Confused about persistent and disposable VMs

I am new to Qubes OS and I don’t understand how App VMs and Templates work.

  1. Currently I am just using the “anon-whonix” (persistent?) qube from “APPS” tab, but I see that there is an app called “whonix-workstation-17-dvm” (Disposable?) as well as Templates called “whonix-workstation-17” (persistent?) and another “whonix-workstation-17-dvm” (Disposable?).

If I wanted to run 3 web browsers (non-persistent, no cached or saved data) should I use the app “whonix-workstation-17-dvm” and then open 3 separate instances of TOR (can I? and are they connected someway?) or create 2 additional qubes based on “whonix-workstation-17-dvm” template?

  1. Should I use KeePassXC only in the “Vault” qube and then copy and paste passwords etc? Keep it isolated?

  2. And then there is “whonix-gateway-17”, but doesn’t Qubes OS run all traffic through TOR anyway? So, what is the purpose of this template? Do I need to run a gateway for every whonix template I use? Or do I use it to use a different TOR connection (so different IP?)? Eg. Multiple TOR IP’s?

  3. How do I safely download and install Telegram? I want to have the app installed, but disposable in that it deletes any images/PDF’s etc after closing the Qube. But, I do not want to download and install it every time I want to use it. I saw something about installing an appVM but I cannot work out how to do it. Any tips?

  4. Is there a way to “reset” the “anon-whonix” app to original settings because I have been using it to search duckduckgo but I would like to remove all data etc to make it brand new.

  5. What are the purposes of personal, untrusted, and work apps? I just need a web browser and telegram for my needs so just leave these ones?


All templates are persistents, which is why they are not connected to the network for security reasons because all appvms depend on these templates.


What do you want to say by “instances of tor” if it is several “sys-whonix”, so, not, just one is correct.

Yes it is more secure because vault have no access to internet.

it is the sys-whonix’s template so no need to be run.

Create a telegram-dvm like every appvm, in the settings, “advanced” tab check “disposable template” then in the “TEMPLATES” tab, you start the “telegram-dvm” template and install your application. you turn off your “telegram-dvm” template. Then, you just have to launch the qubes telegram-dvm from the APPS tab and telegram will be installed :wink:

They are appvms like every others.

1 Like

It doesn’t help that a named DVM will be named something-dvm, but a DVM template that is supposed to be clicked on in the menu to spawn a numbered (disp1234) dvm is also named somthingelse-dvm, at least in the default configuration. You can’t readily tell what will happen when you “start” the qube (and if things are badly messed up you might even end up running the disposable template, a third possibility). I name DVM templates that will start a numbered DVM with -dvmt on the end, and named disposables will be named ending with -ndvm, to try to address this.

You need time, practice and knowledge. Maybe you’ll never get it.
Here is a little Super-Secret exercise I devised just for you, so you can feel special.
Create new Qube a Standalone VM based on WN-gateway and call it Tor-Router.
Clone sys-net into sys-tor. Eliminate the hardware from sys-tor, make it based on Tor-Router and connect it to sys-firewall.

Start sys-tor and should be similar to sys-whonix. You are ready to jailbreak whonix-gateway and move to tor server with GPS time. Good luck!

1 Like

What do you want to say by “instances of tor” if it is several “sys-whonix”, so, not, just one is correct.

I want to have 3 Tor browser windows open at the same time that are not connected in any way to stop cross-tracking with cookies etc, or incase one browser visits a webpage with malware. As far as the websites are concerned, those 3 tor browser windows are 3 different people. If one gets infected or comprimised or fingerprinted, I do not want the other 2 browsers to be affected.

I created a disposable app VM based on “whonix-workstation-17-dvm” and when I try to open TOR browser I get an error saying not to run TOR browser in a disposable VM. So, what am I doing wrong?

How do I install Telegram in the template? In the xterminal using which service? snap or flatpak? or use:

apt install telegram-desktop

…which according to Reddit was for a Debian qube? Please advise.

If you open one brownser in 3 differentes DispVm, the 2 others will not be affected because they are in separate vms.

“whonix-workstation-17-dvm” IS a disposable.

