Using Whonix via "untrusted" or via anon-whonix direct?


I have two questions about using whonix.

  1. If I use sys-whonix as the networkVM for (example) untrustedVM, I use just “normal” firefox within tor network. If I use anon-whonix as “untrustedVM”, then I use tor-browser within tor network AND I’m on whonix-woirkstation as well. So it’s not so useful to surf the web via tor network (or to surf onion network) with the “normal” firefox and “normal” fedora/debian. Therefore it’s better to surf directly via anon-whonix and to clone it for each VM I want to use tor within, isn’t it?

  2. If I want to have an extra circuit for each VM, where I use tor, I need to clone sys-whonix and make it the netVM for each anon-whonix-clone, right?

  3. using scripts in tor browser is the safe way to deanonymize myself. So it has no sense to use it for websites, which need scripting, isn’t it?

Best regards

yes, i guess

not really

hmm… the problem is, that the usability without the scripts is rather low. Is there any way to prevent deanonymization via scripts while using them? As I know… no way.

This is not how a helpful answer should look on a forum dedicated to strong user security/privacy. Please find a relevant link if you are not an expert.

@qun For the questions about Whonix, it’s probably better to consult the Whonix website and whonix forums.

In this case you leak your fingerprint and loose anonymity: Can websites track me across different qubes?.

Multiple Whonix-Workstation ™.

See also: Good News - Testing Tor Browser DispVMs Against New fingerprint.js Browser Fingerprinting.

Yes, Javascript can deanonymize you in very interesting ways. You probably can try to read the Javascript code and verify that it doesn’t do fingerprinting… Anyway, you’re definitely making it harder to deanonymize yourself by using Whonix, even with Javascript.

that because “i guess”, it make lot of difficult to find online resource

also, not just js can deanonymize you

If it’s too hard for your to find an online resource and you are not sure about the answer, you should let other (more knowledgeable) people reply. See also: Noise-to-signal ratio.

What else?

no js tracking
example? see what you posted above (search engine gave me terrible result )

oook… so it makes sense to use anon-whonixVM even with JS. Just to bring some stomes on the way to deanonymization and fingerprinting. The tor browser is also the must have against fingerprinting comparing to the “normal” firefox.

So for different tor circuit and maximized security I must clone the whonix-ws AND sys-whonix and not just sys-whonix and I shouldn’t use the cloned VMs simultaneously, right?

There I’m still “incognito” with tor browser from anon-whonix, even with standard security level. Whatever this “incognito” means.

This topic (fingerprinting / tracking) is a huge thing! I see, my understanding of that is out of date.

but do I also must clone the whonix-gw for the sys-whonix? So just clone everything and make a second whonix network with appVM2 on whonix-ws2, with netVM sys-whonix2 on whonix-gw2 with netVM the regular firewallVM.

It is much better than the using of the normal Firefox. So let’s talk about TailsOS (or any other security/privacy oriented OS) - you always will see a Tor Browser and an untrusted Browser there. Understand it that way: the Tor Browser is the Tor Browser and the untrusted Browser always is similar to a ‘normal’ Firefox.

You have to clone anon-whonix and sys-whonix, where both sys-whonix were pointing to sys-firewall as their netVM.

anon-shonix is based on the whonix-ws and sys-whonix on the whonix-gw. So compromised templates compromise every related appVM. As I understand, it makes sense to clone the whole “whonix-system” (all templates within).

It depends on your threat model. If you suspect that an adversary could compromise your templates (but how?), you should clone them of course.

Really a good question: “HOW could somethings compromise your templates?”
I guess in 2010 the Qubes team nearly worked their butts off, how they could make it happen, nothing could at any time compromise a template.

…why, me sitting here with the very strange feeling your templates use sys-net as netVM…

ok, makes sense… so it’s an overload on security in my case :smiley:

I can not explain your feelings, but my templates use no networking (just the “build in” connection to the update server). Just sys-firewall uses sys-net

Hi, for updating the system I use sys-whonix, and for surfing the network I use the created bundles: such as “untrusted-gw” and “untrusted-ws”. Based on whonix templates. Also, 2 more such bundles have been created for other tasks. When using them, I disable sys-whonix. If you suspect that one of the chains has been compromised, you can simply delete them. Just an experience.

ah, so you see a sense in cloning the whole whonix infrastructure… with also untrusted-sys-whonix (and untrusted-gw + untrusted-ws), as I understand. For the purpose of updates, it maby makes really sense. Just to have the complete clear path.

I do not clone the default whonix bundle, but create a new one based on templates, assigning priorities to them for use, be it “untrusted, money, etc”. Just using “sys” to update the system … “anon-ws” to load bridges for the rest of the “gw” s created.

so you mean, that there is a realistic threat model, that can compromise gw and ws?

Data Collection Techniques. interesting article about identification and data collection. I was guided by it. That is why I use different bundles for different tasks.

1 Like

wow… huge topic… hard to get through and keep everything in mind :smiley: