One Guard per App in Qubes? How?

Sorry if wrong category. I think this right forum. Forgive me I Confused.

I read in Whonix docs ‘Increase Protection from Malicious Entry Guards: One Guard per Application’. How to do in Qubes? Does guard mean gateway? Really confused. Please help

You can start a new Whoinx VM for each application, but if all you use is the Tor Browser it happens automatically, each request to a new domain is done in a new circuit.

Thank you for reply!
So one app each Whonix VM and different gateway for every VM, correct? Confused by

Not understand where say:
‘To apply this Increase Protection from Malicious Entry Guards configuration, follow these steps’

Snapshot means clone, yes? Does guard honest just mean gateway?

More confused. New circuit mean entry guard?

Reading Tor Entry Guards - Support - Whonix Forum confused what @adrelanos think to advice except now ‘instructions don’t influence Tor entry guards’ Is @unman lighter TorVM for one Tor entry guard per application Qubes setup less trouble?

Is One Tor Entry Guard per Application not recommend in Qubes?

The recommendation is to use Whoinx, unless you know you need something else.

If you don’t understand what you are doing you shouldn’t try and reconfigure Tor or Whoinx, you are most likely just going to weaken what Tor does.

The general idea behind the guard nodes is that you put all your eggs in one basket, often it doesn’t matter if some or all your traffic goes through a bad guard it’s going to be enough to deanonymize you, this is why a limited pool of guards are used.

Thank you. Understand. Seek the ‘safest possible configuration’
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Tor_Entry_Guards
'‘Whonix ™ developer HulaHoop recently approached Tor researcher, Tariq Elahi, to discuss how exposure to malicious guards in multi-Workstation scenarios could be measured. It was discovered that 1 guard/client per internet-connected program (not identity!) is the safest possible configuration.’

Exactly why Tariq’s advice to me make sense. Many whonix gw is experiment now or ‘safest possible configuration’?

Could not find howto in qubes so thought ask.

off topic comment

@renehoj saw awesome hcl submit
MSI Pro Z690-A WiFi DDR4 with Alder Lake 12900K
Do you have parts list? Total cost? DM welcome

You can make whonix-1, whonix-2, etc. and use them as sys-net for different qubes, whonix-1 would be for your browsers, whonix-2 you email, etc.

I personally, don’t think the idea with multiple guard nodes makes much sense. If all you whonix qubes have the ability to deanonymize you, making 5 qubes just makes it 5 times more likely you get deanonymized.

I don’t know how much it matters the amount of data you send though the guard it can’t see the data, and I don’t think time correlation require a lot of data.

Agree to disagree. Maybe Tor Entry Guards - Support - Whonix Forum best to discuss merits.

Future ready policy change still confuse me.

Relevant?