How do i set up whonix under a VPN after this guide?

Thanks. :slight_smile:
Anon-whonix = sys-whonix.
whonix-16 dvm = sys-whonix

So yeah, everything in qubes seems to go through a VPN then after setting sys-whonix to the VPN. Maybe even updates through tor… Or that could go through tor i do not know… The setting when you install Qubes, and choose use tor updates. Great that the qubes go through a VPN.
Just curious now… Do Qubes update through tor under a VPN then? I guess so…
Thanks for your computer knowledge. Peace out

If your sys-whonix vm is getting its internet from your vpn VM then yes tor updates will all tunnel through the vpn too. You’re welcome :grinning:

Thank you. Someone else wrote that this is very insecure… Tor under a VPN…
Do you know if a plain vpn is safer, or do you have any better connection ideas that would work in 2022?

Define safe. Regarding safety: I do not see anything that i getting more insecure/unsafe by using Tor that is not already wastly unsafe/insecure to begin with (like unencrypted HTTP for example).

Also: what exactly do you want to do/protect?

Tor gives you better security guarantees for anonymity than a VPN. IMHO: If it can be done with Tor, it is always more private/anonymous than doing it with a VPN.

1 Like

ok thanks I read here:

Anyways. I trust a VPN more then my ISP for sure! So i will use this.
I want to protect my right to privacy. I also lock doors… I think it’s disrespectful if hackers break into systems without asking. I would never do that. I could try bug bounty, but that’s using permission. White hats…
Those illegal ones are breaking into systems just because they want control. Domination of this world.
I do pirate movies on the pirate bay sometimes… When netflix is bad. Mostly just learning, or reading. Nothing illegal.
I just want to protect my personal space, and they do have to respect that.
I also want to protect passwords and everything.
I think both can be good if the VPN could be anonymous though… Seems safer. Good luck staying safe from hackers though.
I did not even buy a kindle after i read that they did check pages people read. I just find it to be utterly creeeeepy. So if i read online or search info or whatever… I don’t want it to be like kindle and they even deleted pirated versions of 1984 i read. Thats creepy.
I try to avoid that kind of behavior thats all. They had like data on how fast they read a page and everything haha. So wierd. I would not even be able to concentrate if i knew that. I would want my personal space.
TI think surveillance is kind of sick… Or making humans sick.I am much against it… It’s good if they stop crimes… Dangerous people out there… But apart from that, the mass psychological health has gone down.
Just the thought of that someone might be watching anyone online, and the one using the tech can’t even tell, because they do it in secret. That is just a red flag for me. I do not like it at all.
If some creepy dude did hide behind a bush outside and watched i would know… Not with creepy tech. Can’t even know who is behind that bush.

Just linux distros of course :wink:

I forgot about that use case! Yes, for torrenting a VPN really is the right tool and not Tor.

Yeah that one was hilarious! Really make me think there was a troll within amazon that pulled that of.

So regarding VPN + Tor, i wrote something about that, here is my argumentation on why it is usually a bad idea an not really helping anything.

Regarding that trust thing: The cool thing with Tor is, that you do not have to trust (much)! There is no one entity that can betray you. Trust is distributed between your three nodes, so they have to work together to attack your anonymity. With a VPN you have to trust, that it is protecting you.

Your threat model seems like “i don’t want to be surveilled or analyzed”. Failure of OPSEC is not catastrophic. This can be achieved with a VPN to a reasonable degree of security (Tor is better of course ;)) and with qubes you have the very important other tool to make it happen: DisposableVMs.

Most tracking stuffs happens with cookies and fingerprinting. Hiding your IP is the easy part. Tor browser is especially build to withstand that, but by using disposables with a VPN you can get very far. How good that is against fingerprinting i don’t know however.

