{{Header}}
{{title|title=
Design Documentation
}}
{{#seo:
|description=Technical Design and Conception of the {{project_name_short}} Anonymous Operating System.
|image=Magic-cube-378543640.jpg
}}
{{tech_intro_mininav}}
[[File:Magic-cube-378543640.jpg|thumb]]
{{intro|
Technical Design and Conception of the {{project_name_long}} Anonymous Operating System.
}}
= Upstream =
{{upstream_wiki}}

= Technical Design =

<div class="use-3-columns">
* [[Dev/Technical Introduction|Dev/Technical Introduction, {{project_name_short}} Framework, Security Overview]]
** [[Dev/Technical Introduction|Does {{project_name_short}} / Tor Provide Protection from Advanced Adversaries?]]
** [[Dev/Technical Introduction|Is there a {{project_name_short}} Amnesic Feature / Live CD / Live DVD? What about Forensics?]]
* [[Comparison with Others|Comparison of {{project_name_short}}, Tails, Tor Browser, TorVM and corridor]]
* [[Comparison of different variants|Comparison of different {{project_name_short}} variants]]
* [[Comparison Of Tor Proxies CGI proxies Proxy Chains And VPN Services]]
* [[Protocol-Leak-Protection and Fingerprinting-Protection|Protocol-Leak-Protection and Fingerprinting-Protection]]
* [[Dev/TimeSync|Time Synchronization Mechanism]]
* [[Stream Isolation|Stream Isolation]]
* [[systemcheck|systemcheck]]
* [[SSL|SSL]]
* [[Dev/Leak Tests|LeakTests to check everything is properly set up]]
* [[Dev/Anonymity Network|Anonymity Network]]
* [[Dev/About Computer (In)Security]]
* [[Dev/Threat Model]]
* [[Dev/Operating System|Dev/Operating System, Debian, Ubuntu, ...]]
* [[Dev/Virtualization Platform]]
** [[Dev/VirtualBox|VirtualBox]]
** [[Dev/KVM|KVM]]
** [[Dev/Qubes|Qubes]]
* [[Dev/Gateway|{{project_name_gateway_long}} / Graphical {{project_name_gateway_long}} benefits over Headless {{project_name_gateway_long}}]]
* [[Dev/Host]]
* [[Dev/Project Host|Whonix-Host]]
* [[Fingerprint]]
* [[Dev/Entropy]]
* [[Whonix against Real Attacks|{{project_name_short}} Whonix against Real Attacks]]
* [[Security Reviews and Feedback|Security Reviews and Feedback, Press, Media]]
* [[Connections between Gateway and Workstation|(encrypted) (authenticated) Connection Between {{project_name_gateway_short}} and {{project_name_workstation_long}}]]
* [[Dev/Build Anonymity]]
* [[Dev/Expected Build Warnings]]
* {{kicksecure_wiki
|wikipage=Dev/Relationship_With_Upstream
|text=Relationship With Upstream
}}
* {{kicksecure_wiki
|wikipage=Dev/About_Infrastructure
|text=About Infrastructure
}}
* [[Trust|Trusting {{project_name_short}}]]
* {{kicksecure_wiki
|wikipage=Verified_Boot
|text=Verified Boot
}} (Secure Boot)
* [[Verifiable Builds]] (as in reproducible, but not exactly reproducible)
* [[Dev/Stateless|Factory Reset, Stateless Systems, Reproducible Systems, Verifiable Systems, Clear Linux, NixOS, Fedora Silverblue]]
* [[Next|NEXT: In development for next {{project_name_short}} version]]
* [[Dev/onion-grater|onion-grater (Control Port Filter Proxy)]]
* [[Dev/Automatic Updates|Automatic Updates (APT) - to Use or Not Use Them]]
* {{kicksecure_wiki
|wikipage=Dev/Automatic_Updates
|text=Package Manager Graphical
}}
* {{kicksecure_wiki
|wikipage=Dev/Automatic_Updates
|text=One Click Update Script - Simplified, Assisted Updates
}}
* [[Dev/anon-ws-disable-stacked-tor|Dummy Tor package on {{project_name_workstation_short}} (anon-ws-disable-stacked-tor)]]
* [[Dev/About Debian Packaging|About Debian Packaging]]
** [[Dev/About Debian Packaging#Recommends vs Depends|<code>Recommends:</code> vs <code>Depends</code> (<code>--no-install-recommends</code>)]]
** [[Dev/About Debian Packaging#Files in Home Folder|ought to avoid writing into linux user <code>/home</code> folder]]
** [[Dev/About Debian Packaging#Files in /etc/skel|Files in <code>/etc/skel</code>]]
** [[Dev/About_Debian_Packaging#Modifying_Default_Configuration_of_Third_Party_Packages|Modifying Default Configuration of Third Party Packages]]
* [[Dev/Default Application Policy|Criteria for installing applications by default in {{project_name_short}}, Default Application Policy, package sources, software sources, Debian software package repository packages.debian.org, deb.debian.org, deb.torproject.org, software from non-APT repository software sources (Tor Browser)]]
* [[Dev/Tor|Tor Config Files torrc / Why Waste Network Bandwidth by Downloading Operating System Updates over Tor?]]
* [[Dev/setup-dist]]
* [[Dev/Disclaimer|Disclaimer in setup-dist - Background of it]]
* [[Dev/anon-ws-disable-stacked-tor|anon-ws-disable-stacked-tor, prevents Tor over Tor]]
* [[Dev/Versioning Format Conventions|Versioning Format Conventions for packages developed under the {{project_name_short}} hat]]
* [[Comparison_Of_Package_Managers|Comparison Of Package Managers]]
* [[Dev/Advanced Deanonymization Attacks|Advanced Deanonymization Attacks, Covert Channels]]
* [[Dev/Advanced Deanonymization Attacks|Dev/Advanced Deanonymization Attacks, Covert Channels]]
* [[Stable Version User Experience]]
* [[Dev/coding_style|Coding Style]]
* [[Dev/latency-obfuscator|Latency Obfuscator]]
* [[Dev/RAM_Wipe|RAM Wipe, cryptsetup suspend]]
* [[Dev/nonfree|non-freedom, proprietary, closed source firmware, CPU microcode and drivers]]
</div>

