{{project_name_short}} is a free and open-source desktop {{os}} that is specifically designed for [https://www.whonix.org/#security advanced security and privacy]. It's based on the [https://torproject.org Tor] anonymity network, security-focused Linux Distribution {{Kicksecure_link | |{{Kicksecure}} }}, GNU/Linux and the principle of security by isolation. {{project_name_short}} [[Whonix_against_Real_Attacks|defeats common attacks]] while maintaining usability.
}} {{LeftRightImageText |image=Kicksecure-promo.jpg |addToClass=promo-style |imageright=1 |imagelink=https://www.kicksecure.com |imageAlt=Kicksecure promo image |text={{project_name_short}} uses an extensively security reconfigured of the Debian base ({{Kicksecure}} Hardened) which is run inside multiple virtual machines (VMs) on top of the host OS. This architecture provides a substantial layer of protection from malware and [[Data_Collection_Techniques#IP_Address|IP]] leaks. Applications are pre-installed and configured with safe defaults to make them ready for use with minimal user input. [[#Introduction|Learn more]].
}}The increasing threat of mass surveillance and repression all over the world means our freedoms and privacy are rapidly being eroded. {{project_name_short}} is a powerful solution to this problem. Anyone who values privacy, has business secrets, needs private communication or does sensitive work on their desktop or online can greatly benefit from using {{project_name_short}}. [[#Introduction|Learn more]].
}} {{LeftRightImageText |image={{project_name_short}}-concept-detailed.jpg |imageAlt={{project_name_short}} detailed concept |addToClass=promo-style |text={{project_name_short}} consists of two VMs: the [[{{project_name_gateway_short}}|{{project_name_gateway_long}}]] and the [[{{project_name_workstation_short}}|{{project_name_workstation_long}}]]. The former runs Tor processes and acts as a gateway, while the latter runs user applications on a completely isolated network. This innovative architecture allows for maximum privacy, keeps applications in check and makes DNS leaks impossible. [[#Whonix_Architecture|Learn more]].
}}{{project_name_gateway_vm}} and {{project_name_workstation_vm}}, respectively.
The former runs Tor processes and acts as a gateway, while the latter runs user applications on a completely isolated network. The {{project_name_short}} architecture affords several benefits:
* Only connections through Tor are permitted.
* Servers can be run, and applications used, anonymously over the Internet.
* DNS leaks are impossible.
* Malware with root privileges cannot discover the user's real IP address.
* Threats posed by misbehaving applications and user error are minimized.
* The platform has [https://www.whonix.org/#security extensive security hardening].
= Features =
== Full Spectrum Anti-Tracking Protection ==
'''Hiding your identity is harder than just hiding your IP'''. Internet tracking companies don't even need to know your IP address to be able to identify you. They have multiple alternative tracking technologies in their arsenal. Whonix provides full spectrum anti-tracking protection.
'''Table:''' ''Surveillance Technology, Impact and {{project_name_short}} Defenses''
{| class="wikitable"
|-
! scope="col"| '''Surveillance Technology'''
! scope="col"| '''Impact on your Privacy'''
! scope="col"| '''{{project_name_short}} Tracking Protection Technology'''
|-
! scope="row"| [[Data_Collection_Techniques#IP|IP address tracking]]
| IP is tied to user identity and physical location.
| [[Reliable_IP_Hiding|Reliable IP Hiding]]; [[Why_does_Whonix_use_Tor|IP cloaking using Tor]]
|-
! scope="row"| [[Data_Collection_Techniques#Browser_Fingerprinting|Browser fingerprinting]]
| Tracking, creating a profile of the user even if the user is already cloaking its IP.
| [[Tor Browser]]
|-
! scope="row"| [[Fingerprint#Website_Traffic_Fingerprinting|Website Traffic Fingerprinting]]
| Your {{isp}} knows which websites and when you visited but does not know the exact details. And that even if the website is using https and you are using VPN.
