I’d like to use Tor browser in a non-whonix qube that uses whonix gw as a net qube. However, I don’t want my traffic to pass through Tor twice. How do I accomplish using Tor browser without having the qube route my traffic through Tor yet again?
Why is this? Using a non-Whonix NetVM would let Tor Browser manage its own Tor connection, wouldn’t it?
Yes. But I don’t want to use a non-whonix netvm.
First google hit gives me
At that point I would suggest changing your workflow and not doing so.
Maybe you’re misunderstanding. I want to use both tor browser and tor network.
That link should help you do exactly that, shouldn’t it? As long as your appvm still uses sys-whonix.
Oh wait, my bad. Or does it?
Oh I see. Now I understand. The only problem with this setup is that I’m pretty sure when you launch tor browser you also launch tor, and I’m trying to save resources. An extra tor instance is too much.
The question in the first place is why would you want do that and not use a whonix ws browser in the first place, since you can easily copy data from one qube to another.
I want a persistent setup tied to a particular identity. I’m trying to setup thunderbird to access an onion email provider. I’d like to have a browser in the same qube that can access onion websites.
I woud suggest a new appvm then, based on whonix workstation with sys-whonix as netvm.
1 Like
I woud suggest a new appvm then, based on whonix workstation with sys-whonix as netvm.
This would indeed be the proper Qubes-way of doing things. You could also clone anon-whonix, but creating a new AppVM based on whonix-ws-16 or whonix-workstation-17 is better.
Does anon-whonix work in the same way? Could I use it for this purpose?
Yes, anon-whonix is an AppVM (meaning it has a persistent private volume) based on the Whonix workstation template.
According to anonymousplanet, Brave is arguably better at fingerprinting resistance than Tor Browser, so recommended choice as disp-VM of default browser.
So I think, Brave order to use making account on only disp-VM over VPN, keep of user anonymously.
Using sign up to VPN or Mail accounts, user must be make on whonix!
disp-VM(Using Brave) > sys-VPN(VPN account makes on Whonix) > sys-firewall > sys-net > access to sign up page(Using mail account makes on Whonix)
Reason of need VPN, many services are blocking from tor access.
If service don’t block to tor, unnecessary VPN, user had better to use only Brave tor tab.
Firstly user clones debian-12-template, and install Brave in this template(It call Brave-template here).
Installing in Brave-template is Brave only, if user needs to other app, they install and run other template.
Because block template-VM fingerprint.
If user fiest language is Hindi, user is setting Hindi as system language of template-VM, this is abused template-VM fingerprint.
So if user hope keep anonymously, must use vanilla template.
Secondly AppVM make from Brave-template.
This AppVM become to exclusive for Brave.
Next user runs Brave on AppVM, and settings change.
Danger of security and privacy settings disable all, hardening Brave.
Ending Harden, Brave makes many unnecessary files, they are most likely to commit browser and AppVM fingerprint.
Because user deletes all unnecessary files, AppVM change to disp-VM(It call disp-Brave here).
Process of unnecessary files deleting guide is this topic:
Pros of disp-Brave are not only block browser and AppVM fingerprint.
Brave has previous of change default settings without user permission, but disp-Brave can block from this threat.
Brave on disp-Brave is block from template-VM, AppVM, browser fingerprints, block threat from Brave.
And this is not need to security and privacy settings every time, user runs clean Brave one click.
Time of creating account only, Brave on disp-Brave with tor or VPN is safely Tor Browser on Whonix.
User must not use Brave other time, for sure!
Ending account create, if user hope keep anonymously, user must not use Brave for log in.
If this service is blocking tor access, user should be use Mullvad Browser over VPN.
Or if user cannot use Whonix for a reason, alternative way is debian-12-minimal template distromorph to Parrot Security(Parrot OS).
Parrot is excellent than Kali as daily os.
Kali is distro in order to penetration test, so security nightmare, but Parrot has many great privacy app, if user purges all penetration tools, and install parrot-meta-privacy meta package, can use as great security and privacy distro.
For example Anonsurf is tor and i2p kill switch, all other than tor or i2p connections are kill.
User runs Anonsurf on Parrot, all clearnet conections are killing.
If Onionshare run on Whonix, user must change setting of Whonix Gateway, this is security crisis, so if user hope use onionshare on Qubes OS, Parrot is safely distro than Whonix.
If user runs Anonsurf, user can also use safely Tor Browser.
However v4.12, debian-11 distromorph to Parrot guide in Parrot wiki, user can be distromorph to debian-12-minimal template to Parrot as secure distro without penetration tools on Qubes OS v4.2.