= Detailed Design =

<div class="use-3-columns">
* [[Dev/Project_Networking]]
* [[Dev/ipv6]]
</div>

= Future Technical Design =

<div class="use-3-columns">
* [[Dev/Permanent Takedown Attack Defender|Permanent Takedown Attack Defender, proposal to defend a permanent takedown threat]]
* [[Dev/project-news|Project / Emergency News]]
* [[Dev/MAC|controversy of anonymous MAC addresses]]
* [https://phabricator.whonix.org/T140 apt revoker]
* [[Dev/vanguards|vanguards]] notification graphical user interface (GUI)
* [[Dev/remount-secure]] - Secure Mount Options
* {{kicksecure_wiki
|wikipage=Dev/confidential_computing
|text=Confidential Computing, Cloud Considerations
}}
</div>

= General Developer Pages =

<div class="use-3-columns">
* [[Dev/Documentation Guidelines|Documentation Guidelines]]
* [[Dev/Documentation Markup Format Converters|Documentation Markup Format Converters]]
* [[Dev/Developer_Portal|Developer Portal]]
* [[Dev/Archived Discussions|Dev/Archived Discussions, development discussions, old and recent, bugs, features, etc.]]
* [[Dev/git|Git branches]]
* [[Dev/APT Repository|APT Repository ({{project_name_short}} Debian Package Maintenance) (.deb), reprepro]]
* [[Dev/GNOME|Some random thoughts about a future GNOME desktop, GNOME proxy]]
* [[Dev/Source_Code_Intro|Introduction into the {{project_name_short}} build method and source code]]
* [[Dev/News|{{project_name_short}} News File Format]]
* [[Dev/SSL Certificate Pinning|SSL certificate pinning]]
* [[Dev/JonDo|development discussion if JonDo(Fox) could be pre-installed in {{project_name_workstation_short}}]]
* [[Dev/Project_Host|{{project_name_short}} Host operating system or even VM operating system - development discussion]]
* [[Dev/Network Manager|Network Manager (NM) in {{project_name_short}} instead of ifupdown - development discussion]]
* [[Dev/Other Virtualization Platforms]]
* [[Dev/Continuous Integration|Continuous Integration (CI)]]
* [[Dev/DHCP|Consideration running a DHCP server on {{project_name_gateway_short}} and running a DHCP client in {{project_name_workstation_short}}]]
* [[Dev/Permissions]]
* [[Hosting a Mirror|Hosting a {{project_name_short}} Mirror]]
* [[Dev/APT_Pinning|Why we should avoid APT Pinning / preferences / backports by default]]
* [[Dev/Password_Manager|Comparing Password Managers, finding out best choice as default installed one]]
* [[Dev/Porting]]
** [[Dev/Porting#Packages|Architecture Specific, Compiled, Third Party, "special" Packages / Kernel Modules / Shared Objects]]
* [[Dev/Logo]]
* [[Dev/TPO_Trademark|The Tor Project (TPO) Trademark]]
* [[Dev/64bit|32bit vs 64bit - How effort would multiply when 64bit images (same for other desktop environments such as Gnome)]]
* [[Dev/Firefox_Add-On|Firefox Add-On, debugging, "live" edits]]
* [[Dev/tor-launcher|tor-launcher add-on screenshots]]
