Anon-whonix qube questions

I like using this qube for it’s persistent nature. I like that I can make my “Safer” tor-browser security setting permanent, that I can can keep DuckDuckGo onion as my default search provider and that I can keep bookmarks of my favorite onions.

I just have a few questions pertaining to this setup.

  1. What privacy risks/challenges does this present?

  2. What would I need to do to clear everything that I’ve done in this qube and return it to it’s orginal “factory default” settings?

Because it focuses on privacy, this seems like a question for the Whonix forum rather than the Qubes OS forum.

Question 2 is pertaining to something that can only be done on Qubes.

What would I need to do to clear everything that I’ve done in this qube and return it to it’s orginal “factory default” settings?

  1. Backup files you want to keep
    If you do want to keep some files, create a temporary VM from basically any template without network first to copy files to from your previous anon-whonix AppVM and copy them from to your fresh anon-whonix AppVM. Only copy as little files as needed (e.g. solely your exported list of bookmarks) and make sure they are safe and clean as you would otherwise be copying over whatever might have infected (or what other reason there is for you to go back to zero) your previous AppVM to your new one.

  2. Delete your anon-whonix AppVM

  3. Create a fresh anon-whonix AppVM
    Option 1: Create a new AppVM based on your Whonix workstation template, choose sys-whonix (or any other NetVM based on your Whonix gateway template) as your NetVM, name it anon-whonix and give it the anon-vm qvm-tag. Documentation
    Option 2: Run this salt in dom0: sudo qubesctl state.sls qvm.anon-whonix
    This will create your default sys-whonix NetVM and other dependencies if they do not exist, before it will create and configure a new anon-whonix AppVM pretty much in the same way Option 1 does.


The anon-vm tag should be given to it automatically if you base the new AppVM on the Whonix workstation template, but you must take care to set the netVM to sys-whonix manually during creation.

1 Like



This makes fingerprinting a bit easier, doesn’t it?

On the one hand, this will place you in the same pool with the other users that use this specific Security Level, but on the other hand, with higher Security Level you’ll have higher fingerprinting protection.