Anonymity, security, different identities: Qubes + Whonix or Tails

I’m a cyber security student and i know this:

All systems are unsafe.
Security are not a permanent definition.
Security and anonymity can be broken.

Do you want be safe?
– Trust in your ignorance.

  • Dont do bad things online
  • Think like a paranoid
  • Keep Safe

The best tool for privacy:

Pen and paper.

                                                                       - Berkeley

there more like based on ubuntu, tor exit node can be chosen, free vpn and tor exit node are hosted by same people, etc

many whonix vm won’t protect you from authorities (you still can in some country)

The short answer is that Tails is primarily focused on privacy and anti-forensics, whereas Qubes-Whonix is primarily focused on privacy and security. Tails is still a monolithic operating system. Within a single Tails session, everything happens in the same OS environment. There is no compartmentalization within that session compared to using different VMs in Qubes. So, you get privacy either way. Now you have to ask yourself whether you care more about security or anti-forensics. (Disclaimer: This is a highly simplified answer. I encourage you to do your own research and dive into the nitty-gritty details for a more complete and nuanced answer.)

I’m not so sure about that. Encrypting data on pen-and-paper is rather difficult and cumbersome, and plaintext data written on paper is highly vulnerable to eyeballs and cameras. It also takes a very long time to transmit data back and forth around the world that way. :slight_smile:

Julius Caesar built an empire doing this, though… :joy:


encrypted :rofl:
0,+.,% t$v%$b U,.+n $I ^/.I* n(.%P n(/,*(…

1 Like

Yes, but all of his competitors were using the same technology. :slight_smile:


Yes. Qube’s are better than Tails.

Yes, Qube’s are better than Tails.

For Improve ‘Security’ :

Best system for security: OpenBSD VM in Qube’s

                                                              - Berkeley

Do Whonix DispVMs have anti-forensic features? What is the benefit of using a dispVM?

This should be asked on the Whonix forums.

At minimum, if your VM is hacked, a reboot would fix that.

Interesting… sounds a LOT like Qubes. I wonder why they decided not to just work with the Qubes team? I would rather them work together and make one awesome security/privacy OS then have several different offshoots. If it ends up being a better version but basically acting like Qubes what does that do to Qubes…

Summary: the benefit of using a DispVM is that it gets destroyed when you shut it down. When you start it “again”, you’re actually getting a new one every time.

Example to illustrate, please bear with the details and adapt to whatever makes more sense to you, it’s a made up example: I browse to a website to read the news.That website for whatever reason serves me a keylogger. I shut off my AppVM. Next day I start my AppVM to visit my bank’s website and log in. The keylogger sends my credentials to whoever was on the other side. Sad times follow.

With a DispVM: I browse to a website to read the news.That website for whatever reason serves me a keylogger. So far I’m in the same situation as before. If I got to my bank now, the keylogger will see my credentials. I shut off my DispVM, which gets destroyed because it’s disposable. Next day I start my DispVM. Because it’s a DispVM, that’s not the same as before, but a new one, with no keylogger. I visit my bank’s website and log in. This time I don’t get bad surprises. The trade-off is that I had to take the time to destroy and re-create the VM every time (but with Qubes OS DispVMs most of it is automatic, you it’s mostly time you’re waiting, and not that much effort that you need to make.)

But with a DispVM, there is still metadata produced and there is r/w events with the hard disk. Whereas

with the RAM disk (Really disposable (RAM based) qubes) version

there is no r/w event with the disk?

with the RAM disk (Really disposable (RAM based) qubes) version

there is no r/w event with the disk?

Assuming by r/w you mean read/write:

Every software involves “r”. Otherwise you would not be able to access it.

As for “w”: The ram-qube script creates an AppVM in RAM but that does not remove writes related to:

  • qubes DB in dom0
  • logs in dom0 (the cleanup phase of the script removes some of them but it cannot remove the lines from global logs)
  • maybe something else (maybe not, just a disclaimer, as I am not familiar with all the intricacies of Qubes OS)

The ram-qube script is not intended to improve anonymity or to provide anti-forensics. It may help with that to an extent but it is rather an additional unintended side effect, rather than a goal. My actual goal was to have a way to reduce SSD writes and use available RAM to work faster on temporary stuff. E.g. it is very convenient for downloading video from torrent, watching it and throwing it away.

Is TailsOS inside an HVM a better option for those seeking to use QubesOS with some anti-forensics

properties? Is it possible to turn off logging for an HVM?

1 Like

I have never used Tails but AFAIK it is not supposed to be run in any way allowing persistence. And Qubes is not made for anti-forensics.

Perhaps use the right tool for the job.

1 Like

The most conservative potential solution for achieving high security(QubesOS), anonimity(Whonix) and anti-forensics (TailsOS) seems to be a HiddenQubes VM installed on a veracrypt volume on TailsOS. This is still in active research.

But if you want this setup on QubesOS, you need to install the veracrypt volume with Whonix
or QubesOS inside. You also need a machine with lots of RAM because TailsOS runs completely
in RAM.

1 Like

Just to summarize, the stack is

QubesOS or Whonix in a Veracrypt volume installed on TailsOS, which is actually an HVM
running inside QubesOS.

1 Like

I answered your question linking to the RAM-based qubes script because I authored that other thread and I received a notification when you linked to it. I can’t answer your main question.