{{Header}} {{hide_all_banners}} {{Title|title= Features, Advantages, Use Cases - {{project_name_long}} }} {{#seo: |description={{project_name_short}} Feature List |image=Drip-1037807-640.jpg }} [[File:Drip-1037807-640.jpg|thumb]] {{intro| {{project_name_short}} Feature List. {{project_name_short}} has a lot of features and advantages. This page gives an overview. }} = {{project_name_short}} Features = [[File:Whonix-logo-rectangle.png|thumb|100px|[[Dev/Logo|{{project_name_short}} rectangular logo]]]] {{project_name_short}} is an operating system focused on [https://www.whonix.org/#security anonymity and security]. It hides the user's IP address / location and uses the [[Why_does_Whonix_use_Tor|Tor network]] to anonymize data traffic. This means the contacted server, network eavesdroppers and operators of the Tor network cannot easily determine which sites are visited or the user's physical location. <ref> Without advanced, end-to-end, netflow correlation attacks which rely on statistical analysis of data volume and timing. </ref> For a comprehensive comparison of {{project_name_short}} with other popular anonymity platforms, see [[Comparison with Others]]. == Platform Flexibility / Virtualizer friendly == Most if not every compatible feature of every system that {{project_name_short}} is based on can be used in {{project_name_short}} too. There are no atificial restrictions. * Based on [https://www.debian.org Debian] GNU/Linux. * Based on the [https://www.torproject.org Tor] anonymity network. * Based on [[KVM]]. * Based on [[VirtualBox]]. * Based on [[{{q_project_name_short}}|Qubes]]. * [[Reasons for Freedom Software|Free]], Open Source, Libre, [https://forums.whonix.org/t/lets-call-it-freedom-software-rather-than-free-software-or-open-source/6961 Freedom] Software. This means flexibility for the user, because customization is possible and relatively simple. * Virtual machine images with [[Virtualization_Platform_Security#Type_1_vs_Type_2_Hypervisors|Type I or 2 hypervisors]]. This means that {{project_name_short}} is flexible enough to be ported to different hypervisors. == Pre-installed, Pre-configured Applications == A number of applications are pre-installed and pre-configured with safe defaults to make them ready for use. Most popular applications are compatible with the {{project_name_short}} design: * [[Tor Browser]] is included for Internet browsing. * Web server administration with Apache, ngnix, IRC servers, and more via [[Onion Services|onion services]]. * PGP-encrypted [[E-Mail]] with [[Encrypted_Email_with_Thunderbird|Thunderbird]]. * {{kicksecure_wiki |wikipage=Keepassxc |text=Keepassxc }} * Instant messengers like [[Chat#Gajim|Gajim]]. * The media player [[Software#Media_Player|VLC]] * The Xfce [[Software#Terminal|Terminal]] of course * The [[Electrum|Electrum Bitcoin wallet]] * Clients for [[Bitcoin]] * Clients for [[Monero]] * Secure data transfer to and from a server with [[File_Transfer|scp]]. * Unobserved administration of servers via [[SSH|SSH]]. * A host of other [[Software|software programs]]. The {{project_name_short}} design permits the "torification" of applications which are not capable of proxy support by themselves. Further, the user is not jeopardized by installing custom applications or personalizing the desktop. Detailed [[Documentation|documentation]] has been produced by developers and the {{project_name_short}} community. Various issues are explained in depth, including the {{project_name_short}} design, available software, the host of possible configurations, security and privacy considerations, and numerous advanced topics. == Security, Privacy and Anonymity Protection == <div style="column-count:2;-moz-column-count:2;-webkit-column-count:2"> * By using {{project_name_short}}, the user can anonymously use Java / Javascript. * A second, extra firewall is installed and protects {{project_name_workstation_long}} by default. * Full [[Protocol-Leak-Protection_and_Fingerprinting-Protection|IP/DNS protocol leak protection]] means the user's anonymity is extra protected. * [[Hide Tor from your Internet Service Provider|The user can hide their Tor use and their {{project_name_short}} use effectively from most network observers - even from their internet service