1 Like

Hehe yeah. But i mean. I pirate movies sometimes… So that’s illegal. I have always used the pirate bay, but sometimes, not all of the time. If netflix has issues and so on. Better to use a VPN then… Much less on linux because much is free, but on windows, yeah i did pirate some programs and stuff. :wink: Who could afford to buy it you know.
But i mean, when it comes to mp3, music, movies. sharing is caring right…
I do support creators sometimes… I would give more if i had more.
I download games sometimes… Not as much now. But i don’t play as much now as i used to at all. Linux gaming is cool though…
Lutris is nice.
Anyways…
yeah you are right about the VPN, and yes it’s exactly that. I don’t want to be analyzed or surveilled. :wink: Like the kindle example, i could not even concentrate reading a book imagining some dude on the other end be like: “Hmm, i wonder why it takes so long to turn the page… I wonder if i should delete the 1984 copy.”
Just creepy. And you would not even know who the person where…
Yeah you are right about fingerprinting. So it’s better to blend in right then to stay unique? The brower fingerprinting pages want to show you are unique no? It’s better to be like every other browser right? Like… A tor browser then in the masses maybe?
I mean you can’t stay anonymous online… They could easily be on your phone, computers and everything. But at-least you could try some… We all deserve some privacy…
I have a hard time even writing or talking to people on the phone if i know someone might be listening. It just messes with my mind… Hard to explain. even if i got nothing to hide. It seems to be messing with my freedom of expression or thought perhaps…
It’s some kind of psychological terror the system worldwide has put on it’s citizens…
Some kind of slavery surveillance… I don’t know how to combat that, and take the privacy back. Maybe just being myself. Yeah, as always. Has worked so far. I wont change. I will probably pirate from time to time if a good new movie is out… Qubes could also help and similar solutions.
I will probably try to have anonymity rather then use windows or spyware hardware and so on… But sometimes you don’t have a choice on android and other platforms… hmm.
Maybe i’m the only one that has always been paranoid… I just don’t like cameras outside… stuff like that…
It’s like the opposite of wanting to be famous hehe. Some would like that, crave that… I just find it annoying actually… It’s disrespectful… Like some dude would stand close to you on the subway and start speaking close to your ear kinda… And keep speaking. Just dont caring about personal boundaries. I mean you would not know if someone did that or not! That is also the issue!! In real life this would not be possible…
People would just say, stop it. With technology they can hide… It also depends on if they are good or bad people doing the surveillance… I just don’t like not knowing i guess…

https://www.goodtherapy.org/blog/watch-out-psychological-effects-of-mass-surveillance-0910137

It should be illegal! If not… if they dont ask permissions. Hackers should be able to do the same to them. I’m no hacker, but people who are… If they get surveilled illegaly and not doing anything… They should be able to look at the watchers.

I feel the same way.
I may or may not obtain my books without DRM and then read them in a disposable qube without a netvm or on an airgapped hardware ebook reader. That way nobody knows when i am reading my books and potentially malicious epubs cannot create great damage.

If anonymity is the goal: Yes.
This is called k-anonymity. K is the number of people you look alike, so the more people look like you, the more anonymous you are.

Tor Browser has the goal to let every Tor Browser user look alike. If you are using Tor Browser without Tor somehow, that would make you stand out as likely nobody does that for example.

If your adversary has the ability to run code on your machine, there is absolutely nothing you can do to cover your tracks. Howevery it is unlikely that the surveillance capitalism adversaries like M$, amazon or google run code on my FOSS machines.

It totally is and this is arguably the goal of all this. A good keyword for more information is the Panopticon. You can start seeing this self censorship pretty much everywhere. People start to self censor in fear of being prosecuted for what they say, even if it is totally legal. Staying anonymous is an (more or less) easy way to avoid that problem.

There are degoogled androids out there one can use.

It should (imo). But it is not. You can be assured, that the “normal” people are much more vulnerable to mass surveillance that than you as a qube user are. You are using pretty much state of the art INFOSEC protective equipment against pwnage of your end device.

The fact that you think about things like that alone and consciously act (not meaning self censorship, but OPSEC considerations) make you hop out of the bell curve.

1 Like

nevermind

Hi again. Could someone please make a guide on how to use the guide with ovpn? But perhaps multiple VPN’s you can switch between also?
If i wanted another VPN, would i create a new qube VM or would there be conflicts with the mullvad one?
I’m thinking you could switch between a vpn in the global manager perhaps.

