Should sys-whonix be disposable?
I use VPN before sys-whonix and worry too consistent guard lets correlation attack.
sys-whonix should not be disposable. See the Warnings section on
Specifically,
Ephemeral Whonix-Gateway ProxyVMs Using Disposables for both the Whonix Gateway and Workstation in Qubes does not increase security without any corresponding privacy downside, for the following reasons: [17] [18] [19]
- Disposables are not amnesic. In practice this means traces of their activity can be left on storage or in memory, making them vulnerable to forensic operations. [20]
- Using a Disposable for the Whonix-Gateway results in non-persistent entry guards to the Tor network; behavior unlike the default configurations for Whonix, Tor, and the Tor Browser Bundle. Mathematically speaking, end-to-end correlation attacks are more likely to succeed when a user chooses many random entry and exit points in the Tor network, rather than semi-permanent entry guards which are only rotated every few months. [21] [22]
- See additional footnote. [23]
1 Like