Questions regarding Tor identity in Qubes + Whonix

I am using Qubes + Whonix.

As I have read in the Whonix docs, Whonix (Tor in general) offers stream isolation. Regarding this, and regarding Tor identity in general, I have some questions.

  1. Docs say:

Stream isolation provides protection against identity correlation through circuit sharing.

How exactly does it work? Because when I am having several tabs open and operating them, they should all be the same identity. And when I want a new identity, I have to reopen the browser.

What benefit does stream isolation provide here?

  1. I have thought about using Firefox instead of Tor browser in Whonix, because all traffic is forced over Tor anyway.

2.1 What is the difference between using Tor browser in Whonix, and Firefox in Whonix then?

2.2 Is stream isolation somehow possible with Firefox? How can I get a new browser identity at all when using Firefox in Whonix? I am not sure if reopening the browser does the trick, like it is with Tor browser.

  1. If I have several Whonix VMs running (within Qubes) at the same time, are they isolated from each other as well, hiding that they are operated from the same person? (I’m 99% sure the answer is yes, but you can’t be safe enough).

Thank you very kindly.

correct, it only protect you from some attack (not create new iden)

only protect you between app

tor b in whonix is tor b without tor
still better than firefox


quite hard (below)

some time with private browsing

60% true

The difference is that Tor fights fingerprinting, while Firefox not so much. See also:

1 Like

60% true

Can you please elaborate?
(Thanks for the rest!)

at the time of writing that, there is a lot of wrong info
one of the only way is hardware id, that because xen doesn’t hide your hardware (or at least, cpu) from vm, which is not so large concern

Okay. So, is it better for my privacy if I am not operating several Whonix VMs at once, but rather only once at a time, when their identity should be separated from each other?

short answer: yes
long answer: what is your adversary?

Is it because of the case that if my internet connection crashes, it is suspicious that all VMs crash at the same time?

My threat model is that I want to be anonymous to my internet providers as I am frequently using public WiFi (like in hotels where I have to check in with my real ID).
And secondly, authorities that should not be able to monitor and identify me.

uh oh, this can’t protect you from authorities to know you are using many Whonix VM

More details:

1 Like

Can it be seen that my VMs are all operated from the same person (me)?

If yes, how to change that?

This question is more about Whonix than Qubes, so you should probably ask it on Whonix forums and consult the Whonix docs: Multiple Whonix-Workstation ™.

1 Like


This is generally known as “VM fingerprinting.” This page might address some of your questions on that topic:


What I found out with the links is that the best option is to not use several VMs simultaneously.

Now my final question regarding the different identities is:
Is using Qubes + Whonix VMs equally good as using several Tails sticks to prevent links between my identities and separate them, or is one of the two options better?

tails better if you don’t think much about it
Qubes + Whonix VMs is good depend on how you configure it like it is disp vm,…

1 Like
1 Like

Yes, I think privacy-wise, it’s very similar. I actually tend to use Tails, but the only thing that seems to be better with Qubes is the security. If anything happens with my Tails, my entire PC could be affected (and therefore, my other identities as well). Qubes mitigates that risk better.
Correct me if I’m wrong.

You entire PC could be affected, but a reboot would fix that** (except maybe BIOS, which you could reflash in principle).

** Make sure you don’t have any hard drives or USB sticks connected while using Tails.

You entire PC could be affected, but a reboot would fix that** (except maybe BIOS, which you could reflash in principle).

But I want to use persistence. Still?

** Make sure you don’t have any hard drives or USB sticks connected while using Tails.

Even my PC’s SSD?