I agree with you btw! Thanks. Yeah people start to self censor themselves… Even if stuff is totally legal! The surveillance is like some psychological trick. You don’t know who could be on the other side… Some fat dude with some moisture in his hand that just built an app maybe… Who knows… Some moderator or whatever, who has not washed his face in 8 years maybe. Fries all over his chest… Reading some private conversation between some dude and a girl maybe. Breathing heavily…
Mass surveillance can make people schizophrenic i bet, or people getting psychosis.
Could they be listening now or not? They can’t know for real… Then it’s like some start to act wierd or “fake” maybe… Just feeling at un-ease…

That’s the issue with technology. You have no clue who they even are… They are to chicken to just call people up on the phone.
I don’t know if you self censor yourselves in apps you know are being watched over and famous for that or not, but how fun is it being on android if they record everything like creeps you know? It’s sketchy in my opinion… Good if they catch some bad ones… But for the rest it’s annoying with surveillance…
I envy people who had privacy back in the day actually… And i would never ever get a kid today, and imagine kids being online today on apps… their whole lifes must be out there for some. Some might not care others might. I just find it wierd… Poor kids having no freedom whatsoever today. Every purchase registered, every thought, every mood. location, friend circles and so on… Mass-surveillance cameras follow there every step outside in cities. The mods or creeps have the power if you know what i mean… Some could be good guys. Some could be creepy… You just dont know!
I mean some want to protect them, but i bet some abuse the power of surveillance also… Privacy is a human right.

Anyways, could anyone create a guide maybe on multiple VPN’s with this setup? The official qube guide is good also… but i did not manage to create multiple vpn’s there either last time.

What do you mean with “multiple VPN’s”?

If you’re using .ovpn files you can add as many as you want to Network Manager.

You can also take it a step further and create a VM for each profile, then use them by themselves:
browser-vm-1 > vpn-1 > sys-firewall > sys-net
browser-vm-2 > vpn-2 > sys-firewall > sys-net

Or concatenate the vpn VMs for a multi-hop setup like:
browser-vm > vpn-2 > vpn-1 > sys-firewall > sys-net

If you elaborate on your goal you could hope to receive more tailored answers.

Hello. thanks for your answer…
I would like to be able to switch between a vpn provider… if i add one to mullvad vpn qube and the network manager and try to pick the new in the list, it re-connects to mullvad…
If i use seperate ones i need to create new appvm’s like extra debian vm also perhaps then…
Could anyone make a guide on how to set this up perhaps? If someone has time that is :slight_smile: Otherwise i can try some later on… It seems to connect to mullvad in the same mullvad qube though, if i add an extra…
Mullvad is in global manager and that might be why, i don’t know…

Why would you want 2 vpn’s chained? Just to take slightly longer to be deanonymized?

He might not want vpn1 to know his destination, and vpn2 to not know his actual ip… Depending on his own threat model and the precautions he takes to subscribe to the vpns, this may or may not be achievable.

To each their own!

How to set up a new AppVM or a vpn? There are guides for both and seems like you already created one of each, so it’s the exact same process, just different vpn providers. But the ovpn files work in the same way.

When you create an AppVM, if you don’t explicitly set a netvm, it’ll use the default netvm.
You can check it with:

[user@dom0 ~]$ qubes-prefs default_netvm

To check the netvm used by a particular qube run:

[user@dom0 ~]$ qvm-prefs QUBE-NAME netvm

You can change the netvm used by a qube by adding the name of the new netvm at the end of the command above.

So if you want a chained setup like browser-vm > vpn-2 > vpn-1 > sys-firewall > sys-net you need to do the following:

[user@dom0 ~]$ qvm-prefs vpn-1 netvm sys-firewall
[user@dom0 ~]$ qvm-prefs vpn-2 netvm vpn-1
[user@dom0 ~]$ qvm-prefs browser-vm netvm vpn-2

I used arbitrary vm names, you need to use the exact name you have on your system.

Also keep in mind that unless you change this set up, vpn-2 will always connect to vpn-1 from now on. If you wish to separate them you’ll need to change the netvm associated to vpn-2 to sys-firewall (in the second command, replace vpn-1 with sys-firewall).

Finally, if you want to change the default netvm to vpn-2 for new qubes (and old qubes that have the netvm property set to default), simply run:

[user@dom0 ~]$ qubes-prefs default_netvm vpn-2

No i just want to be able to switch vpn. Just use one at a time. .

Yeah i agree… It’s best to create a new one like in the guide and just switch in global manager if you wanna change the vpn. And the plan is to use just one vpn at a time, not two… Thanks for the answer!

The best way would be to have separate vpn-services and to just change the vpn in global manager and all qubes that wants to use the vpn… good to know. The official vpn qubes quide is good also though… might be the best actually or smartest solution.

What would be a good way to disconnect the VPN in this guide temporary? It does reconnect if i disconnect it, as it should. But how do i remove that temporarily and just use the normal internet traffic in the best way? I want to check something out of curiosity. Thanks