Maximum anonymity, but the final cube should have a clean IP address

User Support
, , ,
1

Hi everyone :kissing_heart:

I have a very specific question.

Brief explanation: My previous setup was:

Host: Linux
VPN on the host
Whonyx gateway + workstation in VirtualBox
Anti-detection browser in the workstation
The anti-detect browser profile had a SOCKS5 proxy configured (so I would look like a normal user)

Now I’ve switched to Qubes OS yesterday and have already configured everything, such as disabling IPv6 for all Qubes, MAC address randomization, etc.

My Qubes chain looks like this:

Template NetVM
debian-13-xfce (none)
debian-13-xfce sys-net
debian-13-xfce sys-firewall
whonix-gateway-18 sys-vpn-mullvad
debian-13-xfce sys-whonix
UNSURE IF I SHOULD DO debian-13-xfce OR whonix-workstation-18 sys-proxy

1: sys-net
2: sys-firewall
3: sys-vpn-mullvad
4: sys-whonix
5: sys-proxy
6: work

The problem with my previous setup (on Linux as the host) was that despite the configured proxy in the anti-detect browser profile, I ended up seeing a Tor IP address when visiting https://www.whatismyip.com/. So, Tor was ultimately over the proxy again.

Now I’m wondering if I should use debian-13-xfce or whonix-workstation-18 as the template for the last Qube “work”. So if I use workstation-18, will I have the same problem as with my previous setup? And not with Debian 13?

But Debian 13 is less secure, right?

So I’m wondering if anyone got any ideas. Ultimately, all I want is to download an anti-detect browser in my final work cube so I can log into Instagram, and Instagram should see my proxy IP address.
But maximum anonymity (tor in between) should remain.

Thanks :)))

2

As far as your approach is concerned, you may find these links useful:

2 Likes
3

Thanks, but I was hoping to get a short answer from someone and not have to read through 100 texts again. :crying_cat_face: Anyway, I looked at the first link and didn’t find an answer.

4

Your Chain:
qube->Tor->VPN->sys-net
I’ve left out firewall and sys-proxy - I dont know what that is intended
to do.

Look at your chain. Traffic from qube is encrypted and sent on its way
to Tor network via the VPN. Your ISP sees no Tor traffic, only VPN
traffic.
The Tor packets are sent to the VPN, and circuits are built leaving your
VPN provider. Your VPN provider sees you are using Tor. The target
endpoint sees traffic coming from the end of the Tor circuit.

What you want: target to NOT see Tor IP.

qube->VPN->Tor->sys-net

Tor project advice remains not to mix Tor and VPN unless you know what
you are doing.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

2 Likes
5

h

6

Okay, I understand what you’re trying to say.
No, you dont.
But my actual question is whether the Work Qube can be set to the Whonix-Workstation-18 template?
I believe that Whonix-workstation has to be connected to Whonix-gateway,
but I cant help you with Whonix.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

7

:sob:

Thanks anyway …