providers]]. <ref name=optional /> * [[Qubes/Disposables|{{project_name_workstation_short}}]] is available as a Disposable (loses all data after shutdown) in [[Qubes|{{q_project_name_long}}]]. * [[Live Mode]] is available in [[Non-Qubes-Whonix|{{non_q_project_name_short}}]]. * Installed software is hidden from network observers even from internet service providers * Optional [https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO/IsolatingProxy isolating proxy]. * {{project_name_short}} prevents anyone from learning the user's IP address. * {{project_name_short}} prevents anyone from learning the user's physical location. * {{project_name_short}} prevents targeted malicious upgrades because all upgrades are downloaded over Tor. * [[Bridges|Private obfuscated bridges support is offered]]. * Simplification of Tor and (meek-lite) bridge connections via [[Anon_Connection_Wizard|Anon Connection Wizard]]. * {{project_name_short}} protects user privacy. * [[Protocol-Leak-Protection and Fingerprinting-Protection|Protocol Leak Protection and Fingerprinting Protection]]. * [[Sdwdate|Secure and distributed time synchronization mechanism]]. * [https://theinvisiblethings.blogspot.com/2008/09/three-approaches-to-computer-security.html Security by isolation]. * [[Stream Isolation]] prevents identity correlation through circuit sharing. * [https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy Transparent Proxy]. * Whitelist Tor traffic with [[Corridor|corridor]]. * [[File:Kicksecure-icon-logo.png|30px]] {{Kicksecure_link | |{{Kicksecure}} }} Hardened. * [https://www.whonix.org/#security Numerous security and anonymity features]. * [[Keystroke_Deanonymization|Keystrokes]] can be used to track users. To prevent this, {{project_name_short}} comes with [[Keystroke_Deanonymization#Kloak|kloak]] installed by default. * [[vanguards|Protect against guard discovery and related traffic analysis attacks]] * Prevent [https://dl.acm.org/doi/10.1145/1180405.1180410 de-anonymization of Tor onion services] through [https://github.com/Kicksecure/tirdad Tirdad kernel module for random ISN generation]. * [[Dev/Entropy|Better encryption thanks to preinstalled random number generators.]] * [https://github.com/Kicksecure/security-misc security-misc] (misc security settings) ** Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP). ** Protect Linux user accounts against brute force attacks ** [[Dev/Strong Linux User Account Isolation|Strong Linux User Account Isolation]] ** [[Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown|Console Lockdown]] disables legacy login methods for improved security hardening. * [https://github.com/Whonix/anon-apps-config anonymity, privacy and security settings pre-configuration] </div> == Tor Network / Torification / The Everything Tor OS == * [[Reliable_IP_Hiding|Reliable IP Hiding]] * Fail Closed Mechanism: Application's traffic is either sent over Tor or completely blocked. * Application unspecific: This applies to all applications and even [[Other Operating Systems]] connected to Whonix-Gateway. * Most applications in {{project_name_short}} can be routed to the internet over the Tor anonymity network instead of clearnet access. This process is called <code>torification</code> or <code>torify</code>. * '''Not only pre-installed but also [[Install Software|custom / user installed]] applications can be "torified"'''. There are [[Reasons_for_Freedom_Software#No_Intentional_User_Freedom_Restrictions|no intentional user freedom restrictions]]. ** Full [[Protocol-Leak-Protection_and_Fingerprinting-Protection|IP/DNS protocol leak protection]]. ** Depends on which internet protocols the application requires to function. ** Most applications do not require any awareness of being run inside {{project_name_short}} for functional connectivity. This is called [[Stream_Isolation#Transparent_Proxy|<code>transparent proxying</code>]]. (See [[Stream_Isolation#Transparent_Proxy|this chapter]].) *** It is difficult to know for users which application uses which internet protocol (<code>TCP</code>, <code>UDP</code>, <code>ICMP</code>). In doubt, **** [[Please_Use_Search_Engines_And_See_Documentation_First|Please use Search Engines and see Documentation First]], **** Ask the developers of the