Design Documentation
Jump to navigation
Jump to search
Technical Design and Conception of the Whonix Anonymous Operating System.
Upstream[edit]
Technical Design[edit]
- Dev/Technical Introduction, Whonix Framework, Security Overview
- Comparison of Whonix, Tails, Tor Browser, TorVM and corridor
- Comparison of different Whonix variants
- Comparison Of Tor Proxies CGI proxies Proxy Chains And VPN Services
- Protocol-Leak-Protection and Fingerprinting-Protection
- Time Synchronization Mechanism
- Stream Isolation
- systemcheck
- SSL
- LeakTests to check everything is properly set up
- Anonymity Network
- Dev/About Computer (In)Security
- Dev/Threat Model
- Dev/Operating System, Debian, Ubuntu, ...
- Dev/Virtualization Platform
- Whonix-Gateway™ / Graphical Whonix-Gateway™ benefits over Headless Whonix-Gateway™
- Dev/Host
- Whonix-Host
- Fingerprint
- Dev/Entropy
- Whonix Whonix against Real Attacks
- Security Reviews and Feedback, Press, Media
- (encrypted) (authenticated) Connection Between Whonix-Gateway and Whonix-Workstation™
- Dev/Build Anonymity
- Dev/Expected Build Warnings
- Relationship With Upstream
- About Infrastructure
- Trusting Whonix
- Verified Boot (Secure Boot)
- Verifiable Builds (as in reproducible, but not exactly reproducible)
- Factory Reset, Stateless Systems, Reproducible Systems, Verifiable Systems, Clear Linux, NixOS, Fedora Silverblue
- NEXT: In development for next Whonix version
- onion-grater (Control Port Filter Proxy)
- Automatic Updates (APT) - to Use or Not Use Them
- Package Manager Graphical
- One Click Update Script - Simplified, Assisted Updates
- Dummy Tor package on Whonix-Workstation (anon-ws-disable-stacked-tor)
- About Debian Packaging
- Criteria for installing applications by default in Whonix, Default Application Policy, package sources, software sources, Debian software package repository packages.debian.org, deb.debian.org, deb.torproject.org, software from non-APT repository software sources (Tor Browser)
- Tor Config Files torrc / Why Waste Network Bandwidth by Downloading Operating System Updates over Tor?
- Dev/setup-dist
- Disclaimer in setup-dist - Background of it
- anon-ws-disable-stacked-tor, prevents Tor over Tor
- Versioning Format Conventions for packages developed under the Whonix hat
- Comparison Of Package Managers
- Advanced Deanonymization Attacks, Covert Channels
- Dev/Advanced Deanonymization Attacks, Covert Channels
- Stable Version User Experience
- Coding Style
- Latency Obfuscator
- RAM Wipe, cryptsetup suspend
- non-freedom, proprietary, closed source firmware, CPU microcode and drivers
Detailed Design[edit]
Future Technical Design[edit]
- Permanent Takedown Attack Defender, proposal to defend a permanent takedown threat
- Project / Emergency News
- controversy of anonymous MAC addresses
- apt revoker
- vanguards notification graphical user interface (GUI)
- Dev/remount-secure - Secure Mount Options
- Confidential Computing, Cloud Considerations
General Developer Pages[edit]
- Documentation Guidelines
- Documentation Markup Format Converters
- Developer Portal
- Dev/Archived Discussions, development discussions, old and recent, bugs, features, etc.
- Git branches
- APT Repository (Whonix Debian Package Maintenance) (.deb), reprepro
- Some random thoughts about a future GNOME desktop, GNOME proxy
- Introduction into the Whonix build method and source code
- Whonix News File Format
- SSL certificate pinning
- development discussion if JonDo(Fox) could be pre-installed in Whonix-Workstation
- Whonix Host operating system or even VM operating system - development discussion
- Network Manager (NM) in Whonix instead of ifupdown - development discussion
- Dev/Other Virtualization Platforms
- Continuous Integration (CI)
- Consideration running a DHCP server on Whonix-Gateway and running a DHCP client in Whonix-Workstation
- Dev/Permissions
- Hosting a Whonix Mirror
- Why we should avoid APT Pinning / preferences / backports by default
- Comparing Password Managers, finding out best choice as default installed one
- Dev/Porting
- Dev/Logo
- The Tor Project (TPO) Trademark
- 32bit vs 64bit - How effort would multiply when 64bit images (same for other desktop environments such as Gnome)
- Firefox Add-On, debugging, "live" edits
- tor-launcher add-on screenshots
- whonix.org backup script, to make a backup of most whonix.org content
- Firewall Unloading / flush iptables
- Dev/Qubes
- Qubes Split GPG
- Firewall Refactoring
- Dev/Test - How to "UnWhonix" - Instructions on how to remove Whonix Tor default networking for Whonix-Gateway. After applying these instructions, Whonix-Gateway will connect to clearnet.
