I am a new user of Qubes.
I have just completed my installation.
After a reboot, the system offered me to connect to the Tor network through Whonix. I accepted, but the progress bar remained frozen for about ten minutes. This seems obvious to me, since I didn’t connect to any Internet access. I don’t dare to connect on my home WiFi, for fear of losing my anonymity…
One thing the startup instructions don’t say is “How do I connect to the Internet anonymously”. I looked in the documentation, but I couldn’t find it.
From what I understand, there are two possibilities:
Use Tor
Is Tor only used with Whonix? Or can it be used independently? I’d like to understand the Tor system a little better.
Use a VPN provider.
But can we trust a VPN provider? Because even if the purchase is anonymous, even if the VPN network is encrypted, the provider is still someone I have to “trust”: doesn’t he have the encryption key for my VPN? Can’t they see the content of the data I’m exchanging?
Qubes OS uses Tor through Whonix. The sys-whonix service VM routes the connections though Tor of the appVMs that receive networking from it. For instance, if you go into the ‘Qube Settings’ of the anon-whonix qube, you can see that ‘Networking:’ lists ‘sys-whonix’. If you wanted, you could change debian or fedora AppVMs’ settings to receive networking from sys-whonix, but this won’t be as anonymous as using a Whonix AppVM. If you want to change the default networking VM for all qubes, and even when updating TemplateVMs, you can go to System Tools > Qubes Global Settings in the application menu and change ‘Dom0 UpdateVM’ and ‘Default NetVM’ both to ‘sys-whonix’. However, you will still have to change the networking settings for all of your current AppVMs, as the ‘Default NetVM’ setting only applies when creating new qubes.
See also: Contents/docs/privacy/whonix.md at master · Qubes-Community/Contents · GitHub.
Those are valid questions that you have to ask yourself when considering Tor vs. VPN. Tor doesn’t require as much trust, and you’re also not trusting a single person or company, and it’s more anonymous. The main advantages of a VPN are speed and also being blocked less by websites.
As for how to set up a VPN on Qubes, see Contents/docs/configuration/vpn.md at master · Qubes-Community/Contents · GitHub.
I continue my beginner’s learning…
To be on the safe side, I say to myself that it is better to start by making everything go through TOR : you must always choose " sys-whonix ", for all the elements using a networking.
Only when this is done, will I allow myself (for the first time) to connect to my home Wi-Fi system.
I will start using something other than TOR, when the following conditions are met:
When I know enough about Qubes.
When I am sure of my VPN provider(s).
When I have established my working and connection method.
Yes, it was like that by default, but I found it more prudent to specify the NetVM on each of these models: on the one hand, I’m not an expert and I might not set up my system very often when it’s perfected; on the other hand, I find it prudent to specify the most secure networks by default.
So there is certainly something I did not understand.
On the other hand, I imagine that this change you propose will not solve my problem.
can you connect to anything using sys-net? If so, the problem is whonix-specific and you should try to find the error by measuring at which point your connection won’t get forwarded to the app-vm. If you can’t connect to anything using sys-net the issue is probably with the drivers of your wifi card (if it’s a pcie device which is the standard these days) or passthrough from sys-usb (if it’s a usb device connected to the usb controller).
This morning, I rebooted my machine completely. Below you will find some captures that show the choices I had to make. I first chose the first proposal, but the system blocked me at 30%. I then chose the 2nd proposal, and the system still blocked at 30%. Finally, I closed the window of these proposals.
My machine is well connected to the Internet :
First of all, a old screenshot above shows it well;
Secondly, I was able to visit web pages, in myAppVM, by connecting to sys-firewall.
The problem would come from Whonix. Please note that I am a great beginner… and I don’t know Whonix. I only know “a little” Tail … and therefore “a little” TOR but as a “simple user”
Should I be afraid that my machine will be identified when I connect to the Internet, without going through TOR?
Really?! Basically, what information is my machine sending? Identification on the hardware? My machine is brand new, and I haven’t had any business or personal activities yet. I just opened Firefox.
I’m on a router with a 4G SIM card that works fine, but to make sure I have good Internet access, I connected to my home box on Wi-Fi.
In both cases, I have a very good connection with 4 nice red bars.
If Tor is being blocked on your network, you may need to configure Tor Bridges. You can do this by going to the application menu then sys-whonix > ‘Anon Connection Wizard’, in the wizard select ‘Configure’ then check ‘I need Tor bridges to bypasas the Tor censorship’, then finish the wizard and wait a couple minutes for the progress bar to complete.
If that doesn’t work, you can also try selecting the ‘Provide a bridge I know’ option and obtain bridges from https://bridges.torproject.org/ to use.