I don’t use telegram but, for me, it’s allright to use
sudo apt install telegram-desktop

Ah, but what happens when you start it? Do you get something named “whonix-workstation-17-dvm” (which means it’s a named disposable), or “disp1234” which means that whonix-workstation-17-dvm is actually a disposable template you might want to configure with things like user prefs, etc., though you will not want to install software on it…for that you want the “real” TemplateVM. (OK on Whonix you probably don’t want to save user prefs because they would likely give you a fingerprint, but in general, you would.)

This is why I hate the convention whereby both types of animal are named ending in “-dvm”.

1 Like

No, it’s a disposable template, not a disposable.

Naming conventions aside, we can be sure of this because @Non said:

It’s not possible for a disposable to be based on another disposable. Every disposable must be based on a disposable template, and the only things that can be based on disposable templates are disposables.

I can’t recall ever hearing of that convention. As far as I know, -dvm is only used for disposable templates, not named disposables (link for other readers). Of course, users can choose to name (or rename) their qubes however they like, so it could be that some users have chosen to name their named disposables <something>-dvm, but that would simply be shooting oneself in the foot by making things unnecessarily confusing for oneself.

I meant the template called “whonix-workstation-17-dvm".

The app VM was based on the whonix-workstation-17-dvm template. But when I tried to make the app VM disposable in the advanced settings like @Tezeria suggested, I got an error that I cannot make that VM disposable.

Was that because the template it uses is disposable, so that makes the app VM non-persistent?

I went into a Debian template and used Firefox ESR to download Telegram in the browser, then installed it in the documents folder using Thunar file manager. When I create an App VM based on that Debian template Telegram is not there. Where should I move the Telegram install inside the Debian template file structure, so it appears installed every time I run an app VM based on that Debian template? I searched the wiki and docs, but it doesn’t go into much detail so I am unsure.

The /home of the template is replaced by /etc/skel in AppVM creation process, so you can move your files in /etc/skel and recreate an AppVM or copy them from /etc/skel in the current AppVM.


Why do you have a template (not a disposable template) named “whonix-workstation-17-dvm”? Did you choose that name, or did it come from somewhere else?

That’s expected, since a disposable currently cannot be based directly on a template. (There’s an open issue about changing this in the future, but let’s try to keep things simple for now.) Instead, disposables must be based on disposable templates.

No, you just said that the system would not let you do this (which is the correct thing for the system to do, based on what you’ve said). An app qube that is non-persistent is simply a disposable, and “a template that is disposable” is simply a disposable template, which you just said this is not. Again, every disposable must be based on a disposable template.

Please double check that we’re using the terminology in the same way to ensure we’re not talking past each other:

FYI, you definitely shouldn’t run a browser in a template, as that undermines the security model of the template system. (However, it’s fine if this is just a test template or you otherwise don’t care about the security of the template or any of the qubes based on it.)

1 Like

To make sure I understand, in the template I would move the Telegram folder eg. /documents/telegram to /etc/skel/telegram and then create an App VM based on that, correct?

If so, one more query, will Telegram show up as an application in the list of applications, and the sub-menu of the app VM?

Yes, I did not know how to use the terminal to download Telegram directly, because sudo apt install telegram-desktop did not work for me.

I answered a bit quickly, without having read all of this topic.

So, to me, as a beginner, a good way of thinking the installation process is asking me first: can I use ˋdnfˋ or ˋaptˋ in a template? (a real template, not a disposable template)

If not, I try to install the program in an normal AppVM, using: flatpak, snap, appimage or even an installation script, using a prefix option to do it inside the ˋ/home/userˋ directory.

About Telegram: I don’t know how to install it, I just did a small search about the installation methods: first of all, what is the output of the ˋapt installˋ command when it fails? Could you try to use flatpak or something like that instead?

That was the idea, and you can try this as an exercice but I don’t think it’s a good practice.

No, you probably need to create a ˋ.desktopˋ file. How do you start Telegram in the AppVM?

And finaly, @adw is perfectly right about the template security. Is the template where you downloaded Telegram a clone of another? In this case, the AppVM can use the original template and you can delete the clone.

For Telegram specifically, I simply installed it with apt install telegram-desktop in its own Debian template. I see no reason to mess with disposables when it comes to Telegram, because it’s a persistent messaging app that I use to communicate with people I know.

Oups yes sorry, i forgot “template” in the message! lol

1 Like

In that case, I’ll stand happily corrected. But still, “dvm” stands for “disposable virtual machine” (which it isn’t, it’s the template) and therefore is nevertheless misleading for that reason.