Tor Browser Downloader in whonix-ws-15-dvm

I was trying to update the Tor browser off of Whonix’s wiki and realized that I had previously ran the Tor Browser Downloader in the dvm template whonix-ws-15-dvm which the site said clearly do not run in. I tried looking for information on why that’s bad but couldn’t find any.

What risks are posed when something like that is ran and why is it an option if the whonix wiki seems to just blanketly say not to do it?

Try read this. Qubes DisposableVMs (whonix.org)

1 Like

Ah, so even though I didn’t technically use the template for browsing, I should just delete it and make a new one to be safe?

As far as i understand what whonix dev want is, you do everything in anon-whonix, open pdf, text, file or anything with whonix-15-dvm, so if the vm is hacked, they only have the dispvm.

The reason why you shouldn’t use dvm for browsing, chatting, etc is Using a DispVM for the Whonix-Gateway ™ results in [non-persistent entry guards](https://www.whonix.org/wiki/Tor_Entry_Guards#Configure_Non-Persistent_Entry_Guards) to the Tor network; behavior unlike the default configurations for Whonix ™, Tor, and the Tor Browser Bundle. Mathematically speaking, end-to-end correlation attacks are *more* likely to succeed when a user chooses many random entry and exit points in the Tor network, rather than semi-permanent entry guards which are only rotated every few months.

@scoob & @51lieal it appears you are both struggling with basic concepts. Let me try to help.

  1. templates: whonix-ws-15 & whonix-gw-15 … those should never connect to the network and you shouldn’t run any programs in it other then ‘apt’ to install software.

  2. AppVMs: anon-whonix (based on whonix-ws-15) …this is a normal persistent qube, which means whatever data you hold in it will be there next time you start it. However any changes to the system will not be permanent as the system portion gets reset to the state of the template upon next boot.

  3. ProxyVMs: sys-whonix (based on whonix-gw-15) … this a special AppVM that works as a gateway/proxy (provides_network=true). You don’t run any programs in it. It’s only purpose is to connect to the TOR network and guard that connection. It provides network to e.g. anon-whonix.

  4. DispVM templates: whonix-15-dvm (based on whonix-ws-15) … this is another special AppVM that serves as a template for disposable qubes (template_for_dispvms=true). When you run this directly it behaves just like anon-whonix, but it is meant to be only used to configure and customize settings for instances of disposable qubes based on it.

  5. DispVMs: those are the ones with names like disp3052 (based on whonix-15-dvm). Those qubes are temporary and whatever you do in them does not persist. These are excellent to browse / run TorBrowser.

I was trying to update the Tor browser off of Whonix’s wiki and realized that I had previously ran the Tor Browser Downloader in the dvm template whonix-ws-15-dvm which the site said clearly do not run in. I tried looking for information on why that’s bad but couldn’t find any.

Because the Tor Browser Downloader puts the new version into /var/cache/tb* which is in the system part (template) and the whonix-ws-15-dvm is not a template but an AppVM that serves as a template for disposable qubes. Hence whatever you downloaded here won’t persist.

So there is no security impact, just you being frustrated that your update doesn’t persist.

What risks are posed when something like that is ran and why is it an option if the whonix wiki seems to just blanketly say not to do it?

No risk. You shouldn’t do it because it won’t persist.

Ah, so even though I didn’t technically use the template for browsing, I should just delete it and make a new one to be safe?

No.

As far as i understand what whonix dev want is, you do everything in anon-whonix, open pdf, text, file or anything with whonix-15-dvm, so if the vm is hacked, they only have the dispvm.

anon-whonix is persistent! (see above)

Disposable qubes are based on whonix-ws-15-dvm and have names like “disp0983”. Those are not persistent.

You need to decide based on your use case and thread scenario whether you need persistence (anon-whonix) or whether you are better of to do everything in temporary / disposable qubes based on whonix-ws-15-dvm.

The reason why you shouldn’t use dvm for browsing, chatting, etc is ```Using a DispVM for the Whonix-Gateway ™ results in [non-persistent entry guards]

It is correct that you do not want to have disposable gateways (based on whonix-gw-15) for the reasons explained on the linked page. But you would NEVER do “browsing, chatting, etc” in the gateway, but only in a workstation (ws) qube. See above again for clarification of the different roles and capabilities.

gateway = proxy qube to connect to TOR network and provide network to workstation qubes
workstation = get’s network from a gateway qube and runs e.g. Tor Browser

YOU SHOULD USE DVM based on whonix-ws-15 for browsing (see previous answer).

I hope I could clarify some things for you. Here are a couple of pages I would recommend reading:

Please continue to ask questions until it is clear. Also note that there is a dedicated Whonix forum.

3 Likes

This make sense too.

Thank you for this, love the community and will absolutely ask more questions when they arise