* [[BackupScript|{{project_clearnet}} backup script, to make a backup of most {{project_clearnet}} content]]
* [[Dev/Firewall_Unload|Firewall Unloading / flush iptables]]
* [[Dev/Qubes]]
* [[Dev/Split_GPG|Qubes Split GPG]]
* [[Dev/Firewall_Refactoring|Firewall Refactoring]]
* [[Dev/Test|Dev/Test - How to "UnWhonix" - Instructions on how to remove {{project_name_short}} Tor default networking for {{project_name_gateway_short}}. After applying these instructions, {{project_name_gateway_short}} will connect to clearnet.]]
* [[Dev/Firejail|Firejail]]
* [[Dev/grsecurity|grsecurity]]
* [[Dev/Linux Installer|{{project_name_short}}-Linux-Installer]]
* [[Dev/Windows Installer|{{project_name_short}} Windows Installer]]
* [[Dev/Windows_Starter|Dev/{{project_name_short}}-Windows-User-Interface]]
* [[Windows_Quick_Start_Testers_Only_Version|{{project_name_short}} Windows Installer - Testers Only Version
]]
* [[Dev/research|{{project_name_short}} Cooperation with Researchers]]
* [[Dev/Special Keys|Host Keys in various Virtualizers / special keys]]
* [[Dev/Gajim|Gajim - TODO for installing Gajim by default in {{project_name_short}}]]
* [[Dev/Ledger_Hardware_Wallet|Ledger Hardware Wallet Development Notes]]
* [[AEM]] - anti evil maid
* [[Boot Clock Randomization]]
* [[Dev/user-sysmaint-split|user-sysmaint-split, Boot Modes]]
* [[Dev/mobile]]
* [[Dev/yubikey]]
* [[Non Anonymous NAT Traversal]]
* [[Dev/Project_friendly_applications_best_practices|{{project_name_short}} friendly applications best practices]]
* [[Dev/Licensing]]
* [[SecBrowser|Tor Browser without Tor]]
* [[Dev/VirusForget|VirusForget - deactivate malware after reboot from non-root compromise]]
* [[Dev/bash|bash proper whitespace handling]]
* [[Dev/wallpaper|wallpaper]]
* [[Dev/certification|certification / audit]]
** [[Dev/STIG]]
** [https://forums.whonix.org/t/run-openscap-security-test/9080 OpenSCAP]
** [https://forums.whonix.org/t/lynis-security-auditing-tool-for-unix-based-systems/7633 lynis]
** [https://forums.whonix.org/t/harbian-audit-hardened-debian-gnu-linux-distro-auditing/8513 harbian-audit - Hardened Debian GNU/Linux distro auditing]
* Windows 10 Issues collection
** https://forums.whonix.org/t/gateway-startup-error-not-syncing-no-working-init-found/9481/11
* [[Dev/surveys|Polls Collections (Surveys)]]
* [[Dev/Automated Tests|Automated Tests]]
* [[Dev/Warrant Canary Draft|Warrant Canary Draft]]
* [[Dev/Astra Linux]]
* [[Dev/Torified Wi-Fi Hotspot|Dev/Torified Wi-Fi Hotspot (WiFi)]]
* [[Dev/Xfce|Xfce Desktop Environment Notes, xfconfd, desktop background image, configuration files]]
* {{kicksecure_wiki
|wikipage=Dev/Open_Source_Business_Models
|text=Open Source Business Models
}}
* {{kicksecure_wiki
|wikipage=Dev/audio
|text=audio, ALSA, PulseAudio, PipeWire
}}
</div>

