It could certainly stand to improve the description.

Whonix is a two-VM solution for Tor use that makes it... I won't say "impossible," but "far, far harder than usual" to bypass Tor proxies and leak a direct beacon connection out.

You have one "Workstation" VM with all your tools - browser, email, terminals, whatever. This is connected, and only connected, to the "Gateway" VM on a virtual network port. Everything that goes into the Gateway VM is routed out Tor - and the Gateway VM is then connected to the internet so it can join the Tor network.

It works around the common way of decloaking Tor users by having some screwball edge case in the browser that ignores the proxy settings (WebRTC was used for a while, there have been others). If you can achieve this, you get a "direct connection out" from a machine using Tor, and can trivially correlate traffic if you've compromised a Tor website (so you can identify the real IP of people using the website).

With Whonix, your proxy settings don't matter, because everything goes through the gateway. So the WebRTC beacon would still end up getting routed through Tor.

IMO, reduces a lot of the risks of being decloaked with Tor, and is a pretty solid software-only solution - or alternately, you could use an external hardware gateway that did the same sort of thing.

I think the design of the Whonix website is not clear enough. After browsing the page for more than ten seconds, I still don't know what it actually is. I even thought it was some kind of new network tunneling protocol.

Turtles all the way down bro.

Either you believe it's secure or you don't.

https://www.youtube.com/watch?v=GKgV1e-Ec8Q

Man: "Did you ever go to business school?" Ice T: "No, but I sold hand grenades before"

More like compliment. One of the main recommended ways to use whonix is within qubes