TOR Browser in Whonix app VM or Firefox ESR in Debian disposable VM?

What is the difference in terms of fingerprinting and anti-malware/security between using a Whonix app VM with the TOR Browser compared to a disposable Debian app VM with the Firefox ESR browser in Qubes OS?

Don’t both route 100% of traffic through TOR? Aren’t both non-persistent (if Debian VM is set to disposable)?

When I visit certain websites in TOR browser I get the cloudflare page saying “checking if you are human” and a “i am not a robot” captcha, but I can never get passed that and load the site. So, I think I cannot use TOR browser to visit these sites if they have cloudflare protection.

So, is Firefox ESR in a disposable a safe alternative?

1 Like

Whonix app VM with the TOR Browser in Qubes OS will route all the traffic through TOR, while a disposable Debian VM with Firefox ESR won’t do that unless specified.

Whoonix also has some additional features like stream isolation and resistance to fingerprinting. Overall, whoonix is usually a bit more secure, but firefox is much more convenient

1 Like

Ok. Do you have a solution to the problem of using TOR browser and getting blocked by Cloudflare?

This is a TOR problem and unrelated to Qubes.

These come up because Cloudflare, a large DNS infrastructure company, has detected that you are risky traffic. This is because the TOR network is used by bad actors for a multiplicity of things, including network attacks like (D)DoS. If you are using the same endpoint as such an attack, then you are blocked when they block the IP. Also, there are many websites that block TOR altogether. There isn’t really anything you can do except email whoever is blocking and politely ask that they stop.

1 Like