[[Whonix_versus_VPNs#VPNs_do_not_even_hide_visited_websites_from_your_Internet_Service_Provider|VPNs do not even hide visited websites from your Internet Service Provider]]
For example, if you are posting to a discussion forum, your ISP or a man-in-the-middle could know the time and that you used that discussion forum but not the exact contents of your post. However, due to the specific timing specifically over time an attacker could figure out who you are.
| [[Why_does_Whonix_use_Tor|IP cloaking using Tor]]
|-
! scope="row"| [[Keystroke_Deanonymization|Personal keyboard typing fingerprinting]]
| Re-identification once you are typing on a website because of your personal typing style.
| [[Keystroke_Deanonymization#Kloak|kloak (keystroke anonymizer)]]
|-
! scope="row"| [[Time_Attacks|Time attacks]]
| Individual computer time can give away your identity.
| [[Boot Clock Randomization]] and secure network time synchronization through [[sdwdate]] (Secure Distributed Web Date)
|-
! scope="row"| Other threats.
| Techniques like [[Stylometry]] (analysis of writing style) and various other tracking technologies can be employed to track users without the need for IP addresses.
| Whonix is a technological means to anonymity, but staying safe necessitates complete behavioral change; it is a complex problem without an easy solution. The more you know, the safer you can be. See [[Documentation]].
|-
|}
== Based on Debian ==
[[File:Debian.png|thumb|130px|border|alt=Debian logo]]
{{Based_on_Debian}}
=== {{project_name_short}} Version ===
[[File:Whonix-logo-rectangle.png|thumb|130px|[[Dev/Logo|{{project_name_short}} rectangular logo]]|alt={{project_name_short}} rectangular logo]]
Each {{project_name_short}} release is based on a particular version of Debian:
{| class="wikitable"
|-
! {{project_name_short}} version !! ''Debian Version'' !! Debian Codename
|-
| {{project_name_short}} {{VersionNew}} || ''{{Stable_project_version_based_on_Debian_version_short}}'' || [https://www.debian.org/releases/{{Stable project version based on Debian codename}}/ {{Stable project version based on Debian codename}}]
|-
|}
Users can manually check the {{project_name_short}} version at any time by following [[Post_Install_Advice#How_do_I_Check_the_Current_Whonix_Version.3F|this step]].
== Security by Isolation ==
'''{{project_name_short}} is the best way to use Tor and provides the strongest protection for your privacy online by hiding your real IP address, because {{project_name_short}} protects from leaks'''. In laymen's terms a leak occurs if a user expects to be wholly using Tor, but instead some application traffic bypasses Tor and is routed over the normal internet (clearnet). A solitary leak is all that is required to de-anonymize the user, for example via IP leaks, DNS leaks, UDP and other channels.
'''Even when Tor provides sufficient anonymity, it can be [https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO very complicated or impossible] for users to configure applications''' so all traffic is routed through the Tor network. The reason is networking is very complex and most applications are not designed with anonymity or privacy in mind. Some applications like the Tor Browser Bundle are specifically designed for anonymity and attempt to eliminate all known leak vectors. Unfortunately, despite all best efforts leaks have occurred in the past due to [[Whonix_against_Real_Attacks#Tor_Browser_Bundle|Tor Browser Bundle software defects (bugs)]]. In such cases, {{project_name_short}} users were protected and unaffected by these leaks.
'''In {{project_name_short}}, DNS and other related leaks (IP, DNS, UDP, ICMP) are impossible'''. Even malware with root privileges cannot discover the user's real IP address because {{project_name_short}}'s split-VM design ensures all internet traffic is routed through Tor.
''{{project_name_short}} is divided into two VMs'':
* [[{{project_name_gateway_short}}|{{project_name_gateway_short}}]] to enforce routing of all Internet traffic through the Tor network, and
* [[{{project_name_workstation_short}}|{{project_name_workstation_short}}]] for work activities. {{project_name_workstation_short}} is unaware of its real external IP address, which means the user's real external IP address is always protected and leaks are impossible.
'''This security by isolation configuration averts many threats posed by [[malware]], misbehaving applications, and user error.'''
