Is browser cross-contamination between VM qubes possible?

A Disposable will not save anything so just know that if you download emails into Thunderbird with a VM like that, they will not be saved.


Had no idea … I haven’t installed these yet as I have just been planning them out

Is there a guide on here that has those steps?

Eventually it will likely come to that :sweat_smile:

Yup! Got that covered, I have a drive dedicated for image backups and all that

Good point, may have not thought this all through… might have the web emails here instead then hmmm. The issue is not all the web emails protect against Beacon attacks such as tagging hidden little tracking pixels into image sent through email. Okay well I have to think this over again, thanks for the reminder

If you load webemail using whonix, those beacon would get different addresses. You just need to make sure your email provider will not block tor exit nodes.

You can use Thunderbird in a non-disposable AppVM as well.

1 Like

Thanks for informing me of this as I am brand new to Whonix as well as Qubes lol

That is doable for me, but that will drive my mom into a fury of frustrated madness so I can’t have that as the solution for my mom’s set-up sadly

Am still brainstorming over it …

[irrelevant comment retracted]

1 Like

Also good to know, thank you!

1 Like

it’s in the debian-12 repo now?

[irrelevant comment retracted]


Unfortunately, a minimal debian 12 qube cannot find it in the repository.

As far as I know, both debian 12 and debian 12 minimal point to the same repositories.

1 Like

Are we using the same Debian 12 repo?

I don’t know about Barto, but I’m using whatever debian-12-minimal points to. Again, I’m presuming it’s the same as debian-12, and that the difference between debian-12 and debian-12-minimal is what is actually installed, not in what is available to be installed.

Maybe I’m wrong about that, but if so I’d like to know.

Oh and to be clear, I am talking about clones of these templates, of course; I don’t install anything to the original templates.

I do install things to the original templates. Is that a bad security practice?

Would it not be acceptable to clone the original and then add to that one?

After a bit more research into Whonix on Qubes I have decided to isolate the use of an email client (Thunderbird) to its own Qube, just in case …

For my mom at least I will indeed stick to a non-disposable AppVM regarding email from an email client; whereas web mail can still go into disposables

My email client qube is one of the very few qubes on my system that is not a disposable, precisely because of the fact that I need the emails themselves to remain persistent.

I’ve actually figured out a method of storing the e-mails on a thumbdrive and mounting that folder on in a disposable…so that I can use a disposable for my e-mail client (mount the email area, then start the client–the client has no idea it’s reading something on a thumb drive), BUT that’s not as safe (in terms of data loss) as having the email live on the “main” SSD on my system as part of the VM. Thumb drives are very much less reliable. However the advantage of this method is that I can use the same email folders on two different computers, my desktop and my laptop. But until I take that plunge, my email qube is one of the very few non-disposables on my system, and by far the most important one of that few.


But see, having a persistent VM has now made me wonder how it is deleted when I do finally delete it?

Is your persistent email qube VM using Whonix or no?

What is your opinion and/or best practice on this:

It’s not using whonix.

I honestly have no opinion nor good knowledge about whonix.

I will say that if you are using it to avoid fingerprinting for an email qube, you’re wasting your time; you have to log in to your ISP’s email; telling them who you are is far better (from their point of view) than having them fingerprint you. (It could of course hide your location if that is what you are concerned about.)

1 Like

I am not trying to hide my identity ironically, or even my geolocation.

I am trying to

  1. Hide my IP Address
  2. Figure out how to hide the IP Address as well as still retain data integrity in that the exit node not be susceptible to altering the data as I will obviously be logged into email and don’t want a malicious payload injected into any of the data packets returned to me by a possible man-in-the-middle let alone a poisoned malicious exit node be it an exit node on TOR or the exit from a VPN
    (I need layers of encryption since the typical layer of HTTPS is apparently not enough)

In other circumstances yes #3 would be to also be pseudo-anon, though it isn’t my priority.

I just need to have email without my attacker finding my real IP Address so he doesn’t re-target my network to attack again

Maybe a VPN would suit your needs?
In case you need help about Librewolf, there are surely a lot of people that can help you (including me, though I am no expert).

1 Like