Anonymity, security, different identities: Qubes + Whonix or Tails

User Support
1

I hope it is okay to ask a comparing question to another OS (Tails).

I am having three goals.

For those, I am considering either Qubes + Whonix or Tails.

(Kodachi might be possible as well but I am not familiar with it. I have only researched about the first two options.)

  1. Anonymity

1.1 To my internet providers as I am also frequently using public WiFi (like in hotels where I have to check-in with my real ID.

1.2 To authorities who should not be able to identify me.

  1. Having several identities

I need this to handle different kind of things. It should not be seen that those identities are the same person (me).

  1. High security

As I use one of my identities to handle my crypto currencies (with browser wallets as well, therefore it is not offline), the setup should be very secure against potential threats.

My own thoughts:

QUBES + WHONIX:

Anonymity:

Anonymity with Whonix is great.

Identities:

Different identities can easily be achieved through different Whonix VMs.

Security:

Qubesā€™ security is the highest you can get and probably even better than Tails.

(If you know more about the security aspect of Tails in comparison to Qubes, please tell me).

TAILS:

-Way easier to operate which is definitely a perk. Less risk of doing something wrong which could compromise my security or privacy.

-Probably a bit faster (?) (not sure though)

-Traceless because it runs in RAM only (if I donā€™t use persistence and rather save files in another LUKS encrypted USB drive)

Whonix VMs do not seem to be traceless (which actually shouldnā€™t matter too much as long my device isnā€™t grabbed while Iā€™m logged in as my disk is encrypted (?)).

Anonymity:

I think Tails is a little bit better than Whonix here as it is not as free as Whonix. It seems to be better out of the box. Iā€™m not a tech geek. I appreciate being restricted a little if it benefits my privacy.

Identities:

Different identities could be achieved through different OS on several USB drives.

Is it as effective as using several Whonix VMs?

Security:

I donā€™t know. Probably secure but not as secure as Qubes. Iā€™m looking forward to your input here.

2

do not use kodachi, it look promising but it bad for privacy

not for authorities

and run in ram too

no, with tails, just restart and you have new identity

i still waiting for this

1 Like
3

Kodachi are made in Oman.
> I dont trust in this system.

Qubes + Whonix are great.
Qubes + Tails are good too.

Do you want a secure system? try OpenBsd

                                                            - Berkeley
1 Like
4

not for authorities

What do you mean?

no, with tails, just restart and you have new identity

I have heard for the separated identities, Whonix VMs would still be better because of the fingerprint. What do you think?

5

Iā€™m a cyber security student and i know this:

All systems are unsafe.
Security are not a permanent definition.
Security and anonymity can be broken.

Do you want be safe?
ā€“ Trust in your ignorance.

  • Dont do bad things online
  • Think like a paranoid
  • Keep Safe

The best tool for privacy:

Pen and paper.

                                                                       - Berkeley
2 Likes
6

there more like based on ubuntu, tor exit node can be chosen, free vpn and tor exit node are hosted by same people, etc

7

many whonix vm wonā€™t protect you from authorities (you still can in some country)

8

The short answer is that Tails is primarily focused on privacy and anti-forensics, whereas Qubes-Whonix is primarily focused on privacy and security. Tails is still a monolithic operating system. Within a single Tails session, everything happens in the same OS environment. There is no compartmentalization within that session compared to using different VMs in Qubes. So, you get privacy either way. Now you have to ask yourself whether you care more about security or anti-forensics. (Disclaimer: This is a highly simplified answer. I encourage you to do your own research and dive into the nitty-gritty details for a more complete and nuanced answer.)

Iā€™m not so sure about that. Encrypting data on pen-and-paper is rather difficult and cumbersome, and plaintext data written on paper is highly vulnerable to eyeballs and cameras. It also takes a very long time to transmit data back and forth around the world that way. :slight_smile:

9

Julius Caesar built an empire doing this, thoughā€¦ :joy:

2 Likes
10

encrypted :rofl:
0,+.,% t$v%$b U,.+n $I vO~.bv ^/.I* n(.%P n(/,*(ā€¦

1 Like
11

Yes, but all of his competitors were using the same technology. :slight_smile:

2 Likes
12

Yes. Qubeā€™s are better than Tails.

13

Yes, Qubeā€™s are better than Tails.

For Improve ā€˜Securityā€™ :

Best system for security: OpenBSD VM in Qubeā€™s

                                                              - Berkeley
14

Do Whonix DispVMs have anti-forensic features? What is the benefit of using a dispVM?

15

This should be asked on the Whonix forums.

At minimum, if your VM is hacked, a reboot would fix that.

16

Interestingā€¦ sounds a LOT like Qubes. I wonder why they decided not to just work with the Qubes team? I would rather them work together and make one awesome security/privacy OS then have several different offshoots. If it ends up being a better version but basically acting like Qubes what does that do to Qubesā€¦

17

Summary: the benefit of using a DispVM is that it gets destroyed when you shut it down. When you start it ā€œagainā€, youā€™re actually getting a new one every time.

Example to illustrate, please bear with the details and adapt to whatever makes more sense to you, itā€™s a made up example: I browse to a website to read the news.That website for whatever reason serves me a keylogger. I shut off my AppVM. Next day I start my AppVM to visit my bankā€™s website and log in. The keylogger sends my credentials to whoever was on the other side. Sad times follow.

With a DispVM: I browse to a website to read the news.That website for whatever reason serves me a keylogger. So far Iā€™m in the same situation as before. If I got to my bank now, the keylogger will see my credentials. I shut off my DispVM, which gets destroyed because itā€™s disposable. Next day I start my DispVM. Because itā€™s a DispVM, thatā€™s not the same as before, but a new one, with no keylogger. I visit my bankā€™s website and log in. This time I donā€™t get bad surprises. The trade-off is that I had to take the time to destroy and re-create the VM every time (but with Qubes OS DispVMs most of it is automatic, you itā€™s mostly time youā€™re waiting, and not that much effort that you need to make.)

18

But with a DispVM, there is still metadata produced and there is r/w events with the hard disk. Whereas

with the RAM disk (Really disposable (RAM based) qubes) version

there is no r/w event with the disk?

19

with the RAM disk (Really disposable (RAM based) qubes) version

there is no r/w event with the disk?

Assuming by r/w you mean read/write:

Every software involves ā€œrā€. Otherwise you would not be able to access it.

As for ā€œwā€: The ram-qube script creates an AppVM in RAM but that does not remove writes related to:

  • qubes DB in dom0
  • logs in dom0 (the cleanup phase of the script removes some of them but it cannot remove the lines from global logs)
  • maybe something else (maybe not, just a disclaimer, as I am not familiar with all the intricacies of Qubes OS)

The ram-qube script is not intended to improve anonymity or to provide anti-forensics. It may help with that to an extent but it is rather an additional unintended side effect, rather than a goal. My actual goal was to have a way to reduce SSD writes and use available RAM to work faster on temporary stuff. E.g. it is very convenient for downloading video from torrent, watching it and throwing it away.

20

Is TailsOS inside an HVM a better option for those seeking to use QubesOS with some anti-forensics

properties? Is it possible to turn off logging for an HVM?

1 Like