= Website Developer Pages =

<div class="use-3-columns">
* [[Dev/website|website and wiki HTML / CSS improvements]]
* [[Dev/Issue_Tracker|Issue, Bug, Feature Request Tracker, phabricator]]
* [[Dev/CSS|mediawiki CSS]]
* [[Privacy_Policy|{{project_name_short}}.org Site Security]]
* [[Dev/OpenPGP Signed Website|OpenPGP Signed Website]]
* [[Dev/Homepage|Hompage of {{project_name_short}}, Experiments with Browser Load Speed and Content]]
* [[Dev/Web_Backend|Web Backend, CMS vs non-CMS, vs github-pages, etc.]]
* [[Dev/mediawiki|mediawiki, codeselect, select code, short / long / recommended / detailed buttons]]
* [[Transparency|Transparency, Guidelines for Advertising on {{project_clearnet}}, Affiliate Policy]]
* [https://archive.readme.io/docs/creating-a-snapshot web.archive.org snapshot using command line interface (CLI)]
* [[Privacy Policy Technical Details|Privacy Policy Technical Details of the {{project_name_short}} Website]]
</div>

{{Anchor|Download}}

= Download / Installation - Developer Pages =

<div class="use-3-columns">
* [[Download_Security|Download Security]]
* [[Dev/Download_Statistics|Statistics on Downloads and OpenPGP verification and how we can improve that]]
* [[Dev/Download Wizard]]
* [[Software_Signature_Verification_Usability_Issues_and_Proposed_Solutions|Software Verification (OpenPGP / gpg) Usability Issues / Secure Downloader to Download {{project_name_short}} Images]]
* [[Dev/Installation_from_Repository|Installation from {{project_name_short}} repository - "sudo apt install {{project_name_short_lowercase}}"]]
* [https://forums.whonix.org/t/sudo-apt-get-install-whonix-part-i-distro-morphing/2346 VM image download from repository - "sudo apt install whonix-gateway-ova"]
</div>

= Other Related =

<div class="use-3-columns">
* [[Documentation|Documentation]]
* [[Mailing Lists|whonix-devel mailing list archive]]
* [[Dev/Build Documentation|Build Documentation, How to build {{project_name_short}} from Source Code, How to update {{project_name_short}} from Source Code]]
* [https://github.com/{{project_name_short}}/derivative-maker {{project_name_short}} Source Code]
* [https://github.com/Kicksecure/developer-meta-files/blob/master/usr/bin/dm-prepare-release {{project_name_short}} Developer Meta Files, Scripts for managing the {{project_name_short}} GNU/Linux Distribution]
* [[Dev/Maintenance|Maintenance, The Tor Project (TPO) apt repository package mirroring to whonix.org repository, Tor Browser hardcoded version file]]
* [[Dev/Redistribution#Pre_Building|Redistribution Pre Building]] (Only required if you want to redistribute (official) {{project_name_short}} release builds.)
* [[Dev/Redistribution#Post_Building|Redistribution Post Building]] (Only required if you want to redistribute (official) {{project_name_short}} release builds.)
* [[Essential_Tests|Essential {{project_name_short}} Functionality Tests]]
* [[Dev/Vision‎|Whonix² Project Vision]]
* [https://forums.whonix.org/tag/project-philosophy Project Philosophy]
* [[Community_survey|Community Survey, collecting feedback for the future direction of {{project_name_short}}]]
</div>

= Other Unrelated =

<div class="use-3-columns">
* [[Dev/Tails Doc Fork|Documentation pages forked from the Tails project]]
* [[Authorship#License|Citation, backup of website content license grants]]
* [[Edge|Edge Security Model (Android Wallet)]]
</div>

= Deprecated =

<div class="use-3-columns">
* [[UniStation|OneVM - {{project_name_short}} implementation with just a single VM (Tor runs on host)]]
* [[Dev/Inspiration|Installing I2P on {{project_name_gateway_short}} (I2PBOX)]]
* [[Dev/Inspiration|JonDonym as Tor replacement (JonDoBOX)]]
* [[Dev/Inspiration|VPN, VPN's as a Tor replacement (VPNBOX)]]
* [[Dev/Inspiration|Proxy, Proxies as a Tor replacement (ProxyBOX), Transparent Proxying Method, Proxy Settings Method]] / [[ProxyBOX]]
* [[Dev/Inspiration|Freenet on the {{project_name_gateway_short}} (FreenetBOX)]]
* [[Dev/Inspiration|RetroShare as Anonymizer]]
* [[Dev/Zerobox]] (ZeroNet)
</div>

= TODO =
* https://forums.whonix.org/search?expanded=true&q=%23status_open_issue_todo%20%23component_security
* https://packages.debian.org/{{Stable project version based on Debian codename}}/tiger
* https://packages.debian.org/{{Stable project version based on Debian codename}}/tiger-otheros

[[Category:Design]]
{{Footer}}