application, **** [[Install_Software|Try it out]]. *** Main supported protocol: <code>TCP</code> *** <code>.onion</code> domain reachablity: Yes. *** <code>UDP</code>: [[Tunnel_UDP_over_Tor|Tunnel <code>UDP</code> over Tor]]. <ref name=optional /> *** <code>ICMP</code>: Same as above. *** [[Hosting Location Hidden Services]]. *** <code>.onion</code> services (server) support: Yes, see [[Onion Services]]. *** Ephemeral <code>.onion</code> services (server) support (for applications such as [[ZeroNet]], [[OnionShare]], [[Bisq]]): Yes, if an [[onion-grater]] profile was made available. *** [[File_Sharing|Filesharing and Torrenting]]. *** Some server are blocking connections from the Tor network. ([https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor inexhaustive list]) * Can torify [[Other Operating Systems|other operating systems]]. * Can torify Windows. * [[Bridges|Circumvents censorship]]. * [[Alternative_DNS_Resolver#Recursive_Authenticated_DNSSEC_over_Tor|DNSSEC over Tor]]. <ref name=optional>Via optional configuration.</ref> * Tor enforcement. * [[Vanguards]] protect against guard discovery. <ref>As well as related traffic analysis attacks.</ref> related: * [[Whonix_against_Real_Attacks|Whonix Track Record against Real Cyber Attacks]] * [[Dev/Leak_Tests|leak tests]] == Tunnels == This tunnels chapter and the tunnels sub chapters are for advanced users who have knowledge and experience with tunneling. === Tunnel and Chaining Support === * Connect to a [[Tunnels/Connecting_to_a_proxy_before_Tor|Proxy]], [[Tunnels/Connecting_to_a_VPN_before_Tor|VPN]] or [[Tunnels/Connecting_to_SSH_before_Tor|SSH]] before Tor. * Connect to Tor before a [[Tunnels/Connecting_to_Tor_before_a_proxy|Proxy]], [[Tunnels/Connecting_to_Tor_before_a_VPN|VPN]] or [[Tunnels/Connecting_to_Tor_before_SSH|SSH]]. * [[Tunnel_UDP_over_Tor|Tunnel UDP over Tor]]. <ref name=optional /> * [[#Tunnel Support|VPN / tunnel support]]. === Tunnel Other Anonymizing Networks === * Tunnel [[Freenet]] through Tor. * Tunnel [[GNUnet]] through Tor. * Tunnel [[I2P]] through Tor. * Tunnel [[ZeroNet]] through Tor. === General Tunnel Support: TOR, SSH, VPN, Proxy === Various tunneling permutations are possible and functional in {{project_name_short}}. Connections can be routed through a VPN, SSH, or proxy before Tor, after Tor, or both. <div class="info-box"> <div class="mw-collapsible mw-collapsed"> <div class="fontsize19">Show more</div> <div class="mw-collapsible-content"> '''Table:''' ''{{project_name_short}} Tunnel Options'' {| class="wikitable" |- ! scope="col"| '''Tunnel Configuration''' ! scope="col"| '''Description''' |- ! scope="row"| Tunnel Tor through a Proxy, VPN or SSH | [[Tunnels/Connecting to a VPN before Tor | How to Connect to a VPN Before Tor: <code>User</code> → <code>VPN</code> → <code>Tor</code> → <code>Internet</code>]] <br /> [[Tunnels/Connecting to a proxy before Tor | How to Connect to a Proxy Before Tor: <code>User</code> → <code>Proxy</code> → <code>Tor</code> → <code>Internet</code>]] <br /> [[Tunnels/Connecting to SSH before Tor | How to Connect to SSH Before Tor: <code>User</code> → <code>SSH</code> → <code>Tor</code> → <code>Internet</code>]] |- ! scope="row"| Tunnel Proxy / Proxychains / SSH / VPN through Tor | [[Tunnels/Connecting to Tor before a VPN| How to Connect to Tor Before a VPN: <code>User</code> → <code>Tor</code> → <code>VPN</code> → <code>Internet</code>]] <br /> [[Tunnels/Connecting to Tor before a proxy | How to Connect to Tor Before a Proxy: <code>User</code> → <code>Tor</code> → <code>Proxy</code> → <code>Internet</code>]] <br /> [[Tunnels/Connecting to Tor before SSH | How to Connect to Tor Before SSH: <code>User</code> → <code>Tor</code> → <code>SSH</code> → <code>Internet</code>]] |- ! scope="row"| Combine Pre- and Post-Tor Tunnels | <code>User</code> → <code> Proxy / SSH / VPN</code> → <code>Tor</code> → <code>Proxy / SSH / VPN</code> → <code>Internet</code> |- ! scope="row"| Combine Tor with other Protocols | Tor can also be [[Other Anonymizing Networks|replaced with another anonymizing protocol]]. Note that only some combinations and networks will work in {{project_name_short}}, such as I2P and JonDonym. <ref>This work is partially complete, but features will remain unfinished for the foreseeable future.