Is my Whonix VM secure when using Firefox Browser + VPN Browser Extension?

I had posted this thread on Reddit, but I am having trouble getting specific detailed information. I am hoping the genius’s here can help!

So here we go…

Is this an OK way to use a VPN?

If I understand correctly, I have the Qube setup to receive network connection from sys-whonix, which means the entire VM is connected through TOR first off.

Then, I have downloaded a copy of regular Firefox to use a NordVPN browser extension. Am I to understand that if the NordVPN drops connection, that the only thing that will be exposed is the TOR IP? (I am not using the Torbrowser because the VPN add-on does not work through it)

The main purpose of this is to region-lock my IP to a specific legally recognized location for using crypto exchanges that are banned within my country. Most of these exchanges block TOR related IP’s, or will simply recognize that your location is bouncing around/consistently changing due to using TOR which can be suspect at a place like Binance.

I do not want to expose any details of my system/origin IP and to avoid VPN keeping logs that will trace back to me. Is this safe? Yes, the VPN might keep logs about what sites I went to, what my actions there were, etc., but at the end of the day, it will not matter because nothing will be at all linked to personally identifiable information.

And, the following were followup responses to a couple users who stated (unfortunately) very briefly that this was not a good idea. But, I am curious for my use-case, why is this a bad idea?


(random reddit user reply):

No, just no. NordVPN already knows Ur stuff, so there goes privacy/anonimity. And why would you honestly use a VPN together with TOR, so you can fingerprint yourself even more? Just create a proxyVM, set up the VPN there, and use it as network gateway for your exchange VM

(my reply):

Can you explain to me: how is your method more safe than using a a TOR’ified VM that then has a VPN running on top of it?

I think I am not understanding something.

Does it matter what Nord VPN logs, as long as it is first going through TORified Whonix VM? Consider that I paid for the VPN subscription, on Qubes Whonix OS, over TOR, with XMR.

I do not understand. Where is the perceived lack of security here?

Like you say, It seems most peoples method is to use a Debian or Fedora template VM. My understanding of this is that instead of receiving networking from Sys-Whonix, that they configure this to use their regular internet and then slap a VPN on top of it in the configuration? if the VPN stopped functioning at random, that my regular IP would be exposed because it is not first running through TOR. With this method, I perceive that the VPN would know my real IP. Am I incorrect in thinking this?

…Let us forget that it is NordVPN which I suppose is not the most trusted VPN service. If NordVPN or any other VPN knows that I am using Binance, and wants to persecute me for doing so… well, If they want to go any further than that, they will see that I am connected first through TOR, and THEN to their VPN. Correct? No chance of them tracing activities back to the actual real location. Yeah? Where is the security lapse with this method?


(random reddit user reply):

Don’t use such VPN Clients. Have a look at your torrc file.

My reply:

As I understand, modifying the TorRC file can help to as I initially put it, ‘region-lock’ you to a certain location by only using specific nodes. In this case, I could restrict to using non USA nodes.

That said, I like the idea of the extra security that TOR’ifying the entire VM by using a whonix-ws template, and then adding a VPN on top of it. It’s easier for me to browse and use websites that are not so kind to TOR-based visitors.

I am not hearing many downsides apart from, “just don’t do it”. I do not understand why this would be seen as risky or not recommended given the extra major layer of anonymity that the completely TOR’ified Qubes VM provides. What is the big deal of adding a VPN on top of this in the manner that I have recommended?

I am not trying to shoot down instruction from those who probably know infinitely more about Qubes OS, and how this all works, more looking for insight and sage advice.

The last thing I need is to be trading on Binance (for lack of a better example), and then receive a ban or at least a request for extended KYC because they can confirm I was using TOR.

If they see that I was using a VPN, and let’s say one of the awesome 3 letter agencies wanted to request more info… Well, of course they can subpoena the VPN company and ask for any evidence or logs. But, with my method, as I understand this (which may indeed be wrong), wouldn’t the logs from Nord only show that some random device is connected through NordVPN via TOR? I mean yeah, it might show everything that I did and all the places I visited… But at the end of the day, if they want to figure out who the hell it was, they are going to have a very difficult time doing so as nothing will have ever been connected to any personal information whatsoever.

That’s why I figured to use the VPN paid for over TOR, with anonymous details, burner email, and payment using a (mostly) untraceable cryptocurrency like XMR.

Another user mentioned that it might be easier to fingerprint additional details (ie: usage of the TOR). because NordVPN is not safe and might be forthcoming with logs or additional details.

However, I do not understand what would be the problem if all they are seeing is that some random unidentifiable computer is connected to them through TOR…

The entire idea in theory, is to keep the whonix-ws template VM that is running, completely TOR’ified, and safe. This way I can use something like Discord or Telegram, with all traffic routed through TOR, alongside a working functioning TOR Browser connected to TOR… But, with this I can still have an additional Firefox browser on the side open and connected through a VPN for my other listed purposes on the same machine, all simultaneously. If I shut down the VPN or it disconnects at random, the next website I go to will use my Tor connection instead. (tested to work)

From a security standpoint… If something happens and I am scripted or download some malicious file while using the Firefox VPN extension, well then they have access to one of my Qube OS VM’s that doesn’t have any personal information tied to it in a truly sandboxed Qubes VM TOR’ified environment… It may be compromised, sure, but now I close/shutdown the Qube VM, erase the thing, and start fresh with a new VPN, new details, new burner emails, etc.

Please educate me friends, what am I not understanding? Where is the security lapse here?

I don’t understand those objections either, they sound superficial

I think whonix-ws browser + VPN addon is great for working with specific websites that block tor. You don’t get stream isolation anymore, so I would keep them single-purpose. No overhead from running a proxy VM.

Instead of factory firefox, I recommend using torbrowser-without-tor

As an alternative to using crypto to pay for the VPN, there are some free firefox VPN addons, if you want to avoid any financial link at all. The VPN addon should be freshly installed into a disposable VM each session, to prevent any unique identifier generated during install from linking sessions.

See also: VPN on Qubes-Whonix
Combining Tunnels with Tor
Why use Tor over VPN - ProtonVPN Blog

Also, Firefox does not defend against fingerprinting, whereas Tor Browser should.

ask me on twitter at BowTiedIguana and I’ll reply in detail so others can benefit

@bowtiediguana : why not here?

Update: I see, this is actually slightly off-topic here. Thanks for taking care!