Some noob questions regarding whonix and qubes

  1. if sys-whonix starts up when the system starts up does that mean that my isp can see that i am on torr all day long, even if i never opened any disposable qubes
  2. i am in a country where i would liek to hide my torr use, which is a better way to achieve this an obs4 bridge or a vpn?
    also how does socks5 proxy or proxy fit into this situation. I do not even know what a proxy is
  3. Is it possible to keep some sites logged in into whonix anondist tor browser, or is it set to always erase its cookies every time it restarts.??

The tor daemon in whonix will bootstrap the connection, meaning connecting to your guard and keeping this connection open.
So your ISP can see, that you are connected to a tor guard, but he also sees that there is basically no traffic but some “hold the connection open”-traffic.

Your best chance is an obfs4 traffic, as this obfuscates the traffic further than any vpn. Usually you do not have to conceal your tor usage if your country does not block vpns, you usually do not have to use bridges (unless tor is cencored in your country).

On disposables: You could try to store your session cookies on the dvm template. On you anon-whonix, which is an appvm if i am not mistaken this should work.
Usually tor does clear all cookies on closing/newnym (new identity button). I am certain there is a way, but i have not done this so this is just a guess: Maybe Settings → Cookies → Manage Exception is what you are looking for.


That’s a very good question I had never considered.

Thanks @baflya for the response. So how does one totally hide that they are connecting to tor if startup processes establish this connection before user input is possible?

You can disable “Start this qube at bootup” so it will not start automatically. It will however start if you start a qube that is dependent on sys-whonix for networking of course.

“Totally hide” is totally dependent on threat model. One really does not need to hide the usage of Tor in civilized parts of the word.

Usage of Tor is not possible to hide against a technically skilled and motivated attacker.
Especially not with VPNs and not even by usage of pluggable transport and bridges if you adversary is motivated enough, but using bridges with obfuscating pluggable transport is a good start.

Should you desperately need to conceal that you are using Tor, your best option is to not let “somebody uses Tor somewhere” get linked to you real life identity.

Assuming that you live in a totalitarian regime and need technical support to evade detection by your nation state i am happy to help you if you can give me more details about your adversary, capabilities, skill level and options in your environment and situation (public wifi availabe? Are there corporate wifis nearby? Can you get high gain antennas? Is a “kicking down doors” scenario possible and would possession of high gain antennas make you suspicious? Is mobile roaming over the border a possibility? …)
as defensive and evasive tactics vary quite a bit in scope and complexity.


I’ve got APT problems but they aren’t repressive government problems thank god. Sounds like OP is more in that position. My threat model doesn’t have any issue with ISP & Tor, I was just curious as OP raised a point that was completely in my blind spot. I mean I guess it’s obvious if Sys-whonix is launching at startup, I just never really paid attention to it.

I’m content to just keep on learning and enjoying the process and at some point in the future I’ll be in a position to reasonably secure a computer, thanks to people like you who share the knowledge! Good luck to OP.

@McbXPdkWfyGbyvJvpXpw Can you elaborate on point 3? Is it about remembering passwords? Or is there something specific you need to maintain a session for?

If it’s about remembering passwords & the effort of logging in, look in to Keepassxc. In Qubes you can run that in a non-networked VM (so a vault), and create/store very secure passwords that you can safely copy across to other VM’s with the Dom0 Clipboard.