</ref> |} For further reading on this topic, see: * [[Whonix_versus_Proxies|Tor vs. Proxies, Proxy Chains]] * [[Tunnels/Examples|Free VPN Tunnel Setup Examples]] * Experts only: [[Chaining_Anonymizing_Gateways|Chaining Anonymizing Gateways]] </div> </div> </div> = Use Cases = == Anonymous Browsing == * Use [[Browser_Plugins#Introduction|plug-ins]] [[Tips_on_Remaining_Anonymous#Study:_Anonymity_and_Pseudonymity_are_not_the_same|pseudononymously]]. * Anonymous [[Tor_Browser|Internet Browsing]]. == Anonymous Communications, Hosting Hidden Servers and Publishing == <div style="column-count:2;-moz-column-count:2;-webkit-column-count:2"> * Anonymous [[Software#Publishing|publishing]]. * Anonymous [[E-Mail|Email]] with Mozilla Thunderbird. * Anonymous [[Chat|chat]]. * Anonymous IRC. * Anonymous [[VoIP]]. * Anonymous file sharing and chat with [[OnionShare|OnionShare]]. * [[Hosting Location Hidden Services|Host location / IP hidden servers]]. * [[Chat#Tox|qTox]] and other encrypted communications. <ref name=optional /> * Send anonymous emails without registration. </div> = {{project_name_short}} Soft Features = '''Table:''' ''Primary {{project_name_short}} Advantages'' {| class="wikitable" |- ! scope="col"| '''{{project_name_short}} Feature''' ! scope="col"| '''Security and/or Anonymity Advantage''' |- ! scope="row"| Best Possible [[Protocol-Leak-Protection and Fingerprinting-Protection|Protocol Leak Protection and Fingerprinting Protection]] | Java, JavaScript, <ref>There is no functional JavaScript difference when it is enabled in {{project_name_short}} Tor Browser versus the standard Tor Browser (TB).</ref> <ref>Of course, using JavaScript in the {{project_name_short}} Tor Browser protects against IP address leaks, but browser fingerprinting risks still apply. For more information, see [https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO/WebBrowsers Web-browser]!</ref> Flash, browser plugins <ref>Plugins are still not recommended, as they may decrease anonymity (for example, flash cookies) and they often have security vulnerabilities. Most popular plugins are closed source. Although deprecated, the [[Browser_Plugins#Plugin_Warnings|browser plugins warnings]] section is still valid.</ref> and mis-configured applications cannot leak the user's real external IP address. <ref>See [[Whonix against Real Attacks|Security in the Real World]].</ref> |- ! scope="row"| Build Simplicity | Building {{project_name_short}} from source is easy; see [[Dev/Build Documentation|Build Documentation]]. |- ! scope="row"| Combine Anonymizing Networks | [[Other_Anonymizing_Networks|Other anonymizing networks]] like Freenet, GNUnet, I2P, JonDonym and ZeroNet can be used. |- ! scope="row"| Fully Featured | A host of [[Features#{{project_name_short}} Features|Features]] are available. |- ! scope="row"| Highly Configurable | Numerous optional configurations, additional features and add-ons are available. |- ! scope="row"| Open Source | Only free software is used. <ref>https://en.wikipedia.org/wiki/Free_software</ref> |- ! scope="row"| Private Obfuscated [[Bridges]] | Bridges can be added to the Tor configuration file. |- ! scope="row"| Process Separation | Tor <ref>https://www.torproject.org</ref> and Tor Browser <ref>https://www.torproject.org/download/</ref> are not running inside the same virtual machine which means an exploit in the browser cannot affect the integrity of the Tor process. <ref>[[Deprecated/Vidalia|Vidalia]] is now deprecated; [[Tor Controller|arm]] is installed as the alternative.</ref> |- ! scope="row"| Protection Against IP Address / Location Discovery | Exploits using malware <ref>https://en.wikipedia.org/wiki/Malware</ref> with root rights inside {{project_name_workstation_short}} (<code>{{project_name_workstation_vm}}</code>) are foiled. However, users should avoid testing this protective feature. <ref>If {{project_name_workstation_short}} (<code>{{project_name_workstation_vm}}</code>) is rooted, the adversary cannot find out the user's real IP address / location. The reason is {{project_name_workstation_short}} (<code>{{project_name_workstation_vm}}</code>) can only connect through the {{project_name_gateway_long}} (<code>{{project_name_gateway_vm}}</code>). More skill is required to compromise {{project_name_short}}, see [[Comparison with Others#Attacks|Attack Comparison Matrix]] and [[Design]].