'''Figure:''' ''{{project_name_short}} Operating System Design''
{{ContentImage|
[[File:{{project_name_short}}-concept-detailed.jpg|border|500px|alt={{project_name_short}} Operating System Design]]
}}
([[Art_Gallery#Technical_Illustrations|more technical illustrative images]])
'''This is not an empty claim -- {{project_name_short}} has been audited via the [[corridor]] (Tor traffic whitelisting gateway) and other [[Dev/Leak Tests|leak tests]]'''. In over a [[History|decade]], no leaks were ever discovered. Technical readers can refer to the [[Dev/Technical_Introduction|{{project_name_short}} technical introduction]] and [[Dev/Technical_Introduction#Security_Overview|security overview]] chapters for further details.
== Online Anonymity via Tor ==
[[File:Tor-logo.png|thumb|130px|alt=Tor logo]]
{{project_name_short}} relies on the Tor network to protect a user's anonymity online; all connections are forced through Tor or otherwise blocked. Tor helps to protect users by bouncing communications around a distributed network of relays run by volunteers all around the world. Without advanced, end-to-end, netflow correlation attacks, anybody watching a user's Internet connection cannot easily determine the sites visited, and those sites cannot learn the user's physical location.
Current practical, low-latency, anonymity designs like Tor fail when the attacker can see both ends of the communication channel (traffic going into and out of the Tor network). {{Archive_link
|url=https://blog.torproject.org/one-cell-enough-break-tors-anonymity/
|text=If both flows are visible
|onion=http://pzhdfe7jraknpj2qgu5cz2u3i4deuyfwmonvzu5i3nyw4t4bmg7o5pad.onion/one-cell-enough-break-tors-anonymity/index.html
}} simple statistics can determine whether they match up.
To learn more about Tor, see [[Why_does_Whonix_use_Tor|Why does {{project_name_short}} use Tor]] and read the official documentation on the {{Archive_link
|url=https://www.torproject.org/
|text=Tor website
|onion=http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/index.html
}}:
* {{Archive_link
|url=https://2019.www.torproject.org/about/overview.html.en#whyweneedtor
|text=Tor overview: Why we need Tor
|onion=http://jqyzxhjk6psc6ul5jnfwloamhtyh7si74b4743k2qgpskwwxrzhsxmad.onion/about/overview.html.en#whyweneedtor
}}
* {{Archive_link
|url=https://2019.www.torproject.org/about/overview.html.en#thesolution
|text=Tor overview: How Tor Works
|onion=http://jqyzxhjk6psc6ul5jnfwloamhtyh7si74b4743k2qgpskwwxrzhsxmad.onion/about/overview.html.en#thesolution
}}
* {{Archive_link
|url=https://2019.www.torproject.org/about/torusers.html.en
|text=Who uses Tor?
|onion=http://jqyzxhjk6psc6ul5jnfwloamhtyh7si74b4743k2qgpskwwxrzhsxmad.onion/about/torusers.html.en
}}
= Summary =
'''Table:''' ''{{project_name_short}} Goals, Design and Limitations''
{| class="wikitable"
|-
! scope="col"| '''Category'''
! scope="col"| '''Description'''
|-
! scope="row"| {{project_name_short}} is
|
* a free and open operating system
* an anti-censorship tool
* the first step among many in hiding a user's identity
|-
! scope="row"| {{project_name_short}} helps to
|
* disguise a user's IP address
* prevent internet service provider (ISP) spying
* prevent websites from identifying the user
* prevent malware from identifying the user
* circumvent censorship
|-
! scope="row"| {{project_name_short}} is not
|
* a one-click anonymization solution, since anonymity is a complex behavioral and technical problem in a highly surveilled world
Readers of the [[Documentation|{{project_name_short}} documentation]] will quickly learn that one-click anonymization solutions simply do not exist and will likely never be developed.
|-
|}
{{Anchor|Release and Support Schedule}}
= Release Schedule =
Note that {{project_name_short}} does not have a fixed release schedule. A new stable release only becomes available when it is deemed ready. Interested users can query the [[Reporting_Bugs#Issue_Tracker|issue tracker]]
For example, for the next release use the tag "{{project_name_short}} 16" and status "Open".
and [[changelog]] to track developer progress. [[Stay Tuned]].