- Firejail
- grsecurity
- Whonix-Linux-Installer
- Whonix Windows Installer
- Dev/Whonix-Windows-User-Interface
- Whonix Windows Installer - Testers Only Version
- Whonix Cooperation with Researchers
- Host Keys in various Virtualizers / special keys
- Gajim - TODO for installing Gajim by default in Whonix
- Ledger Hardware Wallet Development Notes
- AEM - anti evil maid
- Boot Clock Randomization
- user-sysmaint-split, Boot Modes
- Dev/mobile
- Dev/yubikey
- Non Anonymous NAT Traversal
- Whonix friendly applications best practices
- Dev/Licensing
- Tor Browser without Tor
- VirusForget - deactivate malware after reboot from non-root compromise
- bash proper whitespace handling
- wallpaper
- certification / audit
- Windows 10 Issues collection
- Polls Collections (Surveys)
- Automated Tests
- Warrant Canary Draft
- Dev/Astra Linux
- Dev/Torified Wi-Fi Hotspot (WiFi)
- Xfce Desktop Environment Notes, xfconfd, desktop background image, configuration files
- Open Source Business Models
- audio, ALSA, PulseAudio, PipeWire
Website Developer Pages[edit]
- website and wiki HTML / CSS improvements
- Issue, Bug, Feature Request Tracker, phabricator
- mediawiki CSS
- Whonix.org Site Security
- OpenPGP Signed Website
- Hompage of Whonix, Experiments with Browser Load Speed and Content
- Web Backend, CMS vs non-CMS, vs github-pages, etc.
- mediawiki, codeselect, select code, short / long / recommended / detailed buttons
- Transparency, Guidelines for Advertising on whonix.org, Affiliate Policy
- web.archive.org snapshot using command line interface (CLI)
- Privacy Policy Technical Details of the Whonix Website
Download / Installation - Developer Pages[edit]
- Download Security
- Statistics on Downloads and OpenPGP verification and how we can improve that
- Dev/Download Wizard
- Software Verification (OpenPGP / gpg) Usability Issues / Secure Downloader to Download Whonix Images
- Installation from Whonix repository - "sudo apt install whonix"
- VM image download from repository - "sudo apt install whonix-gateway-ova"
Other Related[edit]
- Documentation
- whonix-devel mailing list archive
- Build Documentation, How to build Whonix from Source Code, How to update Whonix from Source Code
- Whonix Source Code
- Whonix Developer Meta Files, Scripts for managing the Whonix GNU/Linux Distribution
- Maintenance, The Tor Project (TPO) apt repository package mirroring to whonix.org repository, Tor Browser hardcoded version file
- Redistribution Pre Building (Only required if you want to redistribute (official) Whonix release builds.)
- Redistribution Post Building (Only required if you want to redistribute (official) Whonix release builds.)
- Essential Whonix Functionality Tests
- Whonix² Project Vision
- Project Philosophy
- Community Survey, collecting feedback for the future direction of Whonix
[edit]
Deprecated[edit]
- OneVM - Whonix implementation with just a single VM (Tor runs on host)
- Installing I2P on Whonix-Gateway (I2PBOX)
- JonDonym as Tor replacement (JonDoBOX)
- VPN, VPN's as a Tor replacement (VPNBOX)
- Proxy, Proxies as a Tor replacement (ProxyBOX), Transparent Proxying Method, Proxy Settings Method / ProxyBOX
- Freenet on the Whonix-Gateway (FreenetBOX)
- RetroShare as Anonymizer
- Dev/Zerobox (ZeroNet)
TODO[edit]
- https://forums.whonix.org/search?expanded=true&q=%23status_open_issue_todo%20%23component_security
- https://packages.debian.org/bookworm/tiger
- https://packages.debian.org/bookworm/tiger-otheros
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!