The plausible deniability feature is available with volume types Normal+Hidden Truecrypt/Veracrypt. Veracrypt volumes support crypto-cascades as a feature, so manual nesting is unnecessary. However, be warned that Truecrypt/Veracrypt volume types only support AES-128. Plain dm-crypt containers with a non-zero offset can be used to provide hidden volumes according to Zulucrypt’s manual. This is yet to be tested by Whonix ™ developers.
As is could be misconstrued as endorsement of deniable decryption?
It may be possible to get plausible deniability on Linux hosts using methods other than those listed below, but the topic is a rabbit hole (see footnotes). 
That reference is offline and not archived.
Plausible deniability and Full Disk Encryption (FDE) are also useless if subjected to physical abuse by a captor.
Could you please add its own chapter for plausible deniable encryption?
Could you please also add that in some scenarios it is actually better to avoid using software with plausible deniable encryption? Using such software by itself is suspicious. If one unlocks the decoy disk and the adversary is not happy, one might face indefinite detention or worse, if there really is no hidden volume. Related to that, is this article any good to link to or quote from?
Hibernation is also a safe alternative because the swap partition is encrypted in the default FDE configuration for various platforms (like Debian), so long as no changes were made.
But cryptsetup LUKS key does not get wiped from RAM.
You mean the [Archive] links in Whonix wiki? These are just links.
It for example takes https://askubuntu.com/questions/486297/how-to-select-video-quality-from-youtube-dl
and then adds a new [Archive] link with https://web.archive.org/web/https://askubuntu.com/questions/486297/how-to-select-video-quality-from-youtube-dl
but it doesn’t have any auto archiving feature. It’s just a small usability enhancement. Should any link be offline, try clicking [Archive]. Might be lucky.
But help is still required. Specifically when adding new links. Click the archive link for yourself. See if it’s archived already. If not, hit the Save button on web archive. Only then it will be archived.
It should not be added to the wiki. Cellebrite had an unlocked and rooted device to read local messages. Having full filesystem access to the device obviously grants you full filesystem access. Haaretz was duped into publishing nonsense. You can see that Cellebrite removed the original article out of embarrassment. Also see: Broken Encryption · Issue #10277 · signalapp/Signal-Android · GitHub
I need to apologize for this post. I finally got the chance to read all of this more carefully, and it seems that all Cellebrite is doing is reading the texts off of a phone they can already access. To this has nothing to do with Signal at all. So: never mind. False alarm. Apologies, again.
Thunderbird wiki if we need to upgrade the instructions without the need of enigmail plugin there are 2 ways to do that:
1- Ether use Thunderbird internal OpenPGP
2- Or use external tool
first method is maybe more convenient since its all happening within the same application but the downside of having this feature is efail and snowden recommended against that and better using external tools to do the encryption
Second method less convenient but its what recommended to be used. In our case GPA is shipped by default within whonix.
So which one we should add and upgrade the wiki with?
Was a bug in enigmail that was patched and may very well be accounted for with the new TB crypto implementation. Instructions should direct users to Thunderbird which has the best usability. Stuff is hard as it is.
Short term: No decryption in email client. The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.
And snowden he said it in one of his videos on youtube.(i need to dig into too many hours to find it but efail attack enough to explain)