</ref> |- ! scope="row"| Protection Against De-anonymization Attacks | No IP address or DNS leaks are possible. <ref>{{project_name_short}} does not automatically protect against other possible leaks like username, time zone and so on. Users should read the [[Documentation]] to learn how to mitigate these threats. Additionally, {{project_name_short}} [[Protocol-Leak-Protection and Fingerprinting-Protection|Protocol Leak Protection and Fingerprinting Protection]] mitigates many possible fingerprinting attacks by using common, non-identifying defaults. For example, the username is set to <i>user</i>, the timezone is set to UTC etc.</ref> |- ! scope="row"| Safe Hosting of [[Onion Services]] | Even if someone hacks the user's hidden server software (lighttpd, thttpd, apache, etc.), they cannot steal the onion service key. <ref>The key is stored on the {{project_name_gateway_short}} (<code>{{project_name_gateway_vm}}</code>). Once a clean {{project_name_workstation_short}} (<code>{{project_name_workstation_vm}}</code>) is used, no one can impersonate the onion service anymore.</ref> <ref>The {{project_name_workstation_short}} (<code>{{project_name_workstation_vm}}</code>) is where the browser, IRC client and other user applications are run. The {{project_name_gateway_short}} (<code>{{project_name_gateway_vm}}</code>) is where Tor and the firewall are run.</ref> |- ! scope="row"| Software Flexibility | Installation of any software package is possible. <ref>The program must be able to run on Debian GNU/Linux or [[Other Operating Systems]] which are used. See also [[Install Software|Software installation on {{project_name_workstation_short}} (<code>{{project_name_workstation_vm}}</code>)]] for further details.</ref> <ref>ICMP, ping, VoIP calls over UDP and so on.</ref> <ref>Skype works over TCP, but it is not recommended because it is proprietary, closed source software and there is no control over the encryption keys. Skype authorities can compromise a user at any moment. A secure encryption / authentication design looks different. For example GPG and OTR are secure, because the user has control over the keys, not the server. See [[Voip#Skype|VoIP Skype section]] for further details.</ref> <ref>[[Tunnel UDP over Tor]]</ref> |- ! scope="row"| Tor Data Persistence | A major {{project_name_short}} advantage over Live CDs is that Tor's data directory is still available after reboot due to persistent storage. Tor requires persistent storage to save its Entry Guards. <ref>https://support.torproject.org/#about_entry-guards</ref> |- ! scope="row"| Tor Enforcement | All applications are automatically routed via Tor, including those which do not support proxy settings. <ref>For application warnings, see [[Documentation]].</ref> <ref>UDP is not natively supported by Tor and will therefore also not work in {{project_name_short}} (unless a [[Tunnel_UDP_over_Tor|VPN]] is used).</ref> <ref>Services that need to listen on publicly reachable ports (open / forwarded ports) are also not supported. However, users may run [[Onion Services]] which are reachable via Tor or tor2web ([https://gitlab.torproject.org/legacy/trac/-/wikis/doc/tor2web care is required]).</ref> <ref>[https://gitlab.torproject.org/legacy/trac/-/issues/7830 UDP is not supported by Tor]</ref> |- ! scope="row"| Torify Windows | {{project_name_gateway_short}} (<code>{{project_name_gateway_vm}}</code>) can also torify Windows. <ref>See [[Other Operating Systems]].</ref> |- ! scope="row" | Tunnel Chaining | It is possible to combine {{project_name_short}} with VPNs, SSH and other proxies. <ref>Users should read the [https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN Tor plus VPN/proxies Warning] before proceeding. </ref> Every permutation is possible; VPNs / SSH / other proxies can be combined and used pre- and/or post-Tor tunnels. |} = License = {{JonDos}} The "{{project_name_short}} Features" section of this wiki page contains content sourced from the JonDonym documentation [https://web.archive.org/web/20200123130536/http://anonymous-proxy-servers.net/en/help/about.html Features] page. = Footnotes = {{reflist|close=1}} {{Footer}} [[Category:Documentation]]