= Support Schedule =
== Debian Hosts ==
'''New Debian Release'''
One month after a new stable version of Debian is released, {{project_name_short}} VMs may no longer be supported on any older version of Debian. All users need to upgrade the Debian platform promptly after the deprecation notice in order to use {{project_name_short}} safely.
'''New {{project_name_short}} Release'''
One month after a new stable version of Whonix is released, older versions will no longer be supported. All users need to upgrade the {{project_name_short}} platform promptly in order to remain safe.
'''Deprecation Notices'''
The deprecation notice is provided at least one month in advance and posted in the [https://forums.{{project_clearnet}}/c/news {{project_name_short}} News forum]. [[Stay Tuned]]! All users need to upgrade the respective platform promptly in order to remain safe. This also relieves {{project_name_short}} developers from needing to diagnose and support old-stable versions of Qubes/Debian/{{project_name_short}}, which duplicates the maintenance burden.
== Debian-based and Other Hosts ==
As per [[#Debian Hosts|Debian Hosts]].
== Windows Hosts ==
The support schedule is mostly undefined at present, but likely to mirror [[#Debian Hosts|Debian Hosts]].
== Qubes Hosts ==
'''{{q_project_name_short}} version support policy'''
{{project_name_short}} templates are supported by the {{project_name_short}} Project. The {{project_name_short}} Project has set its own support policy for {{project_name_short}} templates in Qubes.
This policy requires {{project_name_short}} template users to stay reasonably close to the cutting edge by upgrading to new stable releases of Qubes OS and {{project_name_short}} templates within a month of their respective releases. To be precise:
* One month after a new stable version of Qubes OS is released, {{project_name_short}} will no longer be supported on any older Qubes OS release. This means that users who wish to continue using {{project_name_short}} on Qubes OS must always upgrade to the latest stable Qubes OS release within one month of its release.
* One month after a new stable version of {{project_name_short}} is released for a given Qubes OS release, older {{project_name_short}} releases will no longer be supported on that Qubes OS release. This means that users who wish to continue using {{project_name_short}} on Qubes OS must always upgrade to the latest stable {{project_name_short}} version that is available for their Qubes OS release within one month of that {{project_name_short}} version’s release.
We aim to announce both types of events one month in advance in order to remind users to upgrade. [[Stay Tuned]].
'''{{q_project_name_short}} version support information'''
* Old stable support: Qubes 4.1 Whonix 16 will continue to receive security support until Qubes R4.2 is released as stable + 1 month. Support will likely be extended.
See also [https://forums.whonix.org/t/current-status-qubes-4-1-whonix-16/17191 Current Status Qubes 4.1 Whonix 16].
* Recommended Qubes version: Qubes 4.2
= Next Steps =
Learning more about {{project_name_short}} is the best way to determine whether it is a suitable solution in your personal circumstances. The following chapters are recommended:
* The [[Warning]] page to understand the security limitations of {{project_name_short}} and Tor.
* Further information about {{project_name_short}} [[Features]].
* The implied [[Trust]] placed in {{project_name_short}} when it is used.
* Other relevant [[Documentation|Documentation]] explaining how to use {{project_name_short}} safely.
= See Also =
* [[Whonix against Real Attacks|Whonix Track Record against Real Cyber Attacks]]
* [[History|{{project_age_years}} years history of success]]
= Footnotes =
{{reflist|close=1}}
[[About|About]]
[[Category:Documentation]]
= License =
{{License_Amnesia|{{FULLPAGENAME}}}}
{{JonDos}} The "Summary" chapter of the {{project_name_short}} Design and Goals wiki page contains content from the JonDonym documentation [https://web.archive.org/web/20200123130536/http://anonymous-proxy-servers.net/en/help/about.html Features] page.
{{Footer}}
[[Category:Documentation]]