Privacy when updating / checking for updates

  1. Are any connections made to Qubes’ servers when checking for debian/fedora updates and while updating? Or only to their respective update servers?

  2. Do whonix-gateway and whonix-workstation always check for updates and update over Tor by default? Are connections made to Qubes’ update server

  3. Is it possible to configure Qubes in such a way that dom0 will always check for updates and update over Tor, while leaving debian/fedora to update over clearnet?

The thinking here is to prevent an observer from easily being able to see I’m using Qubes/Whonix by checking for updates / updating dom0 and Whonix via Tor but not having to update Debian/Fedora templateVMs or standalones over Tor.


For question 1. this question is probably unrelated to qubes os and mostly related to package manager. For metadata you access to qubes os website for qubes packages and fedora server for fedora packages; for actual package data you may access to any mirror in the world - fedora pick a mirror by random and skip inaccessible ones. Debian instead will pick a fixed mirror specified in /etc/apt/sources.list

1 Like

I already discussed this question here on forum. Conclusion: if you want your ISP did not know that you’re using Qubes, you need to disable checking for updates for all qubes and add whonix qubes as exceptions. This settings are in Qubes Global Config. Also the best way is to disable networking for all non-whonix qubes (of course except sys-firewall and sys-net).


have VPN before syswhonix, this will completely mask tor traffic from ISP, also rotate everything in global settings to whonix, so that all updates, proxies etc, is routed through that, on each clear setup of qubes on same or new machine, do all of that before connecting to the internet, if you do plan to connect to tor, first thing to do before downloading or setting up anything is to use bridge in whonix setup config first thing, this will mask tor traffic at the very first instance of whonix connection on a fresh install.

I also got confused by QubesOS on this topic. I setup sys-whonix to be the proxy for updates on my QubesOS system. I set this up from QubesOS Global Config window. However, more than once I have observed an “updates available” notification pop-up during I had sys-whonix qube shutdown.

This has disappointed me immensely, as I was under the impression that ANY connection that my QubesOS makes in regards to template/dom0 updates would be going through the sys-whonix qube.

Why is this feature “broken” like this? Why does QubesOS is stubborn in using clearnet for checking the availability of updates?


By default, each template-based qube checks for available updates for its template. If you have template-based qubes that use something other than sys-whonix as their net qube, then that explains what is happening. You can disable these update checks in Qubes Global Settings.