487 [archive]
  26. https://www.mediawiki.org/wiki/Extension:FlaggedRevs/ [archive]
  27. Optional Tor onion service (.onion domain); alternative end-to-end encrypted/authenticated connection; in this use case, not for location privacy; backup in case DNS is not functional
  28. dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion
  29. See also Forcing .onion on Whonix ™.org.
  30. https://securityheaders.io/?followRedirects=on&hide=on&q=Whonix.org [archive]
  31. https://phabricator.Whonix.org/T70 [archive]
  32. https://forums.Whonix.org/t/Whonix-website-security-rating-b-mozilla-observatory-content-security-policy-csp/3874 [archive]
  33. https://forums.Whonix.org/t/content-security-policy-now-deployed-on-Whonix-websites/5494 [archive]
  34. Clearnet address: https://www.whonix.org [archive] and v3 onion address: dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion
  35. This is common practice. For example Free Software Foundation (FSF) also uses discourse. [archive]
  36. This includes any type of information that is collected and recorded, and how it may be used. The processing of any personal information is subject to the General Data Protection Regulation (GDPR).
  37. Free in terms of price, while also respecting user and developer freedoms.


text=Jobs in USA
Jobs in USA


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Please help in testing new features and bug fixes in Whonix ™.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.