Hello, I have a few questions regarding anonymity on Qubes. If I were to use any vm, fedora debian or others like a different distro iso file and connect it to the sys-whonix network, will I stay anonymous since in theory all my traffic would be going through tor? Or does that only work with conjunction with the whonix workstation?
There is an FAQ entry on this:
So it would be useless for me to use a fedora or debian or android vm and hook it up to sys-whonix to expect anonymity or privacy right? Anonymity is more important to me than privacy.
That depends on your threat model and how you define “anonymity” and “privacy.” Merely using sys-whonix will hide your IP address, but it won’t change your browser fingerprint. Using Tor Browser in a non-Whonix qube will change your browser fingerprint, but it won’t change your VM fingerprint or any other programs.
Since your primary concern is anonymity, I think it would make sense to use a qube based on a template that is designed to provide that feature rather than one that is not. This doesn’t mean that Fedora, Debian, and Android can’t be configured to provide privacy or anonymity. After all, Whonix is based on Debian (well, Kicksecure now, which is in turn based on Debian).
Fedora, Debian, and Android are general-purpose operating systems that do not have anonymity as a primary design goal, and they don’t claim to provide it out of the box, so it would be up to you to furnish a DIY solution for yourself. That seems like reinventing the wheel when others have already done the work. More importantly, if you’re not a privacy expert, then you don’t know what you don’t know, and you’ll probably make a lot of mistakes and overlook a lot of things, which could be fatal to your privacy efforts.
So for my purposes I wish to browse or create accounts on certain websites but they cause me trouble since they detect my tor ip, to circumvent this I had the idea of making a fedora vm, connect it to sys-whonix and use a proxy in firefox so that it would let me create those accounts. Is having a unique browser/vm fingerprint bad? What if I delete them and